Cloud Access Security Broker (CASB)

Security+ 🏆 • Security Operations 🛡️ • Web Security 🕸️ • Difficulty: premium

Definition

A CASB sits between users and cloud apps to provide visibility and control. It enforces policies like authentication, data loss prevention, malware scanning, and access restrictions so SaaS and IaaS services can be used safely.

Examples

The CASB detects employees uploading customer spreadsheets to a personal cloud drive and blocks the transfer because it contains PII.
Via API connection to Microsoft 365 and Google Workspace, the CASB scans existing files and revokes public links it finds, fixing risky sharing after the fact.

Discover 🔎

Cloud apps make work fast—but they also spread data across services you don’t fully control. A Cloud Access Security Broker is the policy checkpoint for that world. It helps you see which cloud services are in use, who is accessing them, what data is moving, and whether activity is safe and compliant. Think of a CASB as a guardrail: it doesn’t replace the cloud app, it makes using it safer.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.