CASB Home

Contents
  1. Overview
  2. Cloud Access Security Brokers 
  3. Key Highlights
  4. Marking pattern
  5. Use cases for CASBs
  6. Vendors and resources
  7. Conclusion
  8. Questions and Answers

Overview

  • The result has been delayed due to administrative reasons and a situation arising due to COVID 19 pandemic. Along with the STAR result, the enrollment of airmen for intake 02/2021 has also been delayed. Candidates who had appeared in both these examinations can check more details on the official website of Central Airmen Selection Board, CASB, airmenselection.cdac.in.
  • The result would be released in the form of scorecards of the candidates who have qualified for the examination. The selection of the candidates has been made based on their performance in Phase I, Phase II, Physical Fitness Test, Adaptability Test I, and Adaptability Test II. 
  • Central Airmen Selection Board, CASB has conducted the Phase 1 Examination for Group X, Group Y in July 2021. Scheduled in April 2021 first, the examination was forced to be deferred due to the rise in the Covid19 cases across the country. Later on, the online examination was conducted from 12 to 18 July at various centres in India.
  • If we talk about the Air force Group XY Result 2021, the announcement is just around the corner. It’s been a month since the examination was conducted and candidates are eagerly waiting to know the Phase 1 Result for Group X, Y.

Cloud Access Security Brokers 

  • Cloud Access Security Brokers (CASB) are a security application that helps organizations manage and protect the data stored in the cloud. Gartner advises organizations to find a “Goldilocks” CASB solution —one that provides just-right capabilities for SaaS applications and Cloud infrastructure.
  • Think of cloud access security brokers (CASBs) as central data authentication and encryption hubs for everything your enterprise uses, both cloud and on-premises and accessed by all endpoints, including private smartphones and tablets. Before the CASB era, enterprise security managers had no visibility into how all their data was protected. They have become especially important as more enterprises allow personal phones and other unmanaged devices onto their networks, bringing more risk into their endpoint portfolios.
  • As cloud computing took off, enterprises needed a way to deliver consistent security across multiple clouds and protect everyone using their data. CASBs arrived to help give organizations much deeper visibility into cloud and software-as-a-service (SaaS) usage — down to individual file names and data elements.
  • Most of the main-line security vendors have purchased CASB solutions over the past several years: Oracle (Palerra), Cisco (CloudLock), IBM (Gravitant), Microsoft (Adallom), Forcepoint (Skyfence), Proofpoint (FireLayers), Symantec (Elastica and Perspecsys) and McAfee (Skyhigh Networks). This merger mania has abated in the past year and there are three major CASB independent vendors remaining: CipherCloud, Netskope and Bitglass.
  • Both Forrester and Gartner in their latest comparison reports have anointed McAfee, Symantec and Netskope as CASB market leaders.

Key Highlights

  • Central Airmen Selection Board has postponed the release date of the Indian Air Force STAR 1/2021 Result.

  • Candidates can check more details below or on the official website of CASB, airmenselection.cdac.in.

  • As per schedule, the provisional selection list would be announced on October 31, 2021.

Marking pattern

  • One mark for every correct answer.

  • Nil (0) marks for unattempted questions.

  • 0.25 marks shall be deducted for each wrong answer.

  • The IAF Group X, Y Result will be prepared according to the marking scheme mentioned above. The students must have an idea of their attempt in the online examination.

Use cases for CASBs

CASB tools have evolved to include, or work alongside, other IT security services -- though some vendors, such as Netskope and Bitglass, still offer standalone tools. CASBs are particularly useful in organizations with shadow IT operations or liberal security policies that allow operating units to procure and manage their own cloud resources. The data CASBs collect can be used for reasons other than security, such as monitoring cloud service usage for budgeting purposes.

Vendors and resources

Vendors in the cloud access security space include Skyhigh Networks, CipherCloud, McAfee and Symantec. Microsoft includes CASB functionality in its base Azure security services at no extra charge. To meet the needs of IaaS and PaaS users, CASB vendors have added or expanded functionality for security tasks, such as the following:

  • Single sign-on (SSO). Allows an employee to enter their credentials one time and access a number of applications.

  • Encryption. Encrypts information from the moment it's created until it's sitting at rest in the cloud.

  • Compliance reporting tools. Ensure that the company's security systems comply with corporate policies and government regulations.

  • User behavior analytics. Identifies aberrant behavior indicative of an attack or data breach.

  • The Pillars of a CASB

Visibility

Cloud apps unknown to IT result in information assets that are uncontrolled and outside the governance, risk, and compliance processes of the enterprise. Enterprises require visibility into cloud app account usage, including who uses which cloud apps, their departments, locations, and devices used.

Data Security

Data loss prevention (DLP) tools are designed to stop enterprise data leaks due to unauthorized sharing but the cloud makes sharing data with the wrong people easier than ever before. If an organization uses cloud file storage, a traditional DLP product will not know what data is shared externally and who is sharing it.

