{"id":46,"date":"2025-06-25T09:42:12","date_gmt":"2025-06-25T09:42:12","guid":{"rendered":"https:\/\/tham098.thamtuuytin.org\/?p=46"},"modified":"2025-06-25T09:42:12","modified_gmt":"2025-06-25T09:42:12","slug":"cloud-access-security-broker-casb-bridging-security-gaps-in-the-cloud-era","status":"publish","type":"post","link":"https:\/\/tham098.thamtuuytin.org\/?p=46","title":{"rendered":"Cloud Access Security Broker (CASB): Bridging Security Gaps in the Cloud Era"},"content":{"rendered":"<p data-start=\"354\" data-end=\"622\">As organizations increasingly rely on cloud services like Microsoft 365, Google Workspace, Salesforce, and Slack, their traditional security perimeter dissolves. IT teams lose visibility and control over where sensitive data goes, who accesses it, and how it\u2019s shared.<\/p>\n<p data-start=\"624\" data-end=\"748\">This is where <strong data-start=\"638\" data-end=\"679\">Cloud Access Security Brokers (CASBs)<\/strong> step in \u2014 as <strong data-start=\"693\" data-end=\"747\">the control point between users and cloud services<\/strong>.<\/p>\n<p data-start=\"750\" data-end=\"881\">Whether you&#8217;re securing sanctioned SaaS apps or mitigating the risks of shadow IT, <strong data-start=\"833\" data-end=\"881\">CASB is essential for modern cloud security.<\/strong><\/p>\n<hr data-start=\"883\" data-end=\"886\" \/>\n<h2 data-start=\"888\" data-end=\"906\">What Is a CASB?<\/h2>\n<p data-start=\"908\" data-end=\"1101\">A <strong data-start=\"910\" data-end=\"949\">Cloud Access Security Broker (CASB)<\/strong> is a security solution that <strong data-start=\"978\" data-end=\"1032\">sits between cloud service consumers and providers<\/strong> to enforce enterprise security, compliance, and governance policies.<\/p>\n<p data-start=\"1103\" data-end=\"1208\">CASBs provide <strong data-start=\"1117\" data-end=\"1181\">visibility, data security, threat protection, and compliance<\/strong> across cloud applications.<\/p>\n<p data-start=\"1210\" data-end=\"1245\">They can be deployed in four modes:<\/p>\n<ul data-start=\"1247\" data-end=\"1355\">\n<li data-start=\"1247\" data-end=\"1278\">\n<p data-start=\"1249\" data-end=\"1278\"><strong data-start=\"1249\" data-end=\"1276\">API-based (out-of-band)<\/strong><\/p>\n<\/li>\n<li data-start=\"1279\" data-end=\"1307\">\n<p data-start=\"1281\" data-end=\"1307\"><strong data-start=\"1281\" data-end=\"1305\">Proxy-based (inline)<\/strong><\/p>\n<\/li>\n<li data-start=\"1308\" data-end=\"1327\">\n<p data-start=\"1310\" data-end=\"1327\"><strong data-start=\"1310\" data-end=\"1325\">Agent-based<\/strong><\/p>\n<\/li>\n<li data-start=\"1328\" data-end=\"1355\">\n<p data-start=\"1330\" data-end=\"1355\"><strong data-start=\"1330\" data-end=\"1355\">Log-based (discovery)<\/strong><\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"1357\" data-end=\"1360\" \/>\n<h2 data-start=\"1362\" data-end=\"1393\">Why CASB Is Critical in 2025<\/h2>\n<ul data-start=\"1395\" data-end=\"1715\">\n<li data-start=\"1395\" data-end=\"1465\">\n<p data-start=\"1397\" data-end=\"1465\"><strong data-start=\"1397\" data-end=\"1427\">SaaS adoption is exploding<\/strong>: most companies use &gt;100 cloud apps<\/p>\n<\/li>\n<li data-start=\"1466\" data-end=\"1536\">\n<p data-start=\"1468\" data-end=\"1536\"><strong data-start=\"1468\" data-end=\"1492\">Shadow IT is rampant<\/strong>: users bypass IT to use unsanctioned apps<\/p>\n<\/li>\n<li data-start=\"1537\" data-end=\"1585\">\n<p