Six years ago, when cloud security was in its nascent stage, Skyhigh was building what was to become the first ever cloud access security broker (CASB). One year later Gartner started to create the framework for defining CASB technology as a standalone security category. Fast forward six years, and Gartner names (for the second year in row) CASB as one of the top technologies for security in 2017.
The ascendance of CASB as a critical security technology was on full display at this year’s Gartner Security & Risk Management Summit. CASB’s presence was more prominent than ever before, with Gartner calling it a must-have enterprise security technology and predicting that by 2020, 85% of enterprises will be using a CASB.
By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures..
–CASB Platforms Deliver the Best Features and Performance, Craig Lawson, Neil MacDonald, Sid Deshpande, Brian Reed, Steve Riley
Gartner, for their part, have released several reports over the last few years analyzing the CASB market. But if you are one of those waiting for the CASB Magic Quadrant (MQ), you will likely see the inaugural CASB MQ get published in Q4 of 2017.
What to expect from CASB Magic Quadrant
Like other MQs before it, the CASB MQ will evaluate vendors across two primary dimensions: ability to execute, and completeness of vision. Each vendor will then be placed within one of the following four familiar quadrants:
Gartner defines each quadrant as such:
Leaders execute well against their current vision and are well positioned for tomorrow.
Visionaries understand where the market is going or have a vision for changing market rules, but do not yet execute well.
Niche Players focus successfully on a small segment, or are unfocused and do not out-innovate or outperform others.
Challengers execute well today or may dominate a large segment, but do not demonstrate an understanding of market direction.
In their previous CASB reports, Gartner has recommended that security leaders analyze the use cases they’re trying address when selecting a CASB, and perform a side-by-side proof-of-concept (POC) to ensure the vendor can deliver on their promise
Vendors that are pure-play CASBs are often the ones with the broadest range of capabilities, support several SaaS applications, and offer a more complete solution not found in point solutions, “CASB as a feature” solutions, or in the built in security capabilities of the cloud service provider.
Given their sole focus on cloud security, pure-play CASBs are able to dictate the future of the market, rapidly innovate on existing capabilities, and execute their vision more completely. Gartner underscored this in their latest report (download a copy here) when they said:
Based on Gartner client inquiry and market modeling, we believe that 90% or more of revenue is coming from the leading CASB platform providers and we are not seeing any developments to indicate that we need to change this analysis.