Cloud Access Security Broker

Why Trust Techopedia

What Does Cloud Access Security Broker Mean?

A cloud access security broker (CASB) is a network appliance or Software as a Service (SaaS) app that allows an organization to extend its perimeter-based security policies to the cloud. CASBs play an important role in Secure Access Service Edge (SASE), an integrated approach to cloud security that also includes the use of secure web gateways (SWGs) and zero-trust network access (ZTNA).


A CASB acts as a proxy server that sits between an end user and a cloud application and can be thought of as a “firewall for the cloud.” In the past, CASBs were installed as a physical appliance or subscribed to through a Software as a Service (SaaS) delivery model. Today, experts recommend using a Secure Access Service Edge (SASE) approach to cloud computing security that includes a CASB as part of its network fabric.

Techopedia Explains Cloud Access Security Broker

CASBs help with data loss prevention (DLP) and network access control (NAC) by enforcing rules around user activity.

Why are Cloud Access Security Brokers important?

CASBs are used to lower the security risks associated with cloud computing by giving IT administrators visibility into which software as a service apps employees are using — and how they are using them. This is important, because it allows an organization’s Chief Security Officer (CSO), Chief Risk Officer (CRO), Chief Compliance Officer (CCO) and other C-level stakeholders to create data-driven policies that can be enforced across multiple cloud service providers.

What do Cloud Access Security Brokers do?

CASBs help to mitigate the risks associated with employees using shadow IT by allowing administrators to whitelist which cloud apps employees can access from the corporate network.

CASBs also allow IT administrators to enforce security and compliance policies in the cloud for such things as:

  • Identity and access management (IAM).
  • Device profiling.
  • File sharing in the cloud.
  • Malware prevention and detection.
  • Encrypting data in transit and data at rest.


The biggest difference between Secure Access Service Edge (SASE) and CASB deployments is that a CASB simply extends an organization’s LAN security policies to the cloud while SASE also provides WAN network and security services.

In other words, CASBs improve the secure use of cloud apps, but SASE supports security for all software applications an organization's employees use, whether they are hosted locally or accessed over the internet through a third-party software vendor.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.