- CASB is the fastest growing security category
- CASB is focused on cloud application enablement
- Gartner created the CASB category to help define the capabilities of cloud security providers
What is CASB?
Gartner defined the Cloud Access and Security Broker’s (CASB) market as those technologies that are placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASB technologies fall into four different pillars of functionality: a) visibility, b) compliance, c) data security, and d) threat protection.
By 2020, Gartner predicts 85% of large enterprises will use a CASB, up from less than 1% in 2012, reducing the cost of securing access by 30%.
– Gartner, The Growing Importance of Cloud Access Security Brokers
These technologies perform their function via two primary methods, proxy and API mode. The proxy mode deployment is inline, which handles all application traffic between the organization and the cloud. In this mode, critical data is protected (e.g., encryption, tokenization) before it is sent to the cloud. In the API mode, users go to the cloud directly, utilizing cloud APIs to monitor and control user access and enforce enterprise policies. The proxy technologies have higher networking reliability and performance requirements while delivering high assurance. API-based deployments, however, are easy to deploy and seamless to end users, with the caveat of losing inline, real-time protection. Enterprises often have use cases that require both inline and API-based deliveries.
CASBs are one of the fastest growing areas of IT security, thanks in no small part to the amazing growth of B2B cloud computing. To learn more, see what the market is saying about cloud access security brokers and its related technologies.
- CSA, CipherCloud look to standardize APIs for cloud access security brokerage
- CipherCloud named by AngelKings one of the 2015 top cloud, enterprise software startups watch video
Take a Deeper Dive
- Visibility: A Cloud Access Security Broker solution sits at a logical middle point between cloud users and the cloud applications (e.g., Salesforce, Box, Microsoft Office365, etc.). As such, it has visibility into traffic to and from the cloud application as well as user-cloud access activities. In contrast, a traditional, enterprise-focused visibility tool may be blind to cloud activities.
- Compliance: CASBs can help organizations enforce cloud access policies, which impact the organization’s compliance posture. For instance, you can use CASBs to ensure that PCI data does not go into a cloud application that is not PCI compliant.
- Data security: Traditional enterprise data security tools do not address the cloud usage, especially for those data that go into cloud from devices that reside outside the enterprise boundary. Some solutions can provide DLP, encryption and other data protection coverage for data in the cloud, regardless how it got there. Cloud security brokers can also proxy interactions between a cloud service and partner apps, providing data protection in between cloud layers.
- Threat Protection: The visibility and policy enforcement aspects of CASBs can protect the organizations against a multitude of threats, including misuse and abuse of cloud applications, insider threats that lead to elevated privileges, cloud account hijacking, etc.
All About CASBs: Expert Series
Security Musing’s blog write-up on “Understanding Cloud Access Security Broker Services” based on the Gartner report “The Growing Importance of Cloud Access Security Brokers”
Read 451 Research’s report on CipherCloud: “CipherCloud looks to stay at the head of the cloud security class with $50m funding”