📖 What is Cloud Access Security Broker (CASB)?
A Cloud Access Security Broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. It enforces security, compliance, and governance policies for cloud-based applications and services.
"Think of a CASB as a "firewall for the cloud" that provides visibility into "Shadow IT" and unauthorized cloud app usage."
📚 Certification: CompTIA Security+ Certification Exam (SY0-701)
🔑 What are the Key Concepts of Cloud Access Security Broker (CASB)?
- ▸ Shadow IT Discovery: CASBs provide visibility into unauthorized cloud applications used by employees, allowing administrators to identify and block risky, unmanaged services.
- ▸ Data Loss Prevention (DLP): They monitor data transfers to the cloud, preventing sensitive information like PII or PHI from being uploaded to unauthorized locations.
- ▸ Compliance Enforcement: CASBs ensure cloud usage aligns with regulatory requirements by enforcing consistent security policies across multiple disparate cloud service providers.
- ▸ Threat Protection: By analyzing user behavior and API calls, CASBs can detect anomalous activity, such as account takeovers or unusual data exfiltration patterns.
- ▸ Deployment Architectures: CASBs can be deployed as forward proxies, reverse proxies, or via API integrations to balance real-time control with comprehensive visibility.
🎯 How does Cloud Access Security Broker (CASB) appear on the SY0-701 Exam?
You may be asked to identify the best tool for a company that needs to discover which unauthorized SaaS applications their employees are using to store corporate data.
A scenario might describe a need to prevent sensitive credit card data from being uploaded to a public cloud storage provider while maintaining a detailed audit trail.
Expect questions where you must distinguish between a CASB and a traditional firewall when the primary goal is governing data movement within cloud-native environments.
❓ Frequently Asked Questions
How does a CASB differ from a traditional network firewall?
Traditional firewalls manage traffic based on IP addresses and ports at the perimeter. CASBs operate at the application layer, focusing on cloud-specific API calls, user identities, and data content.
What is the trade-off between API-based and Proxy-based CASB deployments?
Proxy-based CASBs provide real-time blocking and control but can introduce latency. API-based CASBs offer better visibility and no latency but typically operate asynchronously, detecting issues after they occur.