Cloud Access Security Broker (CASB) solutions have emerged over the past few years to address new security requirements related to the fast-growing cloud app and services market. As you have
undoubtedly already seen in your own organization, cloud apps like G Suite, Office 365, and Salesforce provide tremendous benefits in terms of increased collaboration and employee productivity, but they also substantially increase your organization’s attack surface.
Organizations are often blind to what cloud apps and services their users are accessing (known as Shadow IT). More importantly they are also blind to what users are doing inside cloud apps, for example what sensitive content they may be uploading and sharing (known as Shadow Data). Finally, the prospect of placing valuable corporate data in third party services raises the concern of data exfiltration by malicious actors. Most cloud app providers support a “shared responsibility” model for security—they will secure their back-end infrastructure, but they will not take responsibility for how users use the service or what data they upload. Thus a compromised account can lead to significant damage, which is outside the liability of the cloud app provider.