Hi folks, Ed Amoroso here.
And in this video I want to introduce a security component for cloud that's
referred to as a Cloud Access Security Broker, CASB.
And what we do is we just call it CASB.
It's a term that actually was invented by the Gartner company.
I always liked it.
I thought is was a good way of describing the concept.
Let me see if I can motivate.
So you've got users that are normally just hitting applications and
workloads on a LAN inside an enterprise.
There's really no need for doing security arbitration in the midst of that path.
Inside the firewall, it is what it is.
And we've had that model for 25 years.
As those applications move to public clouds,
we suddenly have the obligation to fix them.
And in other videos we've talked about the possibility of maybe introducing
something called a micro-segment,
which is essentially a container that we build around an app or a workload.
And we can introduce virtual appliances into that container environment to
protect natively and to shrinkwrap some sort of protection around that app.
But what if I've got lots of different clouds scattered all over the place, and
I’m using workload hosting on five or six or ten different clouds?
And I want to impose one type of protection.
Let's say I want to do common intrusion prevention for all of them.
Well, if I do that and I have the micro-segmented model,
then I'm obliged to put the security in [LAUGH] each of those micro-segments.
Right, if I have an IPS in 25 different micro-segments,
I have to orchestrate rule changes for all of those.
That may not be your favorite thing to do.
What a CASB does is it potentially sits in the middle,
serving as a broker, a security broker, potentially for multiple clouds.
There's some nice man in the middle of security functions.
You can see a diagram here where we have a user hitting a cloud that does
have micro-segmented protections, virtual firewall, virtual IPS.
We show a physical firewall sitting there in front of the cloud service provider
to stop stray garbage from maybe coming into the cloud LAN.
And now we've introduced another layer.
The CASB sits between the user and the cloud and multiple clouds,
providing access control, monitoring, logging, auditing.
All sorts of nice capabilities can go right into that very common function
that supports multiple clouds, multiple heterogeneous clouds.
In fact, they could be from different vendors, different service providers, so
extremely powerful concept.
One of the things I particularly like about CASB is that it provides one stop
shopping for auditors and for compliance managers.
So for example,
if I wanted to have a pretty good understanding of who's accessing cloud,
which of my enterprise users are hitting cloud when, under which conditions?
What are they doing?
A CASB can sit there and develop that kind of telemetry that gives me a good
understanding of who's using the hybrid environment and for what purpose.
So definitely a tool that I think has not only taken root in most cybersecurity
architectures, but I think it's going to be an important component moving
forward as users try to hit containerized environments and clouds.
So I've got a little quiz here.
The answer is none of the above.
I mean, these are not the the kinds of things that drive a CASB.
The kinds of things that do drive a CASB would be a multiple cloud environment,
heterogeneous.
Some requirements that you would like to be able to impose in a common way
across multiple containers without having to touch each micro-segment individually.
So CASBs are very useful for that, and yeah, they do support compliance.
But certainly none of these different components in the quiz, I think,
justified the answer.
So it would be none of the above.
I hope that's helped your understanding of CASB.
And as you continue in your learning,
you'll see how vital a CASB is to a security architecture.
Thanks, we'll see you in the next one.
Dr. Edward G. AmorosoResearch Professor, NYU and CEO, TAG Cyber LLC
