Integrate Your Cloud Security Posture With Identity and Access Management

Cloud access security brokers can effectively complement your existing IAM system.

Cloud services can become a vulnerability to an organization’s threat protection and data security strategy if mishandled. Although identity and access management (IAM) programs protect the front door of sanctioned applications, they do not protect against unsanctioned applications. This is where cloud access security brokers (CASBs) can bridge the gap.

CASBs add security where traditional IAM cannot

CASBs add security where traditional IAM cannot,Erik Wahlstrom, research director at Gartner, says. “They don’t replace IAM, but do provide visibility and control back to IAM.” Technical professionals must integrate the two and use their combined strengths when onboarding, securing, monitoring and managing cloud services.

At the most basic level, CASBs add an extra layer of protection to the components of IAM systems. They enable organizations to track user behavior, apply consistent security policies across multiple applications and enforce policies (e.g., session termination) in the event applications are misused.

Identity is likewise a foundational piece of information for CASBs

Identity is likewise a foundational piece of information for CASBs. IAM and CASBs work together to provide heightened discovery, monitoring and protection of your organization’s services in order to make informed decisions when protecting cloud applications.

A Logistics Action Guide

Focus on value, maintain agility and hire disruptors

Download Research

Improve your IAM security posture

“There are many synergies between the CASB and IAM that organizations should assess and use, if possible,” Wahlstrom says. He outlines some of the main ways CASBs can improve your IAM security posture.

  • Manage third-party applications: Mobile and third-party applications are hard to manage. If they have access to data stored in cloud services, they should be considered a new threat for attack. CASBs provide a centralized interface to discover, report and restrict the use of third-party applications.
  • Trigger identity management events: The real-time risk analysis functionality in CASBs can trigger identity management events in identity governance and administration (IGA). They can alert an organization of an unusual event within a cloud system and ultimately deactivate a user from all systems.
  • Use step-up authentication: In discovering abnormal behaviors through risk analysis, users can then be prompted for step-up authentication to increase the assurance that the intended user is present. This will strengthen the organization’s existing authentication model.
  • Discover and limit the use of corporate credentials in unsanctioned applications: Any reuse of corporate credentials in unsanctioned applications widens an organization’s potential attack surface. CASBs discover usage of unsanctioned applications and can either block access or provide tools to help the organization securely onboard the unsanctioned application to its IAM infrastructure.

Organizations shouldn’t replace their IAM programs with CASBs, but rather intersect the two for increased governance and access control of cloud applications

It is clear that CASBs interact with, use and help multiple features of IAM. “Organizations shouldn’t replace their IAM programs with CASBs, but rather intersect the two for increased governance and access control of cloud applications,” says Wahlstrom.

Gartner clients can read more on the relationship between CASBs and IAM in “Eight Ways CASBs Improve Your Security Posture” by Erik Wahlstrom, et al.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer

As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching