Cloud Access Security Broker
Cloudflare's API-driven Cloud Access Security Broker (CASB) integrates with SaaS applications and cloud environments to scan for misconfigurations, unauthorized user activity, shadow IT, and other data security issues that can occur after a user has successfully logged in.
When you integrate a third-party SaaS application or cloud environment with Cloudflare CASB, you allow CASB to make API calls to its endpoint and read relevant data on your behalf. The CASB integration permissions are read-only and follow the least privileged model. In other words, only the minimum access required to perform a scan is granted.
Before you can integrate a SaaS application or cloud environment with CASB, your account with that integration must meet certain requirements. Refer to the SaaS application or cloud environment's integration guide to learn more about the prerequisites and permissions.
- In Zero Trust ↗, go to CASB > Integrations.
- Select Connect an integration or Add integration.
- Browse the available integrations and select the application you would like to add.
- Follow the step-by-step integration instructions in the UI.
- To run your first scan, select Save integration.
After the first scan, CASB will automatically scan your SaaS application or cloud environment on a frequent basis to keep up with any changes. Scan intervals will vary due to each application having their own set of requirements, but the frequency is typically between every 1 hour and every 24 hours.
Once CASB detects at least one finding, you can view and manage your findings.
- In Zero Trust ↗, go to CASB > Integrations.
- Find the integration you would like to pause and select Manage.
- To stop scanning the application, turn off Scan findings.
You can resume CASB scanning at any time by turning on Scan findings.
- In Zero Trust ↗, go to CASB > Integrations.
- Find the integration you would like to delete and select Manage.
- Select Delete.