Last week Gartner published its list of the top 10 information security technologies of 2016. The number one technology on the list is cloud access security broker (CASB). This isn’t the first time CASB has appeared on Gartner’s top 10 list and this year’s ranking shouldn’t be too surprising considering that the analyst firm has predicted that by 2020, 85% of large enterprises will use a CASB to secure their cloud services. In its latest research on the CASB space (access the report at no cost here), Gartner outlines evaluation criteria when procuring a CASB and how to implement a CASB within your organization.
Cloud access security brokers (CASBs) provide information security professionals with a critical control point for the secure and compliant use of cloud services across multiple cloud providers.
– Gartner, How to Evaluate and Operate a Cloud Access Security Broker,
Neil MacDonald, Craig Lawson, December 8, 2015
Enterprises are rapidly adopting cloud services and as more corporate data moves to the cloud, they are in need of visibility and control over their data. Analyst firm IDC predicts that spending on public cloud services will double from $70 billion in 2015 to more than $141 billion in 2019 and a Morgan Stanley forecast predicts that by 2018, 30% of Microsoft’s revenue will be from cloud products. With that much revenue on the line, cloud providers are making significant investments in security, making it more likely that a security incident in the cloud will not be the result of an intrusion in a cloud provider’s platform, but rather due to how it is used. Last year, Gartner estimated that 95% of cloud security failures will be the customer’s fault.
That may be why Gartner ranked user and entity behavior analytics (UEBA) fourth on its 2016 list of the top security technology. UEBA technology leverages machine learning to analyze activity and detect unusual patterns that indicate users or malware are exfiltrating data. While there are standalone technology providers, UEBA is increasingly offered as a feature in security platforms such as CASBs. When included as part of a CASB, UEBA can be used to detect when a salesperson downloads an unusual volume of sales contacts before quitting to join a competitor, or when an administrator’s account credentials have been compromised.
The top 10 list this year includes:
- Cloud Access Security Brokers
- Endpoint Detection and Response
- Nonsignature Approaches for Endpoint Prevention
- User and Entity Behavioral Analytics
- Microsegmentation and Flow Visibility
- Security Testing for DevOps
- Intelligence-Driven Security Operations Center Orchestration Solutions
- Remote Browser
- Pervasive Trust Services
For a complete look at Gartner’s top 10 security technologies of 2016, visit their blog.