The cloud access security brokers (CASB) is a very important technology to consider as you architect your cloud infrastructure. In fact, it will be very difficult to get an on-premises level of security, visibility, and security operations center integration into your cloud implementation without a tool like a CASB.

Many cloud service providers do not build the tools that you would wish for as an information security professional to manage the information security of the cloud environment. However, what many of the cloud service providers do is expose APIs that a third party can use to wrap the cloud solution in a layer of information security protections. These third-party vendors can use the cloud service provider APIs to:

• Control access to cloud resources
• Implement DLP functionality as part of the CASB
• Integrate with on-premises DLP systems
• Integrate behavioral analytics to detect unusual user behavior
• Many CASBs include on-premises components to detect shadow IT cloud usage
• Integrate with on-premises information security tools and the security operations center

Cloud service provider API exposure should be another one of your purchasing criteria when you are looking for a new cloud solution to add to your cloud architecture. If the cloud service provider does not expose these APIs, move on to a vendor that does if it all possible.