CASB — Glossary

Cloud Access Security Broker

A security policy enforcement point placed between cloud service consumers and cloud service providers to monitor activity, enforce security policies, and protect data as it moves to and from cloud applications.

Last updated

What Is CASB?

A Cloud Access Security Broker (CASB) provides visibility and control over an organization's use of cloud applications and services. As organizations adopt hundreds of SaaS applications, CASB answers critical questions:

  • Which cloud apps are employees using (including unsanctioned "shadow IT")?
  • What data is being uploaded to or shared from cloud apps?
  • Are cloud app configurations secure?
  • Are compromised accounts accessing cloud services?

Four Pillars of CASB

1. Visibility

Discover all cloud applications in use — sanctioned and unsanctioned. Most organizations discover 5-10x more cloud apps than IT is aware of.

2. Data Security

Apply DLP policies to data stored in and shared from cloud applications. Prevent sensitive data from being uploaded to unsanctioned apps or shared externally.

3. Threat Protection

Detect compromised accounts, insider threats, and malware distributed through cloud services. Identify anomalous user behavior like bulk downloads or impossible travel.

4. Compliance

Ensure cloud usage meets regulatory requirements. Audit cloud app security configurations and enforce data residency policies.

CASB Deployment Modes

| Mode | How It Works | Pros | Cons | |---|---|---|---| | Forward Proxy | Intercepts traffic from managed devices | Real-time blocking | Requires agent/PAC file | | Reverse Proxy | Sits in front of cloud apps via SAML | Agentless, any device | Limited to SSO apps | | API | Connects to cloud app APIs directly | Deep visibility, no inline | Near-real-time (not blocking) |

Most modern CASB deployments use a combination of all three modes.

CASB and SASE

CASB is now commonly delivered as part of SASE or SSE (Security Service Edge) platforms rather than as a standalone product. Major SASE vendors include CASB as a core component alongside SWG, ZTNA, and DLP.

Leading CASB Vendors

Major CASB providers include Netskope, Zscaler, Microsoft Defender for Cloud Apps, Palo Alto Prisma Access, Skyhigh Security (formerly McAfee MVISION Cloud), and Cisco Secure Access.

Related Resources

Categories

Enterprise SASE Platforms

Compare the best enterprise SASE alternatives to Zscaler in 2026. Palo Alto Prisma Access, Fortinet FortiSASE, Cisco Secure Access — features, pricing, and integration compared.

Cloud-Native SASE Platforms

Compare the best cloud-native SASE alternatives to Zscaler in 2026. Netskope, Cloudflare Zero Trust, Cato Networks — features, pricing, and architecture compared.

Products

Netskope

Cloud-native SASE platform with industry-leading CASB and granular SaaS visibility

Zscaler

Cloud-native SASE and zero trust platform for secure internet and private application access

Microsoft Defender for Endpoint

Enterprise endpoint protection deeply integrated with Microsoft 365 security stack

Palo Alto Prisma Access

Enterprise SASE platform extending Palo Alto's next-gen firewall to cloud-delivered security

Skyhigh Security

Data-aware SSE platform with pioneering CASB technology and deep cloud data protection

Cisco Secure Access

Cisco's unified SASE platform converging Umbrella, Duo, and Meraki into cloud-delivered security

Sources & References

  1. NIST Cybersecurity Framework (CSF) 2.0[Government Standard]
  2. NIST Computer Security Resource Center[Government Standard]
  3. MITRE ATT&CK Framework[Industry Framework]
  4. OWASP Foundation[Industry Framework]
  5. CISA Cybersecurity Best Practices[Government Standard]
  6. SANS Institute Reading Room[Industry Research]
  7. Cloud Security Alliance (CSA)[Industry Framework]
  8. CIS Critical Security Controls[Industry Framework]
  9. Gartner Magic Quadrant for Single-Vendor SASE 2024[Analyst Report]
  10. Gartner Magic Quadrant for Security Service Edge 2024[Analyst Report]
  11. Forrester Wave: Zero Trust Network Access, Q3 2023[Analyst Report]
  12. IDC MarketScape: Worldwide SASE 2024[Analyst Report]
  13. CISA Zero Trust Maturity Model[Government Standard]
  14. NIST SP 800-207: Zero Trust Architecture[Government Standard]
  15. Gartner Peer Insights: Security Service Edge[Peer Reviews]