Glossary

What is CASB?

Cloud Access Security Broker

A security control point between users and SaaS applications that provides visibility into shadow IT, enforces data protection policies, and detects threats across cloud services.

CASBs operate in three modes: forward proxy (inline, inspects traffic before it reaches SaaS), reverse proxy (inline, inspects traffic at the SaaS entry point for unmanaged devices), and API-based (out-of-band, connects directly to SaaS provider APIs for at-rest scanning). Most enterprise deployments use a combination. Forward proxy handles real-time, inline enforcement; API mode handles retroactive scanning, posture management, and data-at-rest policies.

The primary use cases are shadow IT discovery (identifying unsanctioned SaaS usage via log analysis), granular activity controls (allow viewing a document in Box but block downloading it to an unmanaged device), data loss prevention across SaaS channels, and SaaS Security Posture Management (SSPM) to detect misconfigurations like publicly shared folders or overly permissive OAuth grants.

The biggest operational challenge is balancing coverage breadth with inspection depth. A CASB might catalog 30,000 SaaS applications for shadow IT scoring but only provide granular activity-level controls for the top 20 to 30 platforms. When evaluating CASB solutions, focus on whether the vendor supports deep API integrations for the specific SaaS applications your organization relies on, not just the headline catalog number.

See also

CSA Cloud Controls MatrixGartner Magic Quadrant for CASB/SSE

Related on sase.cloud

CASB Component Deep Dive →Shadow IT Discovery with CASB →

Related terms

SSESecurity Service Edge

The security half of SASE, delivering SWG, CASB, ZTNA, and DLP as cloud-delivered services without the SD-WAN networking component.

Shadow IT

The use of unsanctioned applications, cloud services, and devices by employees without the knowledge or approval of the IT or security team.

DLPData Loss Prevention

A set of technologies that detect and prevent unauthorized transmission of sensitive data by inspecting content at rest, in motion, and in use against predefined and custom data patterns.

SWGSecure Web Gateway

A cloud or on-premises proxy that inspects all web-bound traffic for malware, enforces URL filtering policies, and prevents data exfiltration over HTTP/HTTPS.

API Security

The practice of protecting application programming interfaces from abuse, unauthorized access, and data exposure, covering authentication, rate limiting, schema validation, and runtime threat detection.

Get the next guide in your inbox

One email per publish. Unsubscribe anytime.

ShareLinkedIn X

Was this helpful?

← Previous

API Security

Next →

Cloud-Native Architecture

Glossary

What is CASB?

Cloud Access Security Broker

A security control point between users and SaaS applications that provides visibility into shadow IT, enforces data protection policies, and detects threats across cloud services.

See also

CSA Cloud Controls MatrixGartner Magic Quadrant for CASB/SSE

Related on sase.cloud

CASB Component Deep Dive →Shadow IT Discovery with CASB →

Related terms

SSESecurity Service Edge

The security half of SASE, delivering SWG, CASB, ZTNA, and DLP as cloud-delivered services without the SD-WAN networking component.

Shadow IT

The use of unsanctioned applications, cloud services, and devices by employees without the knowledge or approval of the IT or security team.

DLPData Loss Prevention

A set of technologies that detect and prevent unauthorized transmission of sensitive data by inspecting content at rest, in motion, and in use against predefined and custom data patterns.

SWGSecure Web Gateway

A cloud or on-premises proxy that inspects all web-bound traffic for malware, enforces URL filtering policies, and prevents data exfiltration over HTTP/HTTPS.

API Security

Get the next guide in your inbox

One email per publish. Unsubscribe anytime.

ShareLinkedIn X

Was this helpful?

← Previous

API Security

Next →

Cloud-Native Architecture