Cloud access security brokers (CASBs) are on-premises or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. For example, Zscaler (www.zscaler.com) is an exemplary CASB. CASBs act as a control point and generally offer a range of capabilities including encryption, auditing, data loss prevention (DLP), access control, and anomaly detection. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention, data leakage prevention, and so on. There has been an explosion in the past couple years of enterprise cloud apps used in the enterprise. These new services are run on hardware owned by the provider, removing the responsibility for IT to manage and provide the infrastructure to run an application. This does not remove the responsibility for IT to ensure the security and compliance of the company's data, however. To meet security and privacy requirements, IT needs greater visibility and control of enterprise data in the cloud that is accessed using unmanaged devices.
Current techniques have the ability to detect usage of cloud applications (e.g., salesforce.com, box.com, Office365, etc.) through a proxy server. However, these techniques do not provide granular controls on application usage and cannot force the user to access the cloud application through the proxy server. In order to provide granular controls and enforce access through a proxy server for the cloud applications, a new mechanism for authentication and authorization is necessary.