What is a cloud access security broker (CASB)?

A cloud access security broker , also known as a CASB , is a cloud-delivered cybersecurity service that ensures the safe use of cloud computing applications and services to prevent accidental (or intentional) leakage of sensitive data, malware infection, regulatory noncompliance, and lack of visibility. It secures cloud applications, whether they are hosted in public clouds (IaaS), private clouds, or as software-as-a-service (SaaS) applications. In the beginning, the most common use case for CASBs was to expose the use of shadow IT—unsanctioned applications being used without the IT team’s knowledge and approval. Learn more .

Secure your
cloud apps with integrated CASB

Q: How Does Zscaler Achieve SaaS Security with CASB?

Zscaler’s multimode Cloud Access Security Broker ( CASB ) secures cloud data in motion (via proxy) and at rest (via APIs). Admins simply configure one automated policy that delivers consistent security across all cloud data channels, reducing their management burden. Zscaler CASB is part of the comprehensive Zero Trust Exchange (with SWG, ZTNA, and more), so customers can avoid point products, reduce IT complexity, and inspect traffic only once. Explore how Zscaler works with CASB vendors. Read more .

Protect data, stop threats, and
ensure compliance across your
SaaS and IaaS

Get the Gartner Market Guide

Learn about data protection

Data Protection Transformed: Launching new innovations that revolutionize Data Protection.

Reserve Your Spot

WHAT WE DO

Achieve SaaS security with Zscaler CASB

Legacy appliances are not built for securing cloud applications, and native SaaS protections lack the needed sophistication.

Fortunately, Zscaler’s multimode cloud access security broker (CASB) secures cloud data in motion (via proxy) and at rest (via APIs). Admins simply configure one automated policy that delivers consistent security across all cloud data channels, reducing their management burden.

Zscaler CASB is part of the comprehensive Zero Trust Exchange (with SWG, ZTNA, and more), so customers can avoid point products, reduce IT complexity, and inspect traffic only once. Explore how Zscaler works with CASB vendors.

diagram illustrating zscaler CASB as part of the comprehensive zero trust exchange

What can Zscaler CASB do for you?

Zscaler CASB secures SaaS like Microsoft 365 and Salesforce, and IaaS offerings like AWS S3. This is crucial as unsecured cloud resources can enable data leakage, malware proliferation, loss of visibility, and noncompliance. Zscaler provides:

Granular data protection

Data protection policies apply consistently across cloud apps to stop accidental or risky file shares, and to halt malicious internal threats like intellectual property theft.

Complete threat protection

Threat protection with cloud sandboxing is refined by 200B transactions and 150M threats identified daily, enabling automatic remediation of zero-day malware.

Comprehensive visibility

Integrated visibility and thorough reporting across all SaaS apps and IaaS platforms deliver consolidated ease of use, enhanced intelligence, and the ability to enable audit.

Unified compliance

A single offering provides visibility into compliance and mitigates violations across SaaS apps and cloud service providers, ensuring adherence to laws and regulations.

Discover our latest insights

Zscaler saves organizations $2.1 million annually

New IDC report highlights the value of Zscaler Data Protection

Get the report

HOW IT’S DONE

Inline security for data in motion

As a proven inline security vendor, Zscaler delivers high-performance forward proxy and SSL inspection with critical real-time protections.

Discover shadow IT and risky apps across a comprehensive cloud app database
DLP measures prevent uploads of sensitive data to sanctioned and even unsanctioned apps
Real-time advanced threat protection leverages ML-powered cloud sandbox to stop known and unknown malware
Cloud Browser Isolation streams sessions as pixels for BYOD to prevent data leakage without reverse proxy headaches

Inline data protection demo

See how Zscaler inline CASB controls cloud apps,
finds shadow IT, and restores data compliance in
the cloud.

Out-of-band data protection demo

See how Zscaler out-of-band CASB prevents data
exposure and identifies compliance violations for
SaaS like Microsoft 365.

HOW IT’S DONE

Out-of-band security for data at rest

Zscaler leverages API integrations to scan SaaS apps, cloud platforms, and their contents, automatically enhancing enterprise security.

Predefined and customizable DLP dictionaries identify sensitive data within SaaS and public clouds like AWS
Collaboration management functionality crawls apps for risky file shares and revokes them according to policy
Cloud sandbox technology scans data at rest to identify and respond to zero-day malware and ransomware
SSPM, CSPM, and CIEM evaluate SaaS and IaaS configurations and permissions to remediate issues automatically

Zscaler CASB secures cloud apps with tenancy restrictions, SSPM, and more.

Zscaler CASB secures cloud apps with tenancy restrictions, SSPM, UEBA and more

See Zscaler CASB in action and learn how it can solve all of your cloud security use cases.

See the demos

Why Guild Mortgage Chose Zscaler™ for its Cloud-Based Security Solution

“Looking at the latest and greatest stuff on CASB, we really like where Zscaler is going with this, so we’re very interested in continuing down that road to build out our data protection program.”

Jason Thompson, IT Security Manager, Guild Mortgage

Read the case study

Unsecured use of Amazon S3 can enable data loss and malware infection.

The Zscaler CASB is complete with granular data loss prevention and advanced threat protection to address these challenges. To see it in action, watch the demo.

Your world, secured

Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

The Zscaler Difference

Zero Trust Fundamentals

Secure Your Users

Secure Your Workloads

Secure Your IoT and OT

Products

Solution Areas

Zero Trust Exchange Platform

Transform with Zero Trust Architecture

Secure Your Business Goals

Learn, connect, and get support.

Amplifying the voices of real-world digital and zero trust pioneers

Resource Center

Events & Trainings

Security Research & Services

Tools

Community & Support

Industry & Market Solutions

About Zscaler

Partners

News & Announcements

Leadership Team

Partner Integrations

Investor Relations

Environmental, Social & Governance

Careers

Press Center

Compliance

Zenith Ventures

Secure your cloud apps with integrated CASB

Protect data, stop threats, and ensure compliance across your SaaS and IaaS

Data Protection Transformed: Launching new innovations that revolutionize Data Protection.

WHAT WE DO

Achieve SaaS security with Zscaler CASB

What can Zscaler CASB do for you?

Granular data protection

Complete threat protection

Comprehensive visibility

Unified compliance

Zscaler saves organizations $2.1 million annually

HOW IT’S DONE

Inline security for data in motion

Inline data protection demo

Out-of-band data protection demo

HOW IT’S DONE

Out-of-band security for data at rest

Zscaler CASB secures cloud apps with tenancy restrictions, SSPM, UEBA and more

“Looking at the latest and greatest stuff on CASB, we really like where Zscaler is going with this, so we’re very interested in continuing down that road to build out our data protection program.”

Unsecured use of Amazon S3 can enable data loss and malware infection.

Suggested resources

INDUSTRY REPORT

Achieving Comprehensive Cloud Security with Zscaler Data Protection

EBOOK

The Top CASB Use Cases

DATA SHEET

Zscaler CASB Benefits

WHITE PAPER

Overcome the Top Five Data Protection Challenges

WEBINAR

SANS: Achieving Comprehensive Cloud Data Protection with Zscaler

MARKET GUIDE

Gartner Market Guide for Data Loss Prevention

Secure your
cloud apps with integrated CASB

Protect data, stop threats, and
ensure compliance across your
SaaS and IaaS