What is CASB(Cloud Access Security Brokers) ? Why need CASB?
" CASB is a solution to provide cloud access controls and visibility, acts as a gatekeeper. "
因今年發生covid-19,work form home(or everywhere) 越來越普遍,各種 NB, Phone, iPad 等managed 或un-managed Devices 現在就更容易就接上公司網路。
另外,近幾年各式各樣的Cloud App ( ex. zoom, salesforce, dropbox, Box....) 和 Cloud platform storage ( ex. AWS S3) 也廣泛地被使用,資料也都座落在這些Cloud storage上(雖然這些資料還是屬於自己的)。
因為這幾個趨勢,造成組織內部security 管理上複雜維度與風險的急遽升高,對於sensitive data 的控制越來越困難,也因此CASB 的重要性隨之升高。
CASB 非取代 SWG, FWaaS 等技術,而是一種補充與加強。
以組織管理的角度來看,Cloud App的部分可區分為Sanctioned app 與 un-sanctioned app兩類。
/
CASB的市場價值預估
Gartner 預估2018~2023年,將會有 41% 成長率。
Market is forecast to reach 870 million U.S. dollars in size worldwide in 2019 and 3800 million U.S. dollars in 2023. ( refer to Statista )
/
CASB 簡史
其在2014 年就出現於 Gartner top security projects 中,2015年曾掉出榜外,2016 年又上榜至今。雖然中間略有起伏,不過根據最新趨勢看起來是成長的。
CASB最初發源是為了協助發現 Shadow IT,演進到現在支援越來越多的Use cases.
/
CASB 4 Pillars
Gartner認為CASB應提供四個維度的功能:發現、資料保護、威脅檢測、合規性,亦即 4 pillars —Visibility, Data Security , Threat Protection, Compliance
- Visibility – discover shadow IT cloud services and gain visibility into user activity within sanctioned apps
- Data security – enforce data-centric security such as encryption, tokenization, and information rights management
- Threat protection – detect and respond to insider threats, privileged user threats, compromised accounts
- Compliance – identify sensitive data in the cloud and enforce DLP policies to meet data residency and compliance requirements. Provide visibility for various compliance, for example, PII, HIPAA, PCI, PHI.
/
CASB Benefits ( Use cases )
- Gives companies real-time security control enforcement or enough flexibility to "start out in an API mode or a monitoring mode of operation."
- help security teams understand a cloud security event before blocking is initiated.
- To simplify cloud access, companies need compliance reporting and usage monitoring.
- Protect your sensitive information and prevent data leak. ex. Prevent sensitive folders ( in OneDrive, dropbox, box, S3.... ) which are accessible by others who should not access it.
- Protect against insider threats and anomalous behaviors : some vendors also have UEBA capabilities.
- Get real-time controls for user access and sessions from managed and un-managed devices. ex. limit app access, block downloads, restrict copy/paste in SaaS apps
- Threat protection: some vendors also provide cloud sandbox capability
- Some vendors provide CSPM(Cloud Security PostureManagement) function: to evaluate and reduce laaS, PaaS and SaaS config risk
- Some vendors provide data protection functions. ex. data encryption.
/
TOP CASB vendors
參考 Gartner 2020 and 2019 Magic Quadrant for CASB.
最明顯的兩個變化...
一為 McAfee 在 2020 年的評比中從一群Magic Quadrant Vendors 中脫穎而出,衝到最右上角。
另一而是 Symentec 由2019年的leader 退居 Challenger....
/
Ref:
https://www.ciodive.com/news/gartner-security-risk-covid-strategy/585218/
https://www.mdeditor.tw/pl/2snx/zh-tw
https://www.statista.com/statistics/1067748/worldwide-cloud-access-security-broker-market-value/
https://www.appsruntheworld.com/top-10-cloud-access-security-broker-casb-software-vendors-and-market-forecast-2018-2023/
https://techcommunity.microsoft.com/t5/microsoft-security-and/securing-all-your-cloud-apps-with-microsoft/ba-p/1072310
https://cloudsecurityalliance.org/blog/2015/12/07/gartners-latest-casb-report-how-to-evaluate-vendors/
歡迎轉貼分享,轉貼時禁止修改內容及標題且保持所有連結。禁止商業使用,請註明原文標題、連結以及作者。
沒有留言:
張貼留言