Late last year, industry analyst group Gartner issued a report on the market for Cloud Access Security Brokers (CASB), a software service that’s not yet widely understood. The report included a startling statistic: by 2020, Gartner predicts that 60 percent of large enterprises will use a CASB to govern cloud services. Today, we’re at just over 10 percent usage.
One of the implications of this phenomenal market growth is that IT executives will need a crash course on the importance of CASBs in the next year or two. So let’s start with the fundamentals – what is a CASB, how it fits into the cloud ecosystem, and why it’s important for the enterprise of the future.
A CASB serves as a gatekeeper between the enterprise’s on-premise network and applications that might be in use, including those that employees might access from their mobile devices. CASBs enforce the enterprise’s security access controls, even if employees are utilizing a cloud-based application that falls outside of its network. Why is this important? One in three employees are downloading an unauthorized application to a device at the office…leaving the enterprise’s security severely compromised.
Perhaps more importantly, Rightscale’s State of the Cloud Survey in 2017 showed that one-third of enterprises are conducting work via public clouds (these might include Salesforce or Office 365, as examples), which often leave their customers’ data at risk for security breaches. While cloud applications usually offer some of the tightest security in the industry, it’s primarily to prevent of attacks against their infrastructures, such as Denial-of-Service and malware intrusions. They are less concerned about the potentially sensitive data that an enterprise might store on their platforms. CASBs help an enterprise lower the risk of data leakage by identifying cloud applications its employees access, pinpointing high-risk sites and users and even delivering credential mapping to help with employee authorization.
In short, a CASB acts as a governing intermediary between cloud-based applications and enterprise users. Any organization using the cloud can recognize immediate benefits from deploying a CASB, but it would be particularly useful in industries such as finance and healthcare, where security regulations are especially stringent and where a lack of strict corporate guidelines of employee use of sanctioned vs. unsanctioned mobile devices is not strictly monitored.
There are numerous CASB offerings to choose from, by vendors such as Netskope, Skyhigh Networks, Cisco and Microsoft. All have core competencies but their architectures vary; understanding the architecture is important, particularly from a configuration and deployment perspective. How a CASB is accessed will have an effect on the types of devices supported, operational costs, and business use cases.
Regardless of vendor, there are four key areas to consider when searching for a CASB solution:
- Security – the CASB needs to not only protect data in the cloud, but data as it is transferred from the cloud to the employee’s device, and vice versa
- Usability/Visibility – ensure that real-time visibility is possible for total control
- Mobility – determine how employees use mobile devices (now and in the future), and thwart any possibility of security work-arounds
- How does the provider allow access to their CASB? Is it proxy based? API introspection? Or a multi-mode approach?
As the enterprise continues its migration to the cloud (and there is no sign of this slowing down), the need for CASBs is becoming more urgent. It is important for companies to prioritize their budgets now in order to invest in security controls that complement the business platforms of the future.
If you would like to schedule a free Cloud Risk Assessment with one of our security experts, contact us here.