Today, Gartner posted an article titled “Gartner’s Top 10 Technologies for Information Security”. Unsurprisingly, Cloud Access Security Brokers (CASBs) are listed as #1, with User and Entity Behavior Analytics (which we at CloudLock consider a critical component of CASB) at #4. Here is an excerpt:
#1 Cloud Access Security Brokers. Software as a Service (SaaS) apps, increasingly pervasive in enterprises, provide new challenges to security teams with their limited visibility and control options. Cloud Access Security Brokers (CASB) allow chief information security officers (CISOs) an opportunity to apply enterprise security policies across multiple cloud services.
#4 User and Entity Behavioral Analytics. User and entity behavioral analytics (UEBA) provide user-centric analytics alongside information about networks, endpoints, and applications. The correlation of these analytics offers more effective, accurate threat detection.
The CASB market has been gaining an increasing amount of momentum as of late. Gartner itself has estimated that the market will reach 85% penetration in large enterprises in 2020, up from 15% in 2015.1 This is yet another affirmation that organizations of all sizes and types should evaluate their cloud security strategy and determine which approach to CASB best fits their needs.
Tomorrow’s CASB, Today?
Given all the attention the CASB market is receiving, the million dollar question has become: “Where are CASBs going next?”
To answer this question, we must first better understand cloud usage and follow the users.
- IaaS and PaaS As organizations continue to invest in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) for both internal use and to run their own software offerings to their customer base, the same concerns that apply to SaaS environments apply, namely: visibility, data security, compliance, and threat protection.
- Integration Ecosystem In the API-economy and age of connectivity, customers are less concerned with adding to the endless list of security solutions and more focused on integrating existing solutions to maximize their value.
- Platform-Based Approach There’s no doubt about it – platform-based approaches to CASB trump solutions born out of a legacy, hardware-dependent mentality.
- Dedicated Cybersecurity Team Your security vendors must help you level the cyber warfare playing field through a dedicated team to alert you of new threat vectors and potentially malicious activity.
- Security 101, Airborne Threats that have persisted in on-premises environments for decades not only remain concerns in the cloud; in some cases, the risk increases – take malware, for example.
Don’t Take Our Word For It
On May 19th, 2016, Gartner’s Craig Lawson and Sid Deshpande released the research note titled “Mind the SaaS Security Gaps”. At CloudLock, we believe this marks a turning point in the evolution of CASB, which is moving away from a closed, blocking-centric, monolithic methodology to an open, enablement-focused approach. Click here to access the report at no cost.
1 How to Evaluate and Operate a Cloud Access Security Broker, Neil MacDonald and Craig Lawson, December 8, 2015