What is CASB (Cloud Access Security Broker)? Definition & Explanation
A Cloud Access Security Broker (CASB) is a security policy enforcement point between cloud-service users and cloud applications. It provides visibility, data protection, threat prevention, and compliance for SaaS, PaaS, and IaaS workloads — typically deployed inline as a forward proxy, reverse proxy, or via API integrations.
In-Depth Explanation
CASBs emerged around 2012 to address the explosion of unsanctioned SaaS adoption ("shadow IT") and have evolved into a core pillar of the SASE (Secure Access Service Edge) architecture. The four CASB pillars (per Gartner) are visibility (discover all SaaS in use), compliance (enforce policy across regulated data), data security (DLP for cloud), and threat protection (UEBA, malware scanning, anomaly detection). Major vendors include Microsoft Defender for Cloud Apps, Netskope, Zscaler CASB, Palo Alto Prisma SaaS, and Skyhigh Security. Modern CASBs increasingly converge with Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and Data Loss Prevention (DLP) into unified SASE platforms. Deployment modes include API-mode (out-of-band, scans existing data in Salesforce, Office 365, Box) and inline-mode (forward proxy with PAC files or unified agent, reverse proxy for unmanaged BYOD).
Why It Matters for Security
Enterprises now use 1,000+ SaaS applications on average per organization (per Productiv's 2025 SaaS Management Index), and most are not sanctioned by IT. CASBs give security teams visibility and control over data flowing into and out of those apps without forcing employees back to a centralized network. Without a CASB, organizations cannot enforce DLP, prevent OAuth grant abuse, or detect compromised SaaS accounts.
Related Tools
- Valence SaaS Security
SaaS security platform remediating risks from cross-SaaS integrations and identity misconfigurations
- Wiz
Agentless cloud security with AI-SPM. Full CNAPP: CSPM, CWPP, CIEM, DSPM.
- Wiz Cloud Security
Agentless cloud security platform providing full-stack visibility and risk prioritization across AWS Azure and GCP
Frequently Asked Questions
What does CASB (Cloud Access Security Broker) mean in cybersecurity?
A CASB (Cloud Access Security Broker) in cybersecurity is a security gateway that sits between users and cloud services to enforce security policies, provide visibility into shadow IT, prevent data loss, and detect threats targeting SaaS, IaaS, and PaaS environments.
Why is CASB (Cloud Access Security Broker) important?
CASBs matter because the modern enterprise runs on hundreds or thousands of SaaS apps, most of which IT did not officially sanction. Without a CASB, security teams have no visibility into where data is going, who is accessing it, or whether OAuth grants and account takeovers are occurring.