As cloud computing became ubiquitous, two fundamentally incompatible philosophies competed for mindshare. One viewed the cloud as a problem that required a product to bring on-premises concepts of security to the cloud. The other viewed the cloud as an opportunity to enable organizations to improve efficiency and collaborate while improving security. This represented a tectonic shift in how business and IT Security interacted; rather than focusing on opposing objectives, business and security came together for the first time with a common purpose.
Let’s dive further into these approaches:
- The legacy approach to cloud security favors blocking and control and focuses on limited use cases such as Shadow IT and SaaS-only security governance. This requires gateways, proxies, and agents.
- The platform approach focuses on enablement by providing security within the greater context of supporting business agility, efficiency, and collaboration. This approach is much broader, and includes support for IaaS, PaaS, and home-grown, custom apps, as well as bi-directional integrations and orchestrations with existing security investments, such as IDaaS, EMM, NGFWs, and SWGs. This approach not only leverages APIs from SaaS apps, but the platform itself was a collection of APIs which allowed security to be built into any app.
On May 19th, 2016, Gartner’s Craig Lawson and Sid Deshpande released the research note titled “Mind the SaaS Security Gaps”. At CloudLock, we believe this marks a turning point in the evolution of CASB, which is moving away from a closed, blocking-centric, monolithic methodology to an open, enablement-focused approach.
When using an enablement-focused approach, organizations should choose a CASB solution that is the least-disruptive to their current environment, while focusing on an API-based approach. Let’s see how CloudLock stacks up:
|Gartner Key Takeaway||Enablement-Focused Platform Approach||Blocking-Focused Product Approach|
|“APIs will be the most critical piece in enterprises' ability to secure cloud services.”||✔ CloudLock is the best-of-breed, cloud-native CASB. CloudLock has focused exclusively on building the best, most-scalable API-based CASB solution.||✘ Started with proxy, agent and gateway approaches; added limited and incomplete API support as a bolt-on later.|
|“Favor CASB vendors that have a desire and the roadmap to extend common feature sets to multiple types of SaaS applications and other cloud services (IaaS and PaaS) from a single console.”||✔CloudLock’s platform approach uses security microservices that can be used to not only protect primary SaaS applications, but also homegrown apps running on IaaS, PaaS, or even on-premise.||✘ Legacy CASB vendors are focused on use cases for SaaS only and don’t protect homegrown applications and IaaS/PaaS infrastructure.|
|“Shortlist CASB vendors based on those that are the least disruptive to your current environment, while still delivering the visibility and control options you require.”||✔ CloudLock does not break functionality or impact the user experience, while offering a zero-footprint, agentless architecture that has no single point-of-failure.||✘ Advocate a phased approach that consists of deploying APIs first and then proxies, gateways and agents, This breaks native cloud functionality, disrupts the end users, degrades performance, and introduces a single point of failure.|
|“The adoption of sanctioned enterprise cloud services should be slowed until security and data sovereignty issues can be resolved.”||✔ Unlike proxy-based solutions, CloudLock can be deployed in under 10 minutes, while providing full value.||✘ Legacy CASB vendors focus on proxy deployments that leave a gaping hole of existing (at-rest) data visibility and governance.|
|“Look to "piggy back" new spending in SaaS applications to ensure that CASB and IAM, at a minimum, are accounted for in upcoming enterprise architecture discussions.”||✔ CloudLock focuses on a “cloud enablement” approach to security, i.e. lets companies piggy back on SaaS benefits with an additional layer of security without the downside of legacy blocking and full encryption modes. CloudLock also goes beyond integration to orchestrate security with many complementary security solutions, including IAM/IDaaS.||✘ Legacy CASB vendors advocate “bottleneck and chokepoint” approach to security through gateways and proxies which is in complete contrast to the goals of empowering users and organizations. Additionally legacy vendors advocate a “jack of all trades” approach which ignores existing technologies (such as Web Secure Gateways, Next Generation Firewalls) that organizations have already deployed.|
|“Investigate where in your infrastructure security architecture program you can look to rightsize spending on technology, so that CASB is added to your architecture if SaaS is being adopted or is already in use.”||✔ CloudLock helps organizations shutter legacy IT applications and adopt cloud applications securely, resulting in significant cost savings. Through its non-invasive, zero footprint deployment approach and focus on orchestrating existing security investments, CloudLock ensures that enterprise see more value out of existing infrastructure security architecture. Deployed in less than 10 minutes, CloudLock delivers immediate return on the security investment.||✘ Legacy CASB vendors advocate a multi-phased and multi-mode approach to security, involving invasive, time-consuming and error-prone security technologies. By advocating replacing existing proxy solutions, legacy CASB vendors lead to duplicate efforts to protect the same infrastructure, resulting in redundant license, implementation and consulting costs. Since proxy, gateway, and agent approaches to cloud security take weeks and months to deploy, security ROI is low or at best delayed, leading to many projects ending up as shelfware.|
From our founding in 2011, CloudLock has viewed the cloud as a business enabler. We have always advocated an approach to security that adds real value to end users, rather than interfering with the user experience by introducing a choke point between users and cloud services. CloudLock has focused on becoming the strongest, deepest, broadest, and most-scalable cloud-native, API-based Platform solution on the market. CloudLock was the first to launch an API-based CASB and remains the only Enterprise-grade, cloud-native CASB Platform.
Because the CloudLock Security Fabric has been built ground-up as a Platform, CloudLock is itself a set of API-based microservices. What this allows CloudLock to do uniquely well is both expand support for an unlimited number of cloud applications (an industry first) as well as allow customers and cloud developers to secure home-grown, custom apps. We call this the CloudLock CyberDev Platform. Customers and partners can use CloudLock services to secure any cloud application, including those custom-built and running on IaaS/PaaS as well as apps hosted on-premises. When these apps are running on AWS, CloudLock can secure them 100% automatically, without requiring any code.
Companies of all types and sizes are choosing to deploy a CASB, and CloudLock has the largest installed base of enterprise-grade customers with more than 750 organizations – every one of these has selected an API Platform approach to cloud security.
Join us on our journey to enable business to use the cloud to become more productive and secure.
* Gartner, Mind the SaaS Security Gaps, Craig Lawson and Sid Deshpande, May 19, 2016