What is a Cloud Access Security Broker (CASB)?

Gartner names cloud access security broker the #1 security technology of 2016

Download Free Forrester Wave Report

 

Cloud access security brokers (CASB) are on-premises or cloud-hosted software that act as a control point to support continuous visibility, compliance, threat protection, and security for cloud services. In its latest CASB report (download a free copy here) Gartner provides a detailed overview of why organizations are adopting this technology, their primary functions, and how to evaluate vendors. Although Gartner has yet to release a Magic Quadrant for the CASB market, Forrester recently released their Wave report (download a free copy here) that ranks leading CASB vendors.

By 2020, 85% of large enterprises will use a cloud access security broker solution for their cloud services, which is up from fewer than 5% in 2015.

– Gartner, How to Evaluate and Operate a Cloud Access Security Broker,
Neil MacDonald, Craig Lawson, December 8, 2015

Limited Time Offer: Free Forrester Wave Report

Download this new report that ranks the top CASB Vendors

Download Now

As corporate data moves to the cloud and employees access data from mobile devices, they bypass existing security technologies. Gartner says this has created a “SaaS security gap”. In response, many organizations have attempted to block cloud services en masse using their firewall or proxy. However, with thousands of cloud services available today, organizations block the ones that are well known and that causes employees to seek out lesser-known, potentially riskier cloud services that are not being blocked. CASB solutions will, according to Gartner, enable IT to shift from the “no” team to the “let’s do this and here’s how” team.

Gartner’s 4 Pillars of Required CASB Functionality

Gartner organizes CASB capabilities into four pillars of required functionality: visibility, compliance, data security, and threat protection. While cloud providers are starting to offer some limited policy enforcement capabilities, one benefit of using a cross-cloud CASB solution that addresses each functional area, says Gartner, is that an organization has a centralized place to manage and enforce policies. Since capabilities vary widely among cloud providers (and even CASB vendors) this also ensures a consistent set of controls across cloud services.

Visibility Compliance Data Security Threat Protection
Gives organizations visibility into users, services, data, and devices. Provides file content monitoring to find and report on regulated data in the cloud. Adds an additional layer of protection including encryption. Analyzes traffic patterns to identify compromised accounts and malicious usage.

Using cloud access security brokers, organizations can:

  • Identify what Shadow IT cloud services are in use, by whom, and what risks they pose to the organization and its data
  • Evaluate and select cloud services that meet security and compliance requirements using a registry of cloud services and their security controls
  • Protect enterprise data in the cloud by preventing certain types of sensitive data from being uploaded, and encrypting and tokenizing data
  • Identify threats and potential misuse of cloud services
  • Enforce differing levels of data access and cloud service functionality based on the user’s device, location, and operating system

Limited Time Offer: Complimentary Gartner Report

Learn why Gartner considers CASBs to be a required security technology and their recommendations for security and risk management leaders evaluating cloud security controls.

Download Now

CASBs Have Multiple Deployment Models

While many CASBs leverage log data from firewalls and web proxies to gain visibility into cloud usage, Gartner defines two major deployment architectures that CASB solutions use to enforce policies across cloud services: proxies and APIs. In proxy mode, a CASB sits between the end user and the cloud service to monitor traffic and enforce inline policies such as encryption and access control. CASBs can leverage a forward proxy, reverse proxy, or both. Another deployment mode is direct integration to specific cloud providers that have exposed events and policy controls via their API. Depending on the cloud provider’s API, a CASB can view end user activity and define policies.

Choose multimode CASB solutions that offer a variety of in-line and API-based visibility options.

– Gartner, How to Evaluate and Operate a Cloud Access Security Broker,
Neil MacDonald, Craig Lawson, December 8, 2015

Certain security capabilities are dependent on the deployment model, and Gartner recommends organizations look to CASB solutions that offer a full range of architecture options to cover all cloud access scenarios. They also note that vendors offering API-based controls today are not well-positioned to extend their platforms to include proxy-based controls given the significant investment needed to develop a robust proxy architecture that scales to the large data volumes exchanged between end users and cloud services. Depending on industry regulations, customers may also look for on-premises proxy solutions, so Gartner recommends looking for a vendor that offers both on premises and cloud-based proxy models.

CASB Evaluation Criteria

According to Gartner, while many providers focus on limited areas of the four CASB functionality pillars, most organizations prefer to select a single CASB provider that covers all use cases. Gartner recommends that organizations carefully evaluate CASB solutions based on multiple criteria. One consideration is how many cloud providers the CASB solution can discover and the breadth of attributes tracked in the CASB’s registry of cloud providers. Another consideration is whether the CASB supports controls for the business-critical cloud services, such as Office 365, that are currently in use or planned in the near future.

Finally, Gartner notes that the CASB market is crowded and expects that consolidation will occur and some vendors will exit the market in the next five years. A good predictor of whether a vendor will continue operating is whether they are one of the leaders in the market in terms of customer traction. Companies with more customers will naturally have a more complete view of customer needs, which will enable them to develop better solutions to meet those needs that will, in turn, attract more customers and support a sustainable business. To read more about Gartner’s view of the market, download a free copy of their latest report.