In today’s world of hybrid cloud infrastructures using both on-premise resources as well as public cloud Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS), the security boundary lines are being blurred for organizations taking advantage of public cloud resources. While hosting infrastructure both on-premise and in the public cloud, organizations have to address security concerns as well as enforce compliance of on-premise network security policies with infrastructure that lives in the cloud. Cloud Access Security Brokers or CASBs are often used to sit between on-premise infrastructure and cloud infrastructure and enforce enterprise security policies. There are many different implementations and types of CASBs. Two different approaches to implementing CASBs involve using API based CASBs and also Firewall/proxy based CASBs. What are the differences between the two? Which is the more scalable, modern solution? Let’s take a closer look at CASBs in general as well as look at these different implementations.