A cloud access security broker (CASB) is an on-prem or cloud-based security "checkpoint" between the cloud provider and the consumer's infrastructure. The goal of a CASB is to enforce security policies (such as two-factor authentication, single sign-on, credential mapping, device profiling, encryption, malware prevention, etc.) whenever someone accesses cloud data or resources.
Companies use CASBs to counter cloud-related risks, enforce custom security policies, and comply with relevant regulations. A business can set up and run a CASB on an in-house level or outsource the task to a third-party security specialist.