1 00:00:00,320 --> 00:00:02,760 Cloud access security broker. 2 00:00:02,760 --> 00:00:07,760 What is a cloud access security broker, also known as a CASB? 3 00:00:07,860 --> 00:00:09,990 Well, this is an enterprise management software 4 00:00:09,990 --> 00:00:12,650 designed to mediate access to cloud services 5 00:00:12,650 --> 00:00:15,500 by users across all types of devices. 6 00:00:15,500 --> 00:00:17,540 Essentially, it's going to be a middle man 7 00:00:17,540 --> 00:00:19,090 that helps you with your authentication 8 00:00:19,090 --> 00:00:21,360 and ensure that people are using the services 9 00:00:21,360 --> 00:00:22,600 they're supposed to use. 10 00:00:22,600 --> 00:00:24,390 Now, there are many different vendors 11 00:00:24,390 --> 00:00:26,120 who sell this type of product. 12 00:00:26,120 --> 00:00:27,940 They include people like Symantec, 13 00:00:27,940 --> 00:00:29,650 which uses the Blue Coat Proxy, 14 00:00:29,650 --> 00:00:32,000 which I've personally used in a lot of my organizations. 15 00:00:32,000 --> 00:00:34,460 There's Skyhigh Networks which is made by McAfee, 16 00:00:34,460 --> 00:00:37,450 there's Forcepoint, there's Microsoft's Cloud App Security, 17 00:00:37,450 --> 00:00:38,470 which is their version. 18 00:00:38,470 --> 00:00:41,070 And Cisco has their version called Cloudlock. 19 00:00:41,070 --> 00:00:43,920 All of these are different cloud access security brokers. 20 00:00:43,920 --> 00:00:46,200 And the key term here is security. 21 00:00:46,200 --> 00:00:47,160 By being a broker, 22 00:00:47,160 --> 00:00:48,600 they're going to make sure that your device 23 00:00:48,600 --> 00:00:51,660 is connecting to the right device using the right security. 24 00:00:51,660 --> 00:00:52,910 Now, what are some benefits 25 00:00:52,910 --> 00:00:56,010 of using these cloud access security brokers? 26 00:00:56,010 --> 00:00:58,510 Well, they can enable a single sign-on authentication 27 00:00:58,510 --> 00:01:00,960 and enforce access controls and authorizations 28 00:01:00,960 --> 00:01:03,180 across your entire enterprise network, 29 00:01:03,180 --> 00:01:04,940 all the way from your enterprise network 30 00:01:04,940 --> 00:01:06,710 up to the cloud provider. 31 00:01:06,710 --> 00:01:09,900 They also can help you scan for malware and rogue devices 32 00:01:09,900 --> 00:01:11,440 and be able to find any of these devices 33 00:01:11,440 --> 00:01:13,100 that might be on your network. 34 00:01:13,100 --> 00:01:14,580 They also can help monitor and audit 35 00:01:14,580 --> 00:01:16,190 user and resource activity 36 00:01:16,190 --> 00:01:17,850 to know exactly what your users are doing 37 00:01:17,850 --> 00:01:19,490 on your network at any time. 38 00:01:19,490 --> 00:01:22,560 And finally, they can help you mitigate data exfiltration 39 00:01:22,560 --> 00:01:23,760 by performing functions 40 00:01:23,760 --> 00:01:26,560 like a data loss prevention system would. 41 00:01:26,560 --> 00:01:29,390 Now, when you talk about a cloud access service broker, 42 00:01:29,390 --> 00:01:31,420 I want you to remember they provide visibility 43 00:01:31,420 --> 00:01:34,090 into how your clients and other network nodes 44 00:01:34,090 --> 00:01:36,100 are using your cloud services. 45 00:01:36,100 --> 00:01:38,060 When you start moving everything out to the cloud, 46 00:01:38,060 --> 00:01:40,870 you have to think about how are my users using those things? 47 00:01:40,870 --> 00:01:42,370 How much time are they spending? 48 00:01:42,370 --> 00:01:43,990 Are they using it the right way? 49 00:01:43,990 --> 00:01:46,380 Are they taking data and putting it where it shouldn't be? 50 00:01:46,380 --> 00:01:49,290 And to do that, we have three different things. 51 00:01:49,290 --> 00:01:52,830 We can set it up as either a forward proxy, a reverse proxy, 52 00:01:52,830 --> 00:01:54,810 or using API access. 53 00:01:54,810 --> 00:01:56,480 Now, when we talk about a forward proxy 54 00:01:56,480 --> 00:01:58,800 in terms of a cloud access security broker, 55 00:01:58,800 --> 00:02:01,610 we're essentially going to set up a security appliance or host 56 00:02:01,610 --> 00:02:03,900 that's positioned at the client network edge, 57 00:02:03,900 --> 00:02:05,730 and then it's going to forward the user traffic 58 00:02:05,730 --> 00:02:07,000 to the cloud network 59 00:02:07,000 --> 00:02:09,960 if the contents of that traffic comply with policy. 60 00:02:09,960 --> 00:02:12,020 For example, in my home network, 61 00:02:12,020 --> 00:02:15,080 I have my kids set up to use a forward proxy. 