Which term best describes a security tool that provides visibility and protection for cloud usage, including data and threat protection?

The concept here is a tool that provides both visibility into cloud usage and protection for data and threats across cloud services, which is a Cloud Access Security Broker. A CASB sits between users and cloud apps, giving you visibility into what cloud services are in use (including shadow IT), who’s using them, and how they’re being used, while also enforcing security policies across SaaS, PaaS, and IaaS. It protects data with data loss prevention, encryption or tokenization, and access/sharing controls, ensuring that sensitive information remains governed even when it moves to the cloud. It also offers threat protection features like anomaly detection, risk scoring of user activity, and the ability to respond to suspicious or compromised accounts by enforcing policy or revoking access. Other options don’t provide both the cloud-focused visibility and the data/threat protection across multiple cloud services. An on-premise firewall handles network boundaries but not cloud-specific usage visibility or cloud data protection policies; a SIEM collects and analyzes logs for detection but doesn’t enforce protections in cloud apps; an IDS monitors network traffic for intrusions but also doesn’t manage cloud usage governance.