Where CASBs Miss The Mark: Securing IaaS/PaaS and the Apps you Build You have a plan. You’ve enumerated your top SaaS apps that need added security and you’ve decided it’s time to invest in…

Where CASBs Miss The Mark: Securing IaaS/PaaS and the Apps you Build

Russell Miller

Russell Miller has spent over nine years in network security in various roles, from ethical hacking to marketing. As Director of Product Marketing at CloudLock, he evangelizes cloud security as a business enabler.


You have a plan. You’ve enumerated your top SaaS apps that need added security and you’ve decided it’s time to invest in a cybersecurity solution such as a Cloud Access Security Broker (CASB). At the same time, you have the nagging feeling that you’re missing something…

That something is your custom apps. Organizations are re-evaluating their entire application portfolios and “cloudifying” traditionally internal apps. This trend is so strong that Amazon Web Services (AWS) is poised to become a $10 Billion business, having $2.5B in revenue in Q1 2016.

So what exactly are organizations putting on cloud infrastructure? In many cases, it’s applications that have been hosted on-premises for years or even decades: mission-critical apps that store and process an organization’s most sensitive data on customers and employees, as well as intellectual property and financials. These apps power both critical internal processes and the customer-facing services that drive business.

Re-think Security for IaaS/PaaS

Moving homegrown apps to the cloud requires a dramatic shift in security mindset. While IaaS vendors such as Amazon are responsible for securing the infrastructure, security is inherently a shared responsibility.

For apps hosted in an IaaS or PaaS environment, organizations no longer need to focus on the security of the infrastructure itself, but need to target user behavior and data exposures. In addition, organizations are building new apps faster than ever, and are often forced to make a choice: release apps without appropriate security or delay product launches.

In many cases, the apps organizations build are the most business-critical and store or process highly-sensitive data. Organizations building those custom apps need to be able to defend against compromised accounts, prevent data breaches, achieve compliance, and enable security operations and forensics.

The CloudLock Approach to IaaS and PaaS Security

Create a new S3 bucket? It’s protected automatically. Download a new app from the AWS Marketplace? We can see it. Write a new application from scratch and host it on AWS? We can protect it without requiring you to write a single line of code.

CloudLock’s support for IaaS and PaaS security is a natural extension of our cloud-native, Platform approach. The CloudLock Security Fabric is itself a collection of API-based microservices, including User and Entity Behavior Analytics and Cloud DLP. CloudLock’s microservices can be accessed by any application on any platform – whether an on-premises server or an IaaS/PaaS environment, such as AWS.
What makes CloudLock’s IaaS and PaaS security unique is that we can provide it completely codelessly. Cloud infrastructure platforms are dynamic. Complicated proxies, configurations, and application and resource lists aren’t going to cut it. Security needs to just work and this is what you get from the CloudLock CyberDev Platform. You can learn more here.

CTA- Datasheet-DAvops

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser