What Is a Cloud Access Security Broker?

5min. read

Cloud access security brokers, or CASBs, are security policy enforcement points that sit between a cloud service provider and its users.

The purpose of CASBs is to:

  • Help companies discover where their data is across multiple environments, such as public or private clouds, software-as-a-service applications, on-premises data centers, and others.

  • Infuse and enforce the company’s security, governance, and compliance policies as users access and consume cloud resources.

  • Protect data against loss or theft.

The main pillars of CASB functionality are:

  • Visibility

  • Compliance

  • Data security

  • Threat protection


In other words, CASBs provide companies with a way to effectively, consistently secure their data across multiple environments as well as quickly identify and mitigate security-related risks.

Why CASB Is Important 

Years ago, companies typically kept all their applications and data in a single, on-site data center. In this environment, companies had complete visibility into and precise control over who was accessing their applications and data – and when – as well as which devices (typically desktop or laptop computers) were being used to access them.

Over time, as companies moved data to the cloud and began using SaaS applications, they discovered they no longer had insight into who was accessing and using their applications and data, nor – thanks to the advent of mobile technologies such as smartphones – the devices being used.

This made it difficult for companies to protect their data and opened them up to a host of security risks, such as breaches, regulatory noncompliance, malware, ransomware and more.

To address these challenges, vendors developed CASB technology. Since then, CASBs have become such a critical part of a company’s security stack that Gartner, a leading research and advisory firm, forecasts 60% of large enterprises will use CASBs by 2022, up from 20% in 2018.

How CASB Fits Into a Company’s Security Architecture

There are two types of security for CASB deployment:

  • In-line security - Controlling access to applications and ensuring dangerous content is not moving to the application or back to users, while also protecting data.

  • API-based security - Categorizing content for policies, looking for violations, scanning SaaS applications for policy violations, while maintaining compliance.

To maximize security, the best approach uses both security models, and is called a multi-mode CASB.

Using a multi-mode CASB provides superior visibility, management, security and zero-day protection against emerging threats.

For more about CASBs and cloud security, visit paloaltonetworks.com/cloud-security/prisma-saas.