Forget the days when you could blame a hazy notion of the cloud for a breach in your security protocol. By 2023, at least 99 percent of all cloud security failures will be your fault, Gartner predicted in its 2018 Magic Quadrant on cloud access security brokers, so now’s the time to investigate which CASB is right for you. With dozens of options available, this list of the top 10 CASB products and services is intended to help you winnow down the choices.
The cloud access security broker market offers four main services to keep your enterprise and its workflows safe from the public applications employees and contractors use to stay productive and connected, wherever and whenever they need access.
Visibility. A CASB lets you see what your people are accessing beyond your enterprise, including who is using cloud applications, where they are accessing the information, and what they are looking at. Almost every cloud access security broker allows an enterprise to move beyond the “shadow IT” style of finding out too late that employees are using unapproved apps in the cloud to share or access data.
Data security. CASBs keep your data intact and secure, just the way you like it when it resides on your own campus. To ensure data loss prevention (DLP) in the cloud, a CASB will monitor employee clearance, or levels of access. Some CASBs offer tokenized access or redact prohibited content on the fly.
Threats. CASBs monitor and prevent unwanted and threatening access to your data by providing adaptive access controls and embedded user and entity behavior analytics (UEBA). Their products scan emails, learn how to identify anomalous user behavior and prioritize threat levels before locking out individuals or apps
Compliance. Reporting and regulatory compliance are key for enterprises with governance and governmental accountability, as well as for those who want to show clients and customers how much value they place in proactive security measures.
Most CASB products and services are available as SaaS (software as a service) offerings, with tweaking available through plug-ins or additional on-premises hardware to help IT staff monitor activity.
Before we present the top 10 list, here are a few questions to consider when choosing a CASB.
- Will the CASB’s filtering and encryption protocols impact latency and adversely affect user access times?
- Does the web filtering tool see beyond domain names and paths taken to the specific applications being used? And does the tool decide whether to allow access or is that decision made by a different tool managed by on-site IT?
- Does the CASB allow users to extract or download data from shared files? Should the data be encrypted if it comes from a trusted CRM source like Salesforce? Who makes that decision?
- Are analyses of threats and anomalous user activity based on machine learning with scalable results?
- Does the CASB offer reverse proxy applications? In other words, does the CASB monitor data flowing back to your network before it reaches your own servers and clients?
Criteria for inclusion on this list included the company’s focus on the CASB market, partnerships, innovation, reviews of the company’s performance and expertise, and company size. When available, we factored in the company’s financial stability and reviews of the companies’ workplace culture.
One final thing to keep in mind is that the CASB market is both competitive and shifting. In its 2018 CASB Magic Quadrant report, Gartner said that CASBs have become an “essential element” of cloud security strategy, and that by 2022, 60 percent of large enterprises will use a CASB to govern some cloud services, up from less than 20 percent today.
“Not surprisingly, this is starting to become a more crowded market,” said Rik Turner, senior analyst for infrastructure solutions at Ovum. “Cloud access security platforms, whether they are called brokers, controllers or gateways, are certain to see further growth in demand as more and more companies move at least part of their enterprise application infrastructure to the cloud.”
Turner said he expects to see a “land grab” by the more established players, with the more successful startups getting gobbled up. “All the companies competing in this market should therefore expand their customer base and gain visibility in readiness for this phase,” he said.
The land grab is well under way. Cisco, McAfee, Microsoft, Symantec and Palo Alto Networks have made acquisitions in the CASB space in the past few years.
If you’re looking to beef up your cloud security and monitor employee access, this top 10 list is designed to simplify your choice of provider. To compile the list, we identified the cloud access security brokers in the market — with a starting lineup of 20 companies — and then determined which factors we’d use to assess them. Helping along the way were analysts, company executives and IT professionals.