With the advent of more and more malware and viruses attempting to attack your business from seemingly the far corners of the earth, many are recommending cloud computing as the best way to keep your business safely running while making absolutely positively sure your data stays safe and secure. Of course, the malware and virus creators aren’t just standing by to watch you escape from their tentacles. If there’s a way to attack you in the cloud, somebody will try and figure out a way to do it.
Gartner, the American research and advisory firm, has a solution. They call it the Cloud Access Security Broker. CASB describes a specific set of cloud security solutions that provide protection against the multitude of ways the malware and virus creators use to gain access to your data in the cloud.
CASB solutions are designed to fill in many of the security gaps that the evil doers are looking for in individual cloud services. It allows information security experts to keep tabs on cloud services and set policy, oversee behavior, and control risk across all of the major cloud services.
A CASB has the capability of consolidating multiple types of security policy. It covers user authentication, authorisation, single sign on, device profiling, encryption, alerting, logging, and of course malware detection and prevention.
OAuth is one of the most recent attacks that CASB is designed to prevent. The attack begins with a simple email that invites the target to join the sender in collaborating on a Google Doc. The email appears to be from a known contact, but it’s not. Once the “Open in Docs” link is opened, the user is redirected to a Google OAuth 2.0 page, ostensibly to authorise collaborating on the “Google Docs” application. However, in reality, this is a fake application that spoofs Google Docs by the actual sender of the email.
At this point, the application asks the user for access to his email and contact information to provide a path to expand both organically virally. The attacker then uses this information to spread virally.
Another attack that CASB can prevent is phishing campaigns like the Gmail Worm. An attacker will bcc a target with a campaign that appears to be sent to a legitimate email address taken from the user’s address book. The message will contain an “Open in Docs” link that directs the recipient to a valid Google site which requires a log-in. Once the site is entered, a bogus service typically called “Google Docs” will request permission to “read, send, delete, and manage” contacts and email. In actuality, this is a legitimate request. It’s part of many applications that use Google as an authentication mechanism. What is not normal are the permissions that are being requested.
CASB is designed to provide businesses with a critical control point that secures cloud services across many different cloud providers. A CASB vendor also gives businesses visibility into both authorised as well as non-authorised cloud usage. A CASB can monitor data traffic from the cloud platform or corporate network, help with any compliance issues, and keep unauthorised users, apps and devices from being able to access cloud services.
As far as data security is concerned, A CASB basically takes over control of a business’s data security policies so that any unwanted activity is prevented. A CASB can also monitor and control every user’s activities when they access cloud services from mobile or desktop apps or sync clients, and monitor privileged accounts to prevent unauthorised activity.
By keeping malware in check, CASBs detect and alert businesses about unusual user logins and monitor excessive uploads and downloads or the sharing of cloud services among employees.
A CASB can run from the premises of your business or from the cloud. They can be set up as proxies (forward or reverse) or work in API mode. Businesses will often run more than one CASB when one may be more efficient than another in different applications.
There’s been significant growth recently in the CASB market. With more and more cloud-based applications being used, CASBs have become increasingly valuable assets for businesses who have adopted multiple cloud services and want to transfer sensitive date to and from the cloud.