data-start=\"1539\" data-end=\"1585\"><strong data-start=\"1539\" data-end=\"1583\">Sensitive data moves freely in the cloud<\/strong><\/p>\n<\/li>\n<li data-start=\"1586\" data-end=\"1642\">\n<p data-start=\"1588\" data-end=\"1642\"><strong data-start=\"1588\" data-end=\"1640\">Insider threats and misconfigurations are common<\/strong><\/p>\n<\/li>\n<li data-start=\"1643\" data-end=\"1715\">\n<p data-start=\"1645\" data-end=\"1715\"><strong data-start=\"1645\" data-end=\"1715\">Regulatory pressure (e.g., GDPR, HIPAA, ISO 27001) demands control<\/strong><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1717\" data-end=\"1815\">CASBs give security teams <strong data-start=\"1743\" data-end=\"1783\">the visibility and control they need<\/strong> \u2014 without slowing productivity.<\/p>\n<hr data-start=\"1817\" data-end=\"1820\" \/>\n<h2 data-start=\"1822\" data-end=\"1860\">Core Capabilities of CASB Platforms<\/h2>\n<ol data-start=\"1862\" data-end=\"2611\">\n<li data-start=\"1862\" data-end=\"2000\">\n<p data-start=\"1865\" data-end=\"1886\"><strong data-start=\"1865\" data-end=\"1884\">Cloud Discovery<\/strong><\/p>\n<ul data-start=\"1890\" data-end=\"2000\">\n<li data-start=\"1890\" data-end=\"1954\">\n<p data-start=\"1892\" data-end=\"1954\">Identify all cloud apps in use (sanctioned and unsanctioned)<\/p>\n<\/li>\n<li data-start=\"1958\" data-end=\"2000\">\n<p data-start=\"1960\" data-end=\"2000\">Analyze usage patterns and risk profiles<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2002\" data-end=\"2147\">\n<p data-start=\"2005\" data-end=\"2032\"><strong data-start=\"2005\" data-end=\"2030\">Data Security and DLP<\/strong><\/p>\n<ul data-start=\"2036\" data-end=\"2147\">\n<li data-start=\"2036\" data-end=\"2090\">\n<p data-start=\"2038\" data-end=\"2090\">Scan data in cloud apps for PII, PCI, IP, and more<\/p>\n<\/li>\n<li data-start=\"2094\" data-end=\"2147\">\n<p data-start=\"2096\" data-end=\"2147\">Enforce encryption, redaction, or blocking policies<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2149\" data-end=\"2303\">\n<p data-start=\"2152\" data-end=\"2195\"><strong data-start=\"2152\" data-end=\"2193\">Access Control and Policy Enforcement<\/strong><\/p>\n<ul data-start=\"2199\" data-end=\"2303\">\n<li data-start=\"2199\" data-end=\"2252\">\n<p data-start=\"2201\" data-end=\"2252\">Set rules based on user, device, location, or app<\/p>\n<\/li>\n<li data-start=\"2256\" data-end=\"2303\">\n<p data-start=\"2258\" data-end=\"2303\">Allow, deny, or quarantine specific behaviors<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2305\" data-end=\"2451\">\n<p data-start=\"2308\" data-end=\"2331\"><strong data-start=\"2308\" data-end=\"2329\">Threat Protection<\/strong><\/p>\n<ul data-start=\"2335\" data-end=\"2451\">\n<li data-start=\"2335\" data-end=\"2396\">\n<p data-start=\"2337\" data-end=\"2396\">Detect compromised accounts, malware, and risky behaviors<\/p>\n<\/li>\n<li data-start=\"2400\" data-end=\"2451\">\n<p data-start=\"2402\" data-end=\"2451\">Integrate with threat intelligence and UEBA tools<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"2453\" data-end=\"2611\">\n<p data-start=\"2456\" data-end=\"2483\"><strong data-start=\"2456\" data-end=\"2481\">Compliance Management<\/strong><\/p>\n<ul data-start=\"2487\" data-end=\"2611\">\n<li data-start=\"2487\" data-end=\"2553\">\n<p data-start=\"2489\" data-end=\"2553\">Map activity and