When it comes down to it, authorization (access control) mechanisms are the most important protection for data in most cloud apps (SaaS & IaaS). CASBs do a great job in service discovery and high level protections (somewhat like a firewall in the traditional sense) but when it comes down to the actual in-app actions (endpoint security? ;P) they are understandably lacking because this is not their focus. The likelihood that an attacker will login, with valid credentials and from a valid looking device, to your cloud app is approx. 100% – at which point the CASB is almost rendered irrelevant. The one thing that should protect you in this situation are the different cloud app providers’ access control mechanisms which you should manage based on the “shared responsibility model”. So these mechanisms should make sense and management should be easy, … right? ๐
In this talk I will aim to share results from my ongoing research on cloud apps access control mechanisms:
