I’ve read a lot of articles out there about people’s opinions on moving to the cloud. The latest was written by financial advisors from a local financial company and they touch points about the cost of on premise, and basically say do it because everyone else is doing it. I find it interesting that security in many cases by many companies is assumed and never mentioned as a factor. They think that cloud companies must have their security figured out and in many cases security just isn’t an issue. Where my eyes have been opened in working for a highly regulated company is that at any given time as a System Administrator you might be called to account for the location and security of a file at any given time. The same holds true for when you’re in the cloud and your email is in Exchange Online and maybe your documents are stored in SharePoint Online or OneDrive for business (SharePoint Online).
Yes everything is secure inside Office 365, transferring files back and forth via the internet is SSL secured. Microsoft is not allowed to go into your tenant to get information, there are multiple layers of approval that is required before they can get into your tenant. The fact remains though that there is risk. How can companies monitor what is leaving on premise and landing in the cloud, how can we guarantee that the data is not being leaked or stolen.
Enter the CASB. CASB stands for cloud access security broker and you are forgiven if you’ve never heard of it before, neither have I until recently. A group from my office returned from the Gartner conference and the big discussion there was on hybrid networks and the CASB. The idea behind the CASB is that it would be an application or an appliance (hardware + software) that will site between your on premise network and your cloud application and it would broker all of the traffic between on premise and the cloud and they aim to make the traffic and policies required to run a hybrid network transparent and manageable.
The four features or problems that a security broker devices looks to solve are
- Visibility – this aims to give system administrators and the business at large a look into how data is being used in the cloud as well as “shadow IT services” that we may not know are running against data in the cloud. We should be able to report in clarity on what is going on in the cloud environment.
- Compliance – CASB’s have sets or policy’s that can be enforced on the cloud according to compliance policies that companies are beholden to.
- Data Security – The security broker helps companies secure and control access to their data. This is a huge topic, companies need to be responsible for their own data, you cannot outsource it.
- Threat Protection – This includes malware, intrusion detection and enforcing rules in how employees access data or don’t access data.
The best way to think of a CASB is as a proxy or reverse proxy. The proxy is where you run all of your cloud access through and the CASB would log and apply policy. The reverse proxy mode is for data coming back to on premise from the cloud.
It just so happens recently that Microsoft bought a company that makes CASB’s called Adallom and will be offering this device as a Microsoft offering in the near future.
Keep your eyes peeled for more information…while Microsoft says “mobile first, hybrid first” It’s customers are putting their foot down and are saying “Hybrid”