Integrate Your Cloud Security Posture With Identity and Access Management

Cloud access security brokers can effectively complement your existing IAM system.

Cloud services can become a vulnerability to an organization’s threat protection and data security strategy if mishandled. Although identity and access management (IAM) programs protect the front door of sanctioned applications, they do not protect against unsanctioned applications. This is where cloud access security brokers (CASBs) can bridge the gap.

CASBs add security where traditional IAM cannot

CASBs add security where traditional IAM cannot,Erik Wahlstrom, research director at Gartner, says. “They don’t replace IAM, but do provide visibility and control back to IAM.” Technical professionals must integrate the two and use their combined strengths when onboarding, securing, monitoring and managing cloud services.

At the most basic level, CASBs add an extra layer of protection to the components of IAM systems. They enable organizations to track user behavior, apply consistent security policies across multiple applications and enforce policies (e.g., session termination) in the event applications are misused.

Identity is likewise a foundational piece of information for CASBs

Identity is likewise a foundational piece of information for CASBs. IAM and CASBs work together to provide heightened discovery, monitoring and protection of your organization’s services in order to make informed decisions when protecting cloud applications.

Build resilience in a world of escalating risk

Learn how at Gartner Identity & Access Management Summit 2019

Attend

Improve your IAM security posture

“There are many synergies between the CASB and IAM that organizations should assess and use, if possible,” Wahlstrom says. He outlines some of the main ways CASBs can improve your IAM security posture.

  • Manage third-party applications: Mobile and third-party applications are hard to manage. If they have access to data stored in cloud services, they should be considered a new threat for attack. CASBs provide a centralized interface to discover, report and restrict the use of third-party applications.
  • Trigger identity management events: The real-time risk analysis functionality in CASBs can trigger identity management events in identity governance and administration (IGA). They can alert an organization of an unusual event within a cloud system and ultimately deactivate a user from all systems.
  • Use step-up authentication: In discovering abnormal behaviors through risk analysis, users can then be prompted for step-up authentication to increase the assurance that the intended user is present. This will strengthen the organization’s existing authentication model.
  • Discover and limit the use of corporate credentials in unsanctioned applications: Any reuse of corporate credentials in unsanctioned applications widens an organization’s potential attack surface. CASBs discover usage of unsanctioned applications and can either block access or provide tools to help the organization securely onboard the unsanctioned application to its IAM infrastructure.

Organizations shouldn’t replace their IAM programs with CASBs, but rather intersect the two for increased governance and access control of cloud applications

It is clear that CASBs interact with, use and help multiple features of IAM. “Organizations shouldn’t replace their IAM programs with CASBs, but rather intersect the two for increased governance and access control of cloud applications,” says Wahlstrom.

Gartner clients can read more on the relationship between CASBs and IAM in “Eight Ways CASBs Improve Your Security Posture” by Erik Wahlstrom, et al.

Get Smarter

Gartner Security & Risk Management Summits

Attend a global Gartner Security & Risk Management Summits.

Explore Gartner Events

Top 10 Strategic Technology Trends for 2019

Strategic technology trends have the potential to drive significant disruption and deliver significant opportunity. Enterprise architecture...

Read Free Research
Array ( [url] => http://aem-solr-prod.emt.aws.gartner.com/solr/emt/search [content_type] => application/json;charset=utf-8 [http_code] => 200 [header_size] => 87 [request_size] => 340 [filetime] => -1 [ssl_verify_result] => 0 [redirect_count] => 0 [total_time] => 0.022416 [namelookup_time] => 0.007162 [connect_time] => 0.011738 [pretransfer_time] => 0.011791 [size_upload] => 133 [size_download] => 7435 [speed_download] => 331682 [speed_upload] => 5933 [download_content_length] => 7435 [upload_content_length] => 133 [starttransfer_time] => 0.022388 [redirect_time] => 0 [redirect_url] => [primary_ip] => 10.108.24.74 [certinfo] => Array ( ) [primary_port] => 80 [local_ip] => 10.121.2.30 [local_port] => 51004 [request_header] => POST /solr/emt/search HTTP/1.1 Host: aem-solr-prod.emt.aws.gartner.com Accept: */* Content-Type: application/json X-dynaTrace: FW3;-987853115;1;639661907;21004197;0;412549582;214 Content-Length: 133 )

As Audiences Scatter, Digital Marketing Hubs Converge

As consumers traverse ever-more-complex and fragmented buying journeys, marketers gravitate to digital marketing hubs to unify disparate...

Start Watching