Gartner denes the cloud access security broker (CASB) market as products and services that address security gaps in an organization’s use of cloud services. This technology is the result of the need to secure cloud services — which are being adopted at a signicantly increased rate — and access to them from users both within and outside the traditional enterprise perimeter, plus growing direct cloud-to-cloud access. They deliver differentiated, cloud-specic capabilities generally not available as features in other security controls such as web application rewalls (WAFs), secure web gateways (SWGs) and enterprise rewalls. CASB vendors understand that for cloud services the protection target is different: it’s still your data but processed and stored in systems that belong to someone else. CASBs provide a central location for policy and governance concurrently across multiple cloud services — for users and devices — and granular visibility into and control over user activities and sensitive data.
CASB coverage scope applies broadly across the SaaS, PaaS, and IaaS cloud service delivery models. For SaaS coverage, CASBs commonly work with the most popular content collaboration platform (CCP), CRM, HR, ERP, service desk, ofce productivity suites, and enterprise social networking sites. Some CASBs extend support to less common SaaS applications through custom plug-ins or automated learning of application behavior. For IaaS and PaaS coverage, several CASBs govern the consoles of popular cloud service providers (CSPs) and extend visibility and governance to applications running in these clouds. Several CASBs now also offer cloud security posture management (CSPM) capabilities to assess and reduce conguration risk in IaaS, PaaS, and SaaS cloud services, sometimes by reconguring native security controls directly in cloud services. However, IaaS and PaaS governance are new for almost every CASB, and therefore not yet as developed as SaaS governance. A few CASBs can be deployed in front of enterprise web-enabled applications to bring these under a consistent cloud service management framework, although this is an uncommon scenario.