Secure Cloud Services by Integrating CASB Based Approach

Abstract

In the last decades, cloud computing has attracted much attention in business, as it provides numerous computing functions (e.g., Software-as-a- Service (SaaS), Platform as-a-Service (PaaS) and Infrastructure-as-a-service (IaaS). Shadow IT refers to the use of cloud apps and services without the explicit approval of IT. Early on, the practice was one of the main drivers of Cloud Access Security Broker (CASB) adoption. There are two risks we found, they are i.) Users typically use unapproved software-as-a- service (SaaS) applications for file sharing, social media, collaboration and web conferencing. Ii.) Another growing challenge, third-party apps and scripts with OAuth permissions. OAuth-connected third-party apps access IT-approved cloud services, such as Microsoft 365 and Google G Suite. Some of these pose risks because of poor design, giving them broader than necessary data permissions. The danger of OAuth is once a token is authorized, access to enterprise data and applications continues until it’s revoked—even if the user’s password is changed. Integrating CASB solution into broader web security infrastructure can provide deeper visibility into all unapproved web apps. Keywords: cloud computing, insider threats, web security, CASB, OAuth