As enterprise adoption of cloud services and BYOD programs expand, enterprises are increasingly looking to cloud access security brokers (CASBs) to secure their access of cloud services. That’s according to Gartner’s latest guide on the CASB market (download a complimentary copy here). The report describes trends in enterprise cloud adoption as well as the key capabilities and deployment architectures of CASB. It also provides a list of 12 CASB vendors and offers seven things to look for when evaluating a CASB. Gartner predicts that by 2020, 85% of enterprises will use a CASB.
[CASB] has quickly become a compelling cloud security control platform for organizations of all sizes adopting cloud services.
– Market Guide for Cloud Access Security Brokers, Craig Lawson,
Neil MacDonald, Brian Lowans, Brian Reed, October 24, 2016
According to Gartner, CASB is a distinct and differentiated market from existing security categories such as identity as a service (IDaaS), web application firewalls (WAFs), secure web gateways (SWGs) and enterprise firewalls. In other words, it is a market, not a feature. The report describes how a CASB can integrate with existing security solutions so that enterprises leverage a uniform set of security and compliance policies across both on-premises and cloud environments. The firm defines four key areas of functionality for CASB, and notes that all four are equally important: visibility, compliance, data security, and threat protection.
- Visibility – discover shadow IT cloud services and gain visibility into user activity within sanctioned apps
- Compliance – identify sensitive data in the cloud and enforce DLP policies to meet data residency and compliance requirements
- Data security – enforce data-centric security such as encryption, tokenization, and information rights management
- Threat protection – detect and respond to insider threats, privileged user threats, compromised accounts
The enforcement point between the network and internet is clear: it’s at the network edge. In the cloud era, there is not a single enforcement point that covers all CASB functionality and access scenarios. CASBs leverage forward proxy, reverse proxy, and API modes of deployment to gain visibility into and enforce policies across cloud services, and each has its own set of functionality and coverage. Gartner refers to CASB solutions that support both proxy and API modes as multimode CASBs and notes that “they give their customers a wider range of choices in how they can control a larger set of cloud applications.”
Another consideration when deploying a CASB is where to deploy: on-premises or in the cloud. Gartner notes that “the SaaS form factor is appreciably more popular than the on-premises ‘flavors’ of this technology, and it is increasingly the preferred option for most use cases.” To read more about Gartner’s view of the market, including a list of 12 CASB vendors, 13 recommendations for IT security leaders in the context of cloud security, and seven criteria to consider when evaluating a CASB, download a complimentary copy of the report here.