What are the two CASB deployment modes?

‍Understanding Two Ways to Set Up CASB (Cloud Access Security Broker)

1. Proxy-Based CASB:

• A proxy-based CASB is like a middleman sitting between users and cloud services (like SaaS providers).
• It acts as a checkpoint, inspecting and modifying the data that goes through it.
• This setup can encrypt data, and track user activities like logins or use of certain features.

Two Types of Proxies:

• Forward Proxy: Known to the user’s browser, it sends traffic through the CASB.
• Reverse Proxy: Works invisibly, catching traffic on its way to the service.

How It Works:

• Imagine you want to use a cloud service. Normally, you’d connect directly to it.
• With a proxy CASB, your connection first goes to the CASB, which then talks to the cloud service for you.
• The CASB can add security measures like encryption or block certain actions.

‍

Advantages and Disadvantages:

• Advantage: Flexibility. It can work with many different cloud services.
• Disadvantages: It can slow down internet traffic, there are decisions about where to place it, and handling secure internet sessions (TLS) can be tricky.

‍

Note on TLS:

• Normally, TLS protects your browsing from eavesdroppers.
• A CASB might need to break into this protection to do its job, which requires careful security decisions.

‍

2. API-Based CASB:

• Instead of operating at the level of HTTP/HTTPS, this CASB uses the cloud service’s own tools (APIs) to add security.
• It works directly with the cloud service’s system, not the data traffic.

‍

Advantages and Challenges:

• Advantage: No issues with managing internet sessions or secure connections.
• Challenge: These CASBs are specific to each cloud service. What works for one might not work for another.

‍