Gartner defines the cloud access security broker (CASB) market as products and services that address security gaps in an organization’s use of cloud services. This technology is the result of the need to secure cloud services — which are being adopted at a significantly increased rate — and provide access to them from users inside and outside the traditional enterprise perimeter, plus growing direct cloud-to-cloud access. They deliver differentiated, cloud-specific capabilities that are generally not available as features in other security controls, such as web application firewalls (WAFs), secure web gateways (SWGs) and enterprise firewalls. Unlike those premises-focused security products, CASBs are designed to identify and protect data that’s stored in someone else’s systems. CASBs provide a central location for policy and governance concurrently across multiple cloud services — for users and devices — and granular visibility into and control over user activities and sensitive data.

CASB coverage scope applies broadly across the software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) cloud service delivery models. For SaaS coverage, CASBs commonly work with the most popular content collaboration platforms (CCPs), CRM systems, HR systems, ERPs, service desks, office productivity suites and enterprise social networking sites. Some CASBs extend support to less-common SaaS applications through custom plug-ins or automated learning of application behavior. For IaaS and PaaS coverage, several CASBs govern the API-based usage (including console access) of popular cloud service providers (CSPs) and extend visibility and governance to applications running in these clouds.