If your business has any investment in public cloud SaaS applications, then it’s time to invest in a Cloud Access Service Broker (CASB). That’s our takeaway from the recently released Gartner security report, “Emerging Technology Analysis: Cloud Access Security Brokers.”
More and more enterprises of all sizes are adopting the public cloud, thanks to the cost savings and flexibility and scalability benefits SaaS providers offer. 90 percent of enterprises that have adopted public cloud applications plan to put more than half their spending towards enterprise SaaS applications by 2018. But they’re doing so in a time rife with public cloud security and privacy concerns, which have turned other organizations way from the cloud. According to Gartner, security and privacy continue to be the top reasons for businesses to avoid SaaS—a choice that offers some security benefits but ultimately hamstrings cloud-averse organizations.
CASBs, according to Gartner, will play a key role in securing SaaS deployments for years to come thanks to the “four pillars” of protection they provide: visibility, compliance, threat prevention, and data security.
Why do these pillars matter, and why do CASBs look set to change the public cloud data security game?
To understand the importance of CASBs, it’s vital to understand what a CASB is and can be.
Gartner defines CASB as technology that sits between the endpoint and the SaaS application (or applications), either through an on-premises gateway like CipherCloud, or through a cloud service or proxy. From its vantage point, the CASB accesses all of the traffic traveling between the endpoint and the application. This is key, since the CASB is then theoretically able to gain visibility and apply control mechanisms to the entirety of that traffic.
In practice, CASB performance is limited by two major factors: CASB technology, of course, and the cooperation of the SaaS providers themselves. The SaaS providers themselves have proven enthusiastic and cooperative, opening up their APIs to enable better CASB integration. That means that in most cases, the major limiting factor is the CASB itself. Here, CipherCloud prides ourselves in standing head and shoulders above. Let’s take a look at Gartner’s four pillars for examples:
Visibility: Differentiation in this area will require features like comprehensive activity and transaction logging and monitoring, as well as automated alerting and reporting based on custom-defined rules and risk metrics, according to Gartner. CipherCloud provides these visibility features, risk assessment capabilities and more.
Compliance: Here as well, Gartner calls out activity and transaction monitoring as key to differentiation. More interestingly, Gartner discusses cloud application risk analysis and scoring; these are features that our CipherCloud for Cloud Discovery product now makes accessible to any enterprise that has adopted SaaS, both officially or in the form of shadow IT.
Threat Prevention: Gartner’s definition of threat prevention doesn’t stop at malware detection, which CipherCloud also offers. The analyst firm also takes into account insider threats, which CipherCloud’s granular data access control, user activity monitoring features and DLP integration help address.
Data Security: Cloud data security has always been CipherCloud’s competitive advantage, and Gartner’s discussion of what that means validates our approach by stating the importance of “preserving application functionality” even while encryption and tokenization are in use.
What’s more, for full effectiveness, these features should not be spread across multiple products, a deployment model that invites interoperability issues and security gaps. Instead, a leading CASB solution should offer cloud data protection in a unified platform—something CipherCloud has long known.
As enterprise SaaS adoption continues to grow and security concerns continue to arise, CASBs will become increasingly critical to enterprise cloud security and privacy. Is your organization ready? Tell us how you’re securing your public cloud deployments in the comments.