What Are Cloud Access Security Brokers?
Many small businesses are turning to cloud services thanks to their lower costs and improved accessibility. For example, Google Apps for Business lets small businesses easily access and share documents, store files and accomplish many other tasks from any device or location at a fraction of the cost of on-premise enterprise solutions — just $5 per month, per person.
The challenge for small businesses moving from on-premise options to cloud solutions is keeping track of what data exists across these services and who has access to it. Without knowing these things, it's easy for small businesses to inadvertently experience a data breach from an employee using a rogue cloud service or unauthorized device.
Cloud access security brokers, or CASBs, address these issues by serving as a middleman between a small business’ internal network of devices and external cloud services. In addition to analyzing the data passed between, CASBs can proactively restrict access or ensure that data is properly protected before transferring it.
Cloud services improve accessibility and lower costs, but they also create new cybersecurity challenges. Let's take a look at what CASBs are, whether your small business needs one, how to find the best options and how they fit with your existing cybersecurity solutions.
What Are CASBs?
Cloud access security brokers, or CASBs, cloud-based software solutions that sit between a business and a cloud service provider to enforce security, compliance and governance policies. Often times, these solutions are proxy servers that sit between an organization's internal network and devices and the outside world's cloud services.
Gartner reckons that less than 10 percent of large enterprises used a CASB to govern their cloud services in 2017, but by 2020, the research firm believes that figure will rise to 60 percent, as companies continue to move critical software from on-premise into the cloud.
There are many different areas where CASBs can help control risk:
Identify rogue cloud services that could pose a risk to the organization, such as an employee using an unauthorized Dropbox account to share files.
Prevent certain types of data from being uploaded without encryption, such as healthcare records to comply with HIPAA data privacy regulations.
Enforce data access restrictions based on device or location, such as limiting data access to company-provided computers rather than an employee's own devices.
Do You Need a CASB?
Many businesses already have cybersecurity solutions in place. For example, web application firewalls, or WAFs, may only allow access to certain web applications or secure backup solutions may safeguard data. While these solutions could theoretically accomplish the same goal, it would require an impossible level of configuration and maintenance to be fully secure.
Download our free Checklist of Popular CASB Solutions for Small Businesses to start your search.
Cloud access security brokers act as a central data authentication and encryption hub for everything that your organization touches. Since every cloud application and client connects through them, there's very little configuration necessary and instant insights are available for security personnel. It's much easier to see threats and protect data across cloud services.
The big question for small businesses is whether the benefits outweigh the costs. As with many enterprise solutions, many CASBs can have a high price tag and require someone to analyze the insights. Small businesses with few employees, limited cloud services and unregulated businesses may not require intensive CASB solutions — but others should consider it.
How to Find a CASB
Many different cloud access security brokers have emerged over the past decade, ranging from well-known enterprise providers to companies with bolt-on solutions to brand new startups. When deciding between these options, it's important to take several factors into consideration, including the cost, functionality and support for your cloud infrastructure.
The four most important factors to consider when choosing include:
Case coverage - The CASB that you select should have solutions designed for the cloud services that you use, such as Microsoft Office 365 or Dropbox.
Deployment modalities - CASB solutions are generally available as forward proxies (e.g. VPN clients), reverse proxies or APIs (e.g. connected directly to cloud services).
IaaS security - Businesses using IaaS solutions may want to ensure that CASBs provide coverage for those applications in addition to their standard cloud services.
Cost - CASB provides charge anywhere from tens of thousands of dollars for on-premise solutions to $15 per user per year for basic protection of just a few apps.
Keep Your Existing Solutions
Cloud access data brokers are helpful for getting a handle on cloud services, but they aren't a replacement for your existing cybersecurity solutions. You still need a firewall, antivirus, anti-malware, secure backup and other cybersecurity services to keep your business and data protected on a day-to-day basis, along with effective training and policies.
Don't forget to download our free checklist of popular CASB solutions for small businesses to start your search.
Jungle Disk provides a cybersecurity suite that's designed specifically for businesses with less than 250 employees. With a simple per-employee, per-month pricing model, you can instantly access active network protection, secure backup, password management and other cybersecurity tools that make it easy to prevent data breaches.
The Bottom Line
Many small businesses are transitioning to cloud services to lower their costs and easily share data across locations and devices. While these cloud services simplify small business operations, they increase exposure to critical cybersecurity risks — especially for regulated industries like healthcare or finance.
Cloud access security brokers help mitigate these risks by providing insights into what cloud services are being used, where they are being accessed and what data is stored or transacted with them. CASBs can even ensure that all sensitive data is encrypted and block unauthorized access based on device or location.