62 00:02:15,080 --> 00:02:16,860 Now, this means that I went to their browser 63 00:02:16,860 --> 00:02:17,693 and I configured it 64 00:02:17,693 --> 00:02:20,360 so they had to go and connect to my proxy server 65 00:02:20,360 --> 00:02:21,920 before they went out to the Internet. 66 00:02:21,920 --> 00:02:23,640 This way, I can see what they're doing, 67 00:02:23,640 --> 00:02:25,440 how much time they were spending on sites, 68 00:02:25,440 --> 00:02:27,710 and if I needed to block certain things. 69 00:02:27,710 --> 00:02:30,220 Now, as my kids got older, my son got smarter, 70 00:02:30,220 --> 00:02:32,370 and he realized what a proxy server was. 71 00:02:32,370 --> 00:02:35,500 And so, he wanted to prevent the use of the forward proxy. 72 00:02:35,500 --> 00:02:37,140 So, what did he do? 73 00:02:37,140 --> 00:02:38,820 Well, he evaded the proxy 74 00:02:38,820 --> 00:02:40,950 and connected directly to the sites he wanted to. 75 00:02:40,950 --> 00:02:43,500 And the way he did that was by bypassing the proxy. 76 00:02:43,500 --> 00:02:45,430 And so, this is something you have to be concerned with 77 00:02:45,430 --> 00:02:47,470 when you're dealing with a forward proxy. 78 00:02:47,470 --> 00:02:48,740 Now, if I wanted to prevent that, 79 00:02:48,740 --> 00:02:51,960 I might go to the second method, which is a reverse proxy. 80 00:02:51,960 --> 00:02:53,630 Now, a reverse proxy is an appliance 81 00:02:53,630 --> 00:02:55,890 that's positioned at the cloud network edge 82 00:02:55,890 --> 00:02:58,380 and directs the traffic to the cloud services 83 00:02:58,380 --> 00:03:01,630 if the contents of that traffic comply with the policy. 84 00:03:01,630 --> 00:03:04,370 So, instead of having to go through the proxy 85 00:03:04,370 --> 00:03:05,680 to leave the network, 86 00:03:05,680 --> 00:03:06,620 you can leave the network, 87 00:03:06,620 --> 00:03:08,680 but you can't get into the cloud network 88 00:03:08,680 --> 00:03:10,100 until you hit the proxy. 89 00:03:10,100 --> 00:03:11,810 That's the idea of the reverse proxy. 90 00:03:11,810 --> 00:03:14,280 Now, the big problem with this is it only works 91 00:03:14,280 --> 00:03:15,360 if the cloud application 92 00:03:15,360 --> 00:03:17,840 you're trying to connect to supports proxies. 93 00:03:17,840 --> 00:03:19,210 If they don't have proxy support, 94 00:03:19,210 --> 00:03:21,100 you can't do a reverse proxy. 95 00:03:21,100 --> 00:03:22,900 And so this brings us to our third method 96 00:03:22,900 --> 00:03:26,120 which is an application programming interface or API. 97 00:03:26,120 --> 00:03:28,280 This is a method that uses the broker's connections 98 00:03:28,280 --> 00:03:30,920 between the cloud service and the cloud consumer 99 00:03:30,920 --> 00:03:32,280 to make changes. 100 00:03:32,280 --> 00:03:33,360 Now, essentially, when we're using 101 00:03:33,360 --> 00:03:35,090 the application programming interface, 102 00:03:35,090 --> 00:03:36,140 we're sending data 103 00:03:36,140 --> 00:03:38,600 between the cloud service and the cloud consumer. 104 00:03:38,600 --> 00:03:39,740 And what we're doing here 105 00:03:39,740 --> 00:03:42,400 is we're being able to send information about those users. 106 00:03:42,400 --> 00:03:45,080 So, if I had a user account that's now been disabled 107 00:03:45,080 --> 00:03:47,240 or authorization has been revoked from the local network 108 00:03:47,240 --> 00:03:49,070 because they were doing bad things, 109 00:03:49,070 --> 00:03:52,180 I can send that using the cloud broker over the API 110 00:03:52,180 --> 00:03:55,290 to the cloud service and say, "Hey, don't let Jason in. 111 00:03:55,290 --> 00:03:57,620 We just fired that guy and his account has been disabled." 112 00:03:57,620 --> 00:04:00,520 And so, they can now know not to give him access. 113 00:04:00,520 --> 00:04:02,560 Now, the problem with this, the big warning here 114 00:04:02,560 --> 00:04:04,090 is that it's dependent on the API 115 00:04:04,090 --> 00:04:06,460 supporting the functions your policies demand. 116 00:04:06,460 --> 00:04:08,250 So, as you start thinking about your policies, 117 00:04:08,250 --> 00:04:09,083 and you start saying 118 00:04:09,083 --> 00:04:11,220 well, I want people to be denied 119 00:04:11,220 --> 00:04:12,970 or allowed access to everything, 120 00:04:12,970 --> 00:04:14,260 that's probably going to be supported. 121 00:04:14,260 --> 00:04:16,640 But if you start having very detailed requirements, 122 00:04:16,640 --> 00:04:18,360 those things may not be supported, 123 00:04:18,360 --> 00:04:19,880 depending on the service that you're using. 124 00:04:19,880 --> 00:04:21,540 And if they don't support those policies, 125 00:04:21,540 --> 00:04:22,800 the API doesn't have them 126 00:04:22,800 --> 00:04:24,673 and you're not going to be able to use this method.