data handling to frameworks like HIPAA, SOC 2<\/p>\n<\/li>\n<li data-start=\"2557\" data-end=\"2611\">\n<p data-start=\"2559\" data-end=\"2611\">Generate audit reports and policy coverage summaries<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<hr data-start=\"2613\" data-end=\"2616\" \/>\n<h2 data-start=\"2618\" data-end=\"2635\">CASB Use Cases<\/h2>\n<ul data-start=\"2637\" data-end=\"2942\">\n<li data-start=\"2637\" data-end=\"2688\">\n<p data-start=\"2639\" data-end=\"2688\"><strong data-start=\"2639\" data-end=\"2686\">Preventing data exfiltration via cloud apps<\/strong><\/p>\n<\/li>\n<li data-start=\"2689\" data-end=\"2771\">\n<p data-start=\"2691\" data-end=\"2771\"><strong data-start=\"2691\" data-end=\"2769\">Blocking uploads of confidential files to personal Dropbox or Google Drive<\/strong><\/p>\n<\/li>\n<li data-start=\"2772\" data-end=\"2822\">\n<p data-start=\"2774\" data-end=\"2822\"><strong data-start=\"2774\" data-end=\"2820\">Enforcing MFA for high-risk cloud activity<\/strong><\/p>\n<\/li>\n<li data-start=\"2823\" data-end=\"2886\">\n<p data-start=\"2825\" data-end=\"2886\"><strong data-start=\"2825\" data-end=\"2884\">Detecting abnormal login patterns across SaaS platforms<\/strong><\/p>\n<\/li>\n<li data-start=\"2887\" data-end=\"2942\">\n<p data-start=\"2889\" data-end=\"2942\"><strong data-start=\"2889\" data-end=\"2942\">Applying DLP to Microsoft 365, G Suite, and Slack<\/strong><\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"2944\" data-end=\"2947\" \/>\n<h2 data-start=\"2949\" data-end=\"2982\">Leading CASB Solutions in 2025<\/h2>\n<h3 data-start=\"2984\" data-end=\"3046\">1. <strong data-start=\"2991\" data-end=\"3044\">Microsoft Defender for Cloud Apps (formerly MCAS)<\/strong><\/h3>\n<ul data-start=\"3047\" data-end=\"3239\">\n<li data-start=\"3047\" data-end=\"3096\">\n<p data-start=\"3049\" data-end=\"3096\">Deep integration with Microsoft 365 and Azure<\/p>\n<\/li>\n<li data-start=\"3097\" data-end=\"3139\">\n<p data-start=\"3099\" data-end=\"3139\">Real-time control and session policies<\/p>\n<\/li>\n<li data-start=\"3140\" data-end=\"3194\">\n<p data-start=\"3142\" data-end=\"3194\">Powerful DLP, threat detection, and app governance<\/p>\n<\/li>\n<li data-start=\"3195\" data-end=\"3239\">\n<p data-start=\"3197\" data-end=\"3239\">Built-in analytics and shadow IT discovery<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3241\" data-end=\"3244\" \/>\n<h3 data-start=\"3246\" data-end=\"3272\">2. <strong data-start=\"3253\" data-end=\"3270\">Netskope CASB<\/strong><\/h3>\n<ul data-start=\"3273\" data-end=\"3416\">\n<li data-start=\"3273\" data-end=\"3308\">\n<p data-start=\"3275\" data-end=\"3308\">Inline and API-based protection<\/p>\n<\/li>\n<li data-start=\"3309\" data-end=\"3342\">\n<p data-start=\"3311\" data-end=\"3342\">Covers thousands of SaaS apps<\/p>\n<\/li>\n<li data-start=\"3343\" data-end=\"3369\">\n<p data-start=\"3345\" data-end=\"3369\">Context-aware policies<\/p>\n<\/li>\n<li data-start=\"3370\" data-end=\"3416\">\n<p data-start=\"3372\" data-end=\"3416\">Seamless integration with SWG, ZTNA, and DLP<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3418\" data-end=\"3421\" \/>\n<h3 data-start=\"3423\" data-end=\"3475\">3. <strong data-start=\"3430\" data-end=\"3473\">McAfee MVISION Cloud (Skyhigh Security)<\/strong><\/h3>\n<ul data-start=\"3476\" data-end=\"3645\">\n<li data-start=\"3476\" data-end=\"3516\">\n<p