What is a CASB (Cloud Access Security Broker)?

Q: What is a CASB (Cloud Access Security Broker)?

A CASB is a security policy enforcement point between cloud users and cloud services to provide visibility and control.

D3 · Architecture · CompTIA Security+ SY0-701

A CASB (Cloud Access Security Broker) is a security enforcement point — on-premises or cloud-hosted — that sits between cloud service users and cloud applications to monitor activity, enforce security policies, and protect data.

CASB capabilities: visibility (shadow IT discovery), data security (DLP for cloud), threat protection (malware detection), compliance (enforce policies for GDPR, HIPAA).

Deployment: API-based (post-session, uses cloud APIs) or proxy-based (inline, real-time).

CASB solves the problem of employees using unsanctioned cloud apps (shadow IT). It provides DLP for cloud data, enforces access policies, and detects compromised accounts. Think of it as a firewall/DLP for cloud services. Key for GDPR/HIPAA cloud compliance.

← Back to Glossary Practice Questions →

What is a CASB (Cloud Access Security Broker)?

// Related Terms