SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

What is a Cloud Access Security Broker?

A Cloud Access Security Broker (CASB) is an intermediary security policy enforcement point between cloud consumers (users, devices) and cloud providers. In today’s digital economy, where conducting business increasingly shifts to the cloud, a CASB extends an organizations’ enterprise security policy umbrella to cover cloud resources as well as the transactions and data exposed when users access those resources.

CASB is a critical component of your overall Secure Access Service Edge (SASE) strategy. CASB protects users and devices—including unmanaged devices such as personal smartphones and laptops, or IoT devices—on a granular and per-transaction level when accessing cloud applications or data from any location.

Why Was CASB Developed?

Traditional security services secured the perimeter of the enterprise network and focused on on-premises users, access and data storage. Security gaps resulted when the network perimeter dissolved as enterprises moved applications, data access and data storage to the cloud. CASB developed new cloud-focused products and services, deployed on-premises or in the cloud, to address these new security exposures in an organization’s use of cloud services.

CASB enables secure access to cloud services from users both within and outside the traditional enterprise perimeter, supports secure cloud-to-cloud access, enables secure work-from-anywhere, secures cloud access from unmanaged personal devices, and extends security across software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) environments. CASB protects organizational data in transit and at rest in the cloud.

How Does a CASB Work?

CASB products and services provide visibility and control over data and threats in the cloud to meet enterprise security and regulatory requirements. A full-featured CASB solution helps you:

  • Discover a list of cloud services accessed by your user community, as well as insight into who is accessing them.
  • Determine a risk level associated with each cloud application by analyzing the application and the data used and shared within it.
  • Enforce enterprise security policies based on risk levels, and prevent violations.
  • Implement additional protection such as malware prevention and data encryption.

The four core functionality areas of a CASB include:

  • Visibility: Discover cloud services in use; discover who is using these cloud services; provide financial insights in cloud spending, possible redundancies and license costs.
  • Compliance: Preserve, improve and report on regulatory compliance when applications and data move to the cloud.
  • Data Security: In concert with sophisticated cloud DLP detection mechanisms, data at rest and in motion are protected through methods such as encryption.
  • Threat Protection: Protect your organization from malware and other threats entering the enterprise via cloud applications and access.

CASB delivers five critical security capabilities: cloud application discovery, data security, adaptive access control, malware detection, and user and entity behavior analytics.

Benefits of CASB

There are numerous security and management benefits to deploying a CASB product or service for your organization:

  • A central location for consistent policy and governance across multiple cloud services for both users and devices (including BYOD).
  • Granular visibility into, and control over, user activities, applications, sensitive data, and SaaS activity.
  • Enables secure workforce mobility.
  • Monitors and governs use of cloud applications such as Office 365.
  • Enables businesses to take a granular approach to sensitive data protection. compliance and policy enforcement—making it possible to safely utilize time-saving, productivity-enhancing, and cost-effective cloud services.
  • Protects all device access to SaaS applications as the industry moves away from traditional devices and device management practices to accommodate BYOD.
  • Inspects and provides analytics on data, application, and user behavior in cloud services, including the presence of unsanctioned employee cloud use and shadow IT.
  • Integrates with an enterprise’s existing identity provider, security information and event management (SIEM) tool, and unified endpoint management (UEM) product.
  • Encrypt or tokenize sensitive content to enforce privacy.
  • Detect and block unusual behavior indicative of malicious activity.
  • Integrate cloud visibility and controls with existing security solutions.
  • Operate in a multi-tenant cloud environment.
  • Distinguish between corporate and personal instances of cloud services and provide the ability to limit or block the exchange of data between them.

How to Deploy CASB

CASBs can be either on-premises, colocated, or public cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to inject enterprise security policies as the cloud-based data or applications are accessed. A CASB can optionally operate as a virtual or physical appliance.

Deploying the right CASB architecture for your organization’s needs is critical to enable the use of all the features and use cases that you envision. Some features are available only in specific deployment models. When evaluating a CASB, confirm that the vendor and the solution support the deployment models you need. Enterprises often combine multiple deployment models to achieve complete coverage of their needs.

There are two primary modes of operation of a CASB:


The CASB does not sit in the traffic path between user and cloud, or cloud-to-cloud. The CASB monitors and logs activity, and may inject policy actions (such as allow, deny, delete, challenge permission) via API access.

While out-of-band CASB solutions can monitor and report on events and activity, they have no visibility into the content of the interactions.


These CASB solutions use a proxy mode that terminates/re-originates the traffic between the user and the cloud, or cloud-to-cloud. The CASB can be deployed as either a Reverse Proxy (close to the cloud), or a Forward Proxy (close to the user).

Inline CASB solutions can monitor and report, as well as make all policy decisions, and also have full visibility into (and the capability to decrypt and/or intercept) the content of the interactions.

Multimode CASB providers are those who offer a combination of an API and an in-line mode of operation. While some of the most prominent cloud application and service providers publish public APIs, most SaaS applications do not offer this, necessitating a CASB solution with at least one inline capability.

Is CASB the Right Choice for Your Organization?

As services previously offered on-premises continue to migrate to the cloud, maintaining visibility and control in these environments is essential to meeting compliance requirements, safeguarding your enterprise from attack, and allowing your employees to safely use cloud services without introducing additional high risk to your enterprise.

Versa offers cloud-hosted security as a service as part of the SASE portfolio in both on-premises and provider-based models. These services provide a global footprint of locations where the CASB software nodes are deployed. Enterprises can use the nearest or most convenient point of presence (POP) as an on-ramp to high-speed and secure network and application access to their cloud infrastructure.

Additional Resources

CASB forms an integral part of Versa’s SASE solution, including gateways and cloud-hosted deployment models. SASE components and technologies aligned with CASB include:

Free eBook

For Dummies

Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.