Cloud Access Security Broker
(CASB) - Complimentary 2016 Gartner Report

  Cloud Access Security Broker (CASB)

Cloud Access Security Broker (CASB)

"APIs will be the most critical piece in enterprises' ability to secure cloud services."* Gartner

A Cloud Access Security Broker is a security solution that is meant to protect cloud applications and infrastructure, from SaaS to IaaS and PaaS. In its latest cloud security report (Read a Complimentary Copy here), Gartner provides guidance on what to look for in a CASB and how to leverage a CASB to secure all cloud services.

Two fundamentally unique responses emerged to the growth of cloud computing: the cloud-adverse mindset and the cloud-positive mindset. Individuals of the cloud-adverse mindset feared the growth in cloud use and attempted to restrict it through legacy on-premises philosophies and solutions.

Progressive individuals adopted the cloud-positive mindset, choosing to embrace the growing ubiquity of cloud technologies as an opportunity to not only improve organizational efficiency and collaboration - but recognize the expansion of cloud technologies as a chance to reimagine and improve security. Now, business and IT security were no longer at ends with one another; they were aligned around a common goal.

Competing Approaches

As the CASB market took shape, two diametrically-opposed approaches became clear:

  • The legacy approach favored by security practitioners who saw the cloud as an extension of the corporate network and sought to control cloud traffic. Advocates of this approach insisted on the preservation of the more familiar network-centric and hardware-dependent approach to data and user protection. This resulted in CASBs powered by gateways, proxies, and agents.
  • A platform approach that focused on cloud-enablement, and viewed the cloud as a business enabler. This approach is much broader, and included support for IaaS, PaaS, and home-grown, custom apps, as well as bi-directional integrations and orchestrations with existing security investments, such as IDaaS, EMM, NGFWs, and SWGs. This approach not only leveraged APIs from SaaS apps, but the platform itself was a collection of APIs which allowed security to be built in to any app.

The Winning Approach

The refusal of the traditional approach to evolve with users and cybercriminals proved limiting, as cyberthreats continued to plague organizations. As the CASB market matured, security strategists, vendors, and analysts alike began to shift to the new cloud enablement mindset, recognizing the realities of the BYOD and cloud-centric universe we now live in, where a growing volume of traffic never traverses the corporate network, including both the on-premise network and managed mobile devices.

The cloud-native, API-based platform approach has come to dominate. Only API-based CASB & Cybersecurity platforms can provide:

  • No impact to the user experience
  • A zero-footprint, agentless architecture
  • No single point-of-failure
  • The fastest time to full value
  • Deep integration with monitored cloud applications

CASBs cover a key set of use cases, including Threat Protection, Data Security, Compliance, and Visibility; however, there are significantly different approaches to providing this functionality. Gartner again provides guidance:

Shortlist CASB vendors based on those that are the least disruptive to your current environment, while still delivering the visibility and control options you require.*


Moving Beyond SaaS

While CASBs have traditionally focused on SaaS services, support for IaaS and PaaS is quickly becoming an essential, non-negotiable requirement. Organizations are re-evaluating their entire application portfolios and "cloudifying" their traditionally internal apps.

Moving homegrown apps to the cloud requires a dramatic re-thinking of security. While IaaS solutions such as AWS are responsible for securing the infrastructure, security is inherently a shared responsibility. For apps hosted in an IaaS or PaaS environment, organizations no longer need to focus on the security of the infrastructure itself, but need to target user behavior and data exposures. CASBs need to keep pace.

Moving Beyond SaaS

Source: Gartner (May 2016)*

Favor CASB vendors that have a desire and the roadmap to extend common feature sets to multiple types of SaaS applications and other cloud services (IaaS and PaaS) from a single console.*


CASBs Complement Existing Security Investments

CASBs do not operate in a vacuum. Rather, they should be considered an integral part of the larger cybersecurity strategy and security stack. As such, CASBs offering high extensibility and interoperability are considered highly preferential to point integrations.

The value of CASB solutions increases dramatically through their ability to orchestrate security across complementary solutions, including Identity and Access Management (IAM), Next-Generation Firewall (NGFW), Secure Web Gateway (SWG), Malware and Threat Emulation, Security Information and Event Management (SIEM). By correlating threat intelligence and automating response actions across formerly disparate solutions, CASBs increase the effectiveness of security programs. Gartner concurs:

Look to "piggy back" new spending in SaaS applications to ensure that CASB and IAM, at a minimum, are accounted for in upcoming enterprise architecture discussions.*


A Mandatory Requirement

If you haven’t yet deployed a CASB, you aren’t alone. The CASB market is still nascent; however, adoption is increasing rapidly: “By year-end 2017, the cloud access security broker (CASB) market will reach $500 million, from less than $200 million today.”*

Deploying a CASB is quickly becoming a mandatory control.

Investigate where in your infrastructure security architecture program you can look to rightsize spending on technology, so that CASB is added to your architecture if SaaS is being adopted or is already in use.*


Companies of all types and sizes are choosing to deploy a CASB, and over 700 of them have chosen CloudLock.

Complimentary 2016 Gartner Report

The adoption of sanctioned enterprise cloud services should be slowed until security and data sovereignty issues can be resolved.*

Complimentary Report
Complimentary 2016 Gartner Report
* Mind the SaaS Security Gaps 2016 Craig Lawson and Sid Deshpande May 19, 2016 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission.

Experience a Live Demo

See Cisco Cloudlock in action from one of our cloud security experts

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser