Glossary term
CASB
Also: Cloud Access Security Broker
Security layer between users and SaaS providing visibility (shadow IT discovery), data protection (DLP), compliance, and threat protection across SaaS apps. Four functions per Gartner: visibility, compliance, data security, threat protection.
Deployment models: API-based (out-of-band, most common), forward proxy (inline via agent or PAC), reverse proxy (inline via identity federation). Modern implementations usually combine API and inline.
Market leaders: Netskope, Microsoft Defender for Cloud Apps, Zscaler, Forcepoint, Lookout, Palo Alto. CASB is increasingly part of an SSE/SASE platform.
Audit cases: shadow IT discovery is often the entry use case. Then the use case moves to SaaS DLP, sharing controls, OAuth grant governance, external login detection.
Related terms
SSE
Subset of SASE without SD-WAN. Bundles SWG, CASB, ZTNA and (increasingly) DLP/RBI in a cloud platfor…
SASE
Gartner architecture category combining network (SD-WAN) and security functions (SWG, CASB, ZTNA, FW…
DLP
Software category for detecting and preventing unauthorised data outflow. Operates on endpoints, net…
SSPM
Software category for reviewing SaaS configurations (Microsoft 365, Salesforce, Google Workspace, Sl…
CNAPP
Gartner platform category that combines CSPM, CWPP, CIEM, KSPM, DSPM and IaC scanning into one tool.…
Compliance mapping
The explicit link between a decision (vendor, architecture, control) and the specific regulatory art…
Confidential Computing
Hardware-based isolation that keeps data encrypted during processing (data-in-use). Complements encr…
Critical ICT Third-Party Provider (CTPP)
ICT third-party provider designated critical by the European Commission under DORA Art. 31, falling …