Auditing CASBs

Cloud computing continues to rise in popularity due to its ability to cut costs, downsize data centers, personalize service coverage from cloud service providers (CSPs) and provision faster. Despite all these positives, it can be challenging to configure security correctly and manage identity and access. Cloud Security Access Brokers (CASBs) can help enterprises implement these considerations. As such, ISACA has released the Cloud Access Security Broker (CASB) Audit Program to help your enterprise audit its cloud computing implementation, and it includes instructions on how to audit:

• General administration—Service level agreements (SLAs), audit reporting and compliance
• Identity and access management—User management, privileged access and data access
• Configuration—Deployment (gateway, log collection and inline)
• Security—Vulnerability management, asset protection and physical security (data center)
• Program management—Change management and data loss prevention (DLP)

Conducting a formal assessment of the enterprise’s cloud technology and CASBs allows auditors to assess the management practices of CSP vendors while also ensuring the safe implementation of the enterprise’s cloud computing solution.
To download this audit program, visit the Cloud Access Security Broker (CASB) Audit Program page of the ISACA website.