data-start=\"3478\" data-end=\"3516\">Advanced encryption and tokenization<\/p>\n<\/li>\n<li data-start=\"3517\" data-end=\"3561\">\n<p data-start=\"3519\" data-end=\"3561\">Deep forensic analysis and activity logs<\/p>\n<\/li>\n<li data-start=\"3562\" data-end=\"3599\">\n<p data-start=\"3564\" data-end=\"3599\">Supports IaaS and PaaS protection<\/p>\n<\/li>\n<li data-start=\"3600\" data-end=\"3645\">\n<p data-start=\"3602\" data-end=\"3645\">Compliance rule sets for global regulations<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3647\" data-end=\"3650\" \/>\n<h3 data-start=\"3652\" data-end=\"3680\">4. <strong data-start=\"3659\" data-end=\"3678\">Cisco Cloudlock<\/strong><\/h3>\n<ul data-start=\"3681\" data-end=\"3849\">\n<li data-start=\"3681\" data-end=\"3710\">\n<p data-start=\"3683\" data-end=\"3710\">Agentless, API-based CASB<\/p>\n<\/li>\n<li data-start=\"3711\" data-end=\"3761\">\n<p data-start=\"3713\" data-end=\"3761\">Designed for Google Workspace, Salesforce, Box<\/p>\n<\/li>\n<li data-start=\"3762\" data-end=\"3805\">\n<p data-start=\"3764\" data-end=\"3805\">Threat detection using machine learning<\/p>\n<\/li>\n<li data-start=\"3806\" data-end=\"3849\">\n<p data-start=\"3808\" data-end=\"3849\">Easy policy customization and enforcement<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3851\" data-end=\"3854\" \/>\n<h3 data-start=\"3856\" data-end=\"3894\">5. <strong data-start=\"3863\" data-end=\"3892\">Bitglass (Forcepoint ONE)<\/strong><\/h3>\n<ul data-start=\"3895\" data-end=\"4077\">\n<li data-start=\"3895\" data-end=\"3955\">\n<p data-start=\"3897\" data-end=\"3955\">Unified cloud security platform with CASB, SWG, and ZTNA<\/p>\n<\/li>\n<li data-start=\"3956\" data-end=\"3987\">\n<p data-start=\"3958\" data-end=\"3987\">Real-time inline protection<\/p>\n<\/li>\n<li data-start=\"3988\" data-end=\"4027\">\n<p data-start=\"3990\" data-end=\"4027\">Built-in DLP and malware protection<\/p>\n<\/li>\n<li data-start=\"4028\" data-end=\"4077\">\n<p data-start=\"4030\" data-end=\"4077\">Supports managed and unmanaged device scenarios<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"4079\" data-end=\"4082\" \/>\n<h2 data-start=\"4084\" data-end=\"4130\">CASB vs SWG vs ZTNA: What&#8217;s the Difference?<\/h2>\n<div class=\"_tableContainer_16hzy_1\">\n<div class=\"_tableWrapper_16hzy_14 group flex w-fit flex-col-reverse\" tabindex=\"-1\">\n<table class=\"w-fit min-w-(--thread-content-width)\" data-start=\"4132\" data-end=\"4828\">\n<thead data-start=\"4132\" data-end=\"4270\">\n<tr data-start=\"4132\" data-end=\"4270\">\n<th data-start=\"4132\" data-end=\"4161\" data-col-size=\"sm\">Feature<\/th>\n<th data-start=\"4161\" data-end=\"4194\" data-col-size=\"sm\">CASB<\/th>\n<th data-start=\"4194\" data-end=\"4230\" data-col-size=\"sm\">SWG (Secure Web Gateway)<\/th>\n<th data-start=\"4230\" data-end=\"4270\" data-col-size=\"sm\">ZTNA (Zero Trust Network Access)<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"4410\" data-end=\"4828\">\n<tr data-start=\"4410\" data-end=\"4549\">\n<td data-start=\"4410\" data-end=\"4439\" data-col-size=\"sm\">Focus<\/td>\n<td data-start=\"4439\" data-end=\"4473\" data-col-size=\"sm\">SaaS and cloud data control<\/td>\n<td data-start=\"4473\" data-end=\"4509\" data-col-size=\"sm\">Web traffic filtering<\/td>\n<td data-start=\"4509\" data-end=\"4549\" data-col-size=\"sm\">Secure access to private apps<\/td>\n<\/tr>\n<tr data-start=\"4550\" data-end=\"4688\">\n<td