When the founders of Skyhigh Networks started the company in 2012, they knew they were bringing to market an important service that would fill a major need for companies of all sizes. What they didn’t know at the time is that Skyhigh would be creating a new market category that Gartner would name the #1 security technology for 2014.
I’m talking about the solution space that Gartner calls Cloud Access Security Broker (CASB). Gartner analysts Neil MacDonald and Peter Firstbrook had the foresight to notice this budding market category back in May 2012 and write their report “The Growing Importance of Cloud Security Brokers,” G00233292.
MacDonald and Firstbrook defined a CASB as “an on-premises or cloud-based security policy enforcement point placed between cloud service consumers and cloud service providers to interject enterprise security policies as public or private cloud-based resources are accessed. This capability can be delivered as a service from the cloud, on-premises or both.”
At the time they explained why this type of technology was so important, even as early as 2012: “As organizations embrace cloud computing, and as the number of mobile and unmanaged devices continues to increase, traditional network and endpoint-based security controls are difficult to use. CASBs enable organizations to enforce consistent security policies when accessing cloud-based services in a way that is transparent to end users using physical appliances, virtual appliances or cloud-based services.”
Gartner’s surveys and polls consistently show that security, privacy and compliance are the greatest concerns of organizations considering cloud computing solutions, and these issues are precisely the focus of cloud access security brokers.
At the Gartner Security & Risk Management Summit this past June, the analyst firm outlined its top ten technologies for information security in 2014. At the top of the list? Cloud access security brokers. In naming CASB as the top technology of the year, Neil MacDonald told summit attendees, “Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable business opportunities and manage risk.”
Gartner isn’t the only analyst firm bullish on this category of security products. 451 Research calls this market segment Cloud Application Control (CAC). In an April 2014 report, analyst Adrian Sanabria wrote,” The emergence of shadow IT and the subsequent decision by many enterprises to embrace it created the need for a more granular, flexible way to control access to SaaS applications. Part of the problem was that enterprises recognized that some of these tools were improving productivity, but many lacked basic enterprise and compliance features—especially pertaining to the storage of sensitive or proprietary company data. Another issue was that companies often didn’t object to an application outright, but rather its particular features. Addressing granular control at this level now allows businesses to enable the use of productivity-boosting apps while retaining control over data, security and compliance.”
Yes, exactly! Whether you call it Cloud App Control or Cloud Access Security Broker or something else, solutions like those that Skyhigh and other companies provide are not so much about control as they are about visibility and enablement.
We expect to see Forrester, IDC, Securosis and other analyst firms actively cover this market as well. Clearly it’s an important one; Gartner projects that 25% of enterprises will have a CASB/CAC solution in place by 2016. These analyst reports are helpful to everyone, as the analysts are extremely knowledgeable, speak regularly with enterprises customers about their needs and experiences, and help educate the market.