The cloud access security broker (CASB) market is about to embark on its fifth year. Back in 2012, there were very few companies offering a security solution that would come to be known as a CASB. Fast forward five years and you find both established IT security vendors as well as startups offering some form of a CASB solution. Yet, despite the rapid adoption of CASB technology at enterprises, the CASB market is still in its infancy. According to Gartner “by 2020, 85% of large enterprises will use a cloud access security broker platform for their cloud services, which is up from less than 5% today.”
Why would 85% of enterprises need a CASB? Let’s look at the numbers to understand why CASB is critical to an enterprise’s security stack.
262 – Percent growth in average number of cloud services in use per enterprise in the past 3 years
Three years ago, the average enterprise had 545 unique cloud services in use. Today, that number has ballooned to 1,427. Without a CASB, it’s impossible for an enterprise to accurately identify the cloud services employees are using. In fact, one of the core capability of a mature CASB is to provide granular visibility into both the breadth and depth of enterprise cloud usage.
It’s not just about the sheer number of cloud services that a CASB can shed light on. CASBs can also show what kind of risk the use of each cloud service poses. Skyhigh’s CASB platform, for example, tracks over 20,000 cloud services with a 1-10 risk rating across 50 security attributes, including things like whether the cloud service encrypts data at rest or in transit, the service’s data retention policy, etc.
18.1 – Percent of files that contain sensitive data stored in cloud services
Historically, enterprises have hesitated to move away from their on-premises software and purchase a cloud-based equivalent due security concerns. They didn’t feel confident that the security controls cloud service providers offer are on par with what an enterprise can achieve on their own. Today, however, enterprise-ready cloud service security capabilities match or exceed the on-premises alternative.
It’s not surprising, then, that 18.1% of files stored in cloud services are sensitive and include things like financial records, business plans, source code, Social Security numbers, tax ID numbers, etc. Clearly enterprises trust in cloud security is on an upswing. However, a cloud service provider has little control over how its service will be used by its customers.
While Microsoft can ensure that Office 365 is packed with abundant security capabilities, it can’t guarantee that the service will be used in a secure way by Microsoft customers. Gartner put it aptly when they said “through 2020, 95% of cloud security failures will be the customer’s fault.” Sensitive files stored in a cloud service are one click away from being shared in a non-compliant manner. These files can and do face myriad threats, both internal and external, as evidenced by the fact that the average enterprise faces 23.2 cloud-related threats each month.
A mature CASB will not only detect threats facing files in a cloud service, it will also take remediation action to protect corporate data. Employees sharing sensitive data externally? Stopped. Users downloading sensitive data to BYOD devices? Prevented. Compromised account threat? Mitigated. Negligent or malicious insider threat? Nullified. Privileged user threat? Neutralized.
8.7 – Percent of cloud services that commit to not share data with third parties
CASBs can identify these cloud services, flag its use, and coach users towards secure and permitted cloud services. Not only will this rein in the use of high-risk cloud services, but by standardizing on a sanctioned service, an enterprise can reap the full benefits that come with the use of an enterprise-ready cloud service.
92 – Percent of companies that have stolen cloud credentials for sale on the Darknet
On December 10, 2014, an unauthorized third party gained access to Anthem’s database using stolen credentials. The culprit stole Anthem’s customer records which included names, medical IDs, Social Security numbers, email addresses, and more. It may come as a surprise to many, but hacking an organization using stolen credentials is the most common method by which a breach occurs, according to Verizon’s Data Breach Report 2016. While enterprises are focused on malware, backdoor hacks, or advanced persistent threats, hackers are happy to breach them using the front door. According to the same Verizon report, 63% of data breaches were due to hackers using weak, default, or stolen passwords.
We know compromised accounts is a real issue, and a CASB can detect when an account has been compromised, but how is that done?
One of the must-have CASB capability involves the use of User Behavior and Entity Analytics (UEBA). A central feature of UEBA is its ability to build accurate behavior models for users across cloud services, continuously integrate additional data to refine the model further, and create a constantly evolving profile for an individual. In regards to compromised account detection, UEBA is applied across multiple dimensions of cloud usage including the volume of user actions, the amount of data uploaded or downloaded, and the number of times a service is accessed. If a user’s behavior deviates from what is expected—say, for example, they log in from a new location—a CASB can trigger additional authentication steps or send a potential compromised account alert to the forensics team for investigation.
The above stats encompass a small fraction of why an enterprise should look to CASBs to secure their cloud usage. CASB capabilities cover what Gartner calls the four pillars:
- Visibility – into all cloud usage across the enterprise, quantify risk from cloud usage, and enforce comprehensive cloud governance policies
- Compliance – with data residency laws, external regulations and standards, and internal policies by enforcing data loss prevention policies for data at rest and in motion
- Data security – which includes structured and unstructured data encryption using customer controlled keys, contextual access control and authentication
- Threat protection – identifying high-risk user behavior that could indicate privileged user threat, negligent or malicious insider threat, or a compromised account threat