data-start=\"4550\" data-end=\"4579\" data-col-size=\"sm\">User visibility<\/td>\n<td data-start=\"4579\" data-end=\"4612\" data-col-size=\"sm\">Per app\/user\/file<\/td>\n<td data-start=\"4612\" data-end=\"4648\" data-col-size=\"sm\">Domain\/URL-based<\/td>\n<td data-start=\"4648\" data-end=\"4688\" data-col-size=\"sm\">App-level per session<\/td>\n<\/tr>\n<tr data-start=\"4689\" data-end=\"4828\">\n<td data-start=\"4689\" data-end=\"4718\" data-col-size=\"sm\">Best for<\/td>\n<td data-start=\"4718\" data-end=\"4752\" data-col-size=\"sm\">Data security in cloud apps<\/td>\n<td data-start=\"4752\" data-end=\"4788\" data-col-size=\"sm\">Blocking malicious websites<\/td>\n<td data-start=\"4788\" data-end=\"4828\" data-col-size=\"sm\">Replacing VPNs for internal access<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"sticky end-(--thread-content-margin) h-0 self-end select-none\">\n<div class=\"absolute end-0 flex items-end\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p data-start=\"4830\" data-end=\"4937\">Many organizations <strong data-start=\"4849\" data-end=\"4880\">combine CASB, SWG, and ZTNA<\/strong> under a <strong data-start=\"4889\" data-end=\"4926\">SASE (Secure Access Service Edge)<\/strong> framework.<\/p>\n<hr data-start=\"4939\" data-end=\"4942\" \/>\n<h2 data-start=\"4944\" data-end=\"4980\">Challenges in CASB Implementation<\/h2>\n<ul data-start=\"4982\" data-end=\"5191\">\n<li data-start=\"4982\" data-end=\"5027\">\n<p data-start=\"4984\" data-end=\"5027\"><strong data-start=\"4984\" data-end=\"5003\">Too many alerts<\/strong> without proper tuning<\/p>\n<\/li>\n<li data-start=\"5028\" data-end=\"5072\">\n<p data-start=\"5030\" data-end=\"5072\"><strong data-start=\"5030\" data-end=\"5044\">API limits<\/strong> for real-time enforcement<\/p>\n<\/li>\n<li data-start=\"5073\" data-end=\"5114\">\n<p data-start=\"5075\" data-end=\"5114\"><strong data-start=\"5075\" data-end=\"5094\">User resistance<\/strong> to inline proxies<\/p>\n<\/li>\n<li data-start=\"5115\" data-end=\"5156\">\n<p data-start=\"5117\" data-end=\"5156\"><strong data-start=\"5117\" data-end=\"5132\">Blind spots<\/strong> for unmanaged devices<\/p>\n<\/li>\n<li data-start=\"5157\" data-end=\"5191\">\n<p data-start=\"5159\" data-end=\"5191\"><strong data-start=\"5159\" data-end=\"5191\">Shadow IT bypassing controls<\/strong><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5193\" data-end=\"5346\">To succeed, align CASB rollout with <strong data-start=\"5229\" data-end=\"5274\">security, IT, and user productivity goals<\/strong>. Start with <strong data-start=\"5287\" data-end=\"5304\">app discovery<\/strong>, then move to <strong data-start=\"5319\" data-end=\"5345\">risk-based enforcement<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As organizations increasingly rely on cloud services like Microsoft 365, Google Workspace, Salesforce, and Slack, their traditional security perimeter dissolves. IT teams lose visibility and control over where sensitive data goes, who accesses it, and how it\u2019s shared. This is&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46"}],"version-history":[{"count":1,"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":47,"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=\/wp\/v2\/posts\/46\/revisions\/47"}],"wp:attachment":[{"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tham098.thamtuuytin.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}