Cloud Access Security Broker (CASB)

What is Cloud Access Security Broker (CASB)?

A CASB solution is delivered via on premises hardware or software or as a cloud service, CASB uses proxy and API methods to enforce strong security checks: 

• Proxy workflow: for real time data inspection.

1. User attempts to access a SaaS app or IaaS platform. Traffic is intercepted by CASB and SSL inspection is performed.

2. CASB validates identity and applies policy via in-line CASB and data protection controls to restrict upload, download, and share activities. Compliances are checked, and access is automatically adapted based on real-time context changes.

3. With restricted actions in place, secure SaaS access is extended to the user while restricting unauthorized behaviors to prevent data loss and enforce compliance.

4. Admins gain visibility into all user activity while accessing the SaaS app. If security posture changes or the user attempts unauthorized activity, access is reassessed, and admins alerted.

• API workflow: for scanning data at rest.

CASB leverages out-of-band application programming interface (API) security for monitoring data stored in cloud services like Microsoft Office 365, Salesforce, Workday, SharePoint, etc. CASB integrates with the APIs of these cloud services and scans for malware, ransomware, malicious software, and other types of cyber threats. 

• In-line CASB: Enforce security policies in real time as data moves to and from the cloud. This can include authentication, encryption, and other security controls.
• SSL inspection for CASB control: Inspect encrypted SSL/TLS traffic to stop potential threats or data leakage before it happens. By decrypting the traffic, the CASB can apply security policies to protect sensitive data.
• Visibility into apps and shadow IT: Shadow IT refers to the use of applications and services without IT’s explicit approval. With CASB businesses gain visibility into SaaS apps and shadow IT to better understand and manage the risks associated with sanctioned and unsanctioned app usage.
• Granular control of restricted actions: Admins can set granular policies that restrict certain actions like uploading, downloading, sharing data, etc., from any SaaS application. This is an important requirement to protect against data loss and ensure compliance with various regulations.
• DLP for SaaS based apps: DLP (Data Loss Prevention) helps protect sensitive data within SaaS applications by monitoring, detecting, and blocking potential data breaches or unauthorized access. DLP can use regular expressions (regex) and dictionary matching or use OCR (Optical Character Recognition) to identify and protect sensitive data.
• Compliance with predefined and custom dictionaries: Predefined and custom dictionaries can be created to ensure compliance with specific regulations like HIPAA, PCI DSS, GDPR, and NIST. These dictionaries contain terms and patterns that are unique to each regulation, helping organizations meet their compliance obligations.

HPE Aruba Networking CASB is a modern Cloud Access Security Broker (CASB) solution designed to enhance cloud security and secure access to SaaS applications for organizations. Our CASB serves as the security mediator between users and SaaS applications, providing inline CASB protection for data in motion, effectively regulating data flows, uncovering shadow IT, and preventing data loss.

HPE Aruba Networking CASB provides end‑to‑end visibility, allowing centralized management of user access, downloads, and sharing permissions. Our CASB’s operation is straightforward: it proxies traffic to avoid risky pass-through connections, validates identities, applies policies, and securely connects users to resources while inspecting traffic and monitoring user experience.

Emphasizing ease of use and scalability, HPE Aruba Networking CASB delivers secure access to modern cloud services and applications. In our cloud‑centric world, CASB as part of the broader HPE Aruba Networking SSE platform aims to deliver value with increased visibility, compliance, and data security from the outset.