What is CASB?
Cloud Access Security Brokers (CASB) are a legacy security solution that have been around for over a decade. They are quite adept at applying corporate policies to cloud-based entities, and have a wide range of uses. Traditional CASBs act like a firewall, where all connectivity to SaaS applications passes through a CASB proxy server where it is monitored and all actions are approved.
CASBs enable organizations to apply policies across all corporate users, covering things like password rules, SSOs, and permissions, as well as monitoring and applying the way data moves from place to place.
CASB or SSPM to Secure SaaS Applications
When organizations recognized the need to secure their SaaS apps, they initially turned to CASB based on its availability and ability to apply corporate policies to control access. As SaaS security needs evolved, security professionals realized that CASB’s inability to look inside the application limited its effectiveness as a SaaS security tool.
CASBs are unable to secure SaaS applications for a number of reasons, including:
Configuration Monitoring Requires Extensive Customization
CASBs can’t cover the different configurations and security settings in each SaaS application
Security Policy Application
CASBs normalize policies across an organization’s cloud network. However, this approach is inadequate when dealing with diverse SaaS applications that require SaaS-specific rules
Lack of Adaptability
CASB lacks flexibility in addressing evolving SaaS characteristics and threats
Security Blindness
CASB focuses on pathways and looking at the app “from the outside,” causing it to miss user behavior nuances
Integration Complexity
CASB requires a proxy, slows down access, and adds considerable cost and effort for each application that it integrates with
It has been replaced by SSPM, a next-gen security tools designed to secure SaaS applications by reviewing configurations, user actions, and events from within the application. SSPM is ideal for handling app misconfigurations, monitoring human and non-human identities, managing devices, detecting integrated third-party applications, and overseeing permissions assigned to files and other assets.
SSPMs and CASBs Complement Each Other
SSPMs and CASBs are both part of the rich security fabric used to secure cloud-based assets and data. CASBs are a key component in SASE installations and enforce the zero-trust processes inherent in the tool.
It helps ensure that traffic approaching SaaS applications are trusted, limiting access through network sign-in tools like SSO. SSPM takes over security at the entrance to the application. It maintains the zero trust approach initiated by CASB once the user has entered the application.
CASBs are proxy-based solutions. They inspect traffic, as well as identify malicious activity and data exfiltration from an in-line perspective of a governed user. SSPMs extend that coverage to external users, contractors, partners, third-party applications, and IoT devices.
CASBs are effective at detecting users who access more data than they should or access data that they should not be seeing. SSPMs add additional protection by identifying misconfigurations that could lead to data becoming publicly accessible without user registration or user creation.
SSPMs are significantly less expensive than CASBs and have a far simpler setup, allowing organizations to protect their entire SaaS stack rather than just a few critical applications. Furthermore, SSPMs can identify non-IdP users that sit outside the organization, and identify user devices with poor security hygiene, capabilities that complete CASB.