Threat Protection

It can be difficult to guard against the malicious intent or negligence of authorized users. To detect suspicious insider behavior, organizations need a comprehensive view of their normal usage patterns. Along the same lines, former employees pose a significant risk, as they may have been disabled from the organizational directory, but can still access cloud apps that contain business-critical information. PWC found that security incidents attributable to former employees rose from 27% in 2013 to 30% in 2014.

Compliance

As data moves to the cloud, organizations will want to ensure they are compliant with regional regulations that ensure data privacy and security. A CASB can help ensure compliance with regulations like SOX and HIPAA as well as help benchmark your security configurations against regulatory requirements like PCI DSS, NIST, CJIS, MAS and ISO 27001.

BYOD, Shadow IT, and Increased Cloud Usage

Phenomena such as BYOD (bring your own device) policies, the growing popularity of SaaS and cloud apps, and the rise of Shadow IT make restricting cloud app access to a defined set of endpoints a difficult task. Managed and unmanaged devices often require different policies to protect corporate data effectively. CASBs help enforce granular access policies as well as identify and categorize cloud apps in your organization.

Forcepoint CASB

  • App Discovery—Obtain a global view of all cloud apps

  • Discover all cloud apps accessed by employees

  • Inventory cloud apps and assess risk posture – for each app and at an organizational level

  • Aggregate firewall and proxy logs across the enterprise

  • Generate a global view of cloud app usage, including metrics for traffic volume, hours of use, and number of accounts

  • Create a baseline view so you can see how many apps have been added over a given period of time

  • Drill down into each cloud app to perform detailed risk analyses

  • Risk Governance—Assess risk contextually and set mitigation policies

  • Identify high-risk activities for your business

  • Determine who has standard and privileged access to an app

  • Identify dormant (i.e., accounts not accessed for several days), orphaned (e.g., ex-employees), and external (e.g., partners) accounts to create appropriate access policies

  • Benchmark current app security configurations against regulations or best practice guidelines to pinpoint security and compliance gaps

  • Assess and define access policies based on the location of users and/or a cloud service provider’s data centers (i.e., location-based access control)

Assign tasks to resolve user and application issues

Leverage a built-in organizational workflow to assign and complete risk mitigation tasks via Forcepoint CASB or through integration with 3rd-party ticketing systems

How to buy the right CASB solution?

Before you get started in your evaluation, check out one of the CASB vendors’ free service plans to discover your cloud portfolio. Cofense has Cloudseeker, which also performs this service (but doesn’t sell a CASB solution). Most vendors offer the first month with a limited number of apps or services for free. This will give you an idea of the scale and scope of your exposure and how the tool works within your infrastructure. Links to the various products are at the end of this article.

Here’s what to consider before you buy a CASB:

  • Pick your most critical apps to pilot a CASB project initially and run a product through its paces with this smaller set before you widen its scope.

  • Figure out if you want to integrate with existing identity-as-a-service (IDaaS)/single sign-on (SSO) tools.

  • Don’t view cloud access as a simple "yes" or "no" authentication event. Understand when and how you will need more granular and risk-based authentication and whether you want a CASB to deliver this functionality.

Understand if and how your product supports field-level data encryption

  • Look at the multimode CASBs so you can have the flexibility for complete coverage across as many possible use cases, and make sure you understand a product’s limitations in each of the three operating modes.

  • Examine if your product integrates with your secure web gateways, application firewalls, data loss prevention tools and email providers. Examine these features offered by the CASB versus what you already have in place.

  • Calculate the costs. Gartner puts the range between $15/user/year for simple installations of just a few cloud apps to a more robust coverage for multimode unlimited cloud apps at $85/user/year.

Conclusion

Coined by Gartner in 2012, CASBs or Cloud Access Security Brokers are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASB solutions consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.

Questions and Answers

What do CASBs typically offer?

  • Firewalls to identify malware and prevent it from entering the enterprise network

  • Authentication to check users' credentials and ensure they only access appropriate company resources

  • Web application firewalls (WAFs) to thwart malware designed to breach security at the application level, rather than at the network level

  • Data loss prevention (DLP) to ensure that users cannot transmit sensitive information outside of the corporation

How does a CASB work?

  • CASBs work by ensuring that network traffic between on-premises devices and the cloud provider complies with an organization's security policies.

  • The value of cloud access security brokers stems from their ability to give insight into cloud application use across cloud platforms and identify unsanctioned use. This is especially important in regulated industries.

  • CASBs use autodiscovery to identify cloud applications in use and identify high-risk applications, high-risk users and other key risk factors. Cloud access security brokers may enforce a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when a single sign-on is not available.

In which modes does CasB operate?

  • CASBs operate in one of three different modes, and more products now support more apps in each mode:

  • Forward proxy, usually deployed with endpoint agents or VPN clients

  • A reverse proxy, which doesn’t require agents and can work better for unmanaged devices

  • API control, which provides visibility into data already stored in cloud repositories or data that is used within a cloud process that never enters a corporate network.

How the modern CASB fits in today’s IT and threat landscape?

That was great then, but today’s CASBs are more fully-featured and integrated into the alphabet soup of enterprise security. Many vendors offer ways to connect their product to email servers to track and prevent data leakage (either deliberate or unintentional), web application gateway devices, identity management systems, and single sign-on tools.