Cloud computing has not solely altered the way in which the world does enterprise, but it surely additionally has introduced new and sometimes difficult enterprise safety necessities. Because of this, an entire new sector of IT has sprung up within the final decade targeted on cloud-access safety–acronymed CASB (for cloud entry safety brokers)–which requires very completely different abilities and instruments from knowledge heart or campus-centric safety.
Going into 2021, there are few areas of safety which can be extra essential to companies, authorities, the navy, customers or the scientific sector than CASB. It is because all of use are doing nearly all of our work in cloud-based functions.
As enterprises undertake new companies, functions and strategies to handle knowledge, the necessity to tackle altering knowledge fashions and menace dangers is important. Organizations should tackle an array of points that revolve round collaborative internet functions, knowledge circulation, community designs, cloud infrastructure and different key areas.
Though main cloud suppliers usually supply sturdy built-in protections—together with sturdy authentication, encryption and malware detection—there are sometimes gaps in safety that consequence when organizations depend on a number of cloud service suppliers, completely different community topologies and quite a few functions. These dangers usually contain key areas equivalent to internet software firewalls (WAFs), safe internet gateways (SWGs) and knowledge loss prevention (DLP).
Cloud entry safety brokers (CASB) take purpose at this concern. “They ship differentiated, cloud-specific capabilities typically not accessible as options in different safety controls,” a current trade report from Gartner Analysis mentioned. “CASB distributors perceive that for cloud companies the safety goal is completely different: it’s nonetheless your knowledge however processed and saved in programs that belong to another person.” Consequently, CASBs retailer coverage administration info and governance particulars throughout a number of cloud companies. This delivers granular visibility and stronger controls. Gartner predicts that by 2022, 60 % of enormous enterprises will use a CASB to control cloud companies, up from 20 % at present.
Right here’s a take a look at 10 of the highest distributors within the cloud safety house. These rankings had been curated with knowledge and evaluations from Gartner Peer Insights, G2 Crowd and IT Central.
Table of Contents
Cisco Programs Cloudlock
San Jose, Calif.
Safety Bundle: Cisco Cloudlock
Worth proposition for potential patrons:
Since Cisco Programs acquired Cloudlock 4 years in the past, it has labored onerous to include the corporate into its portfolio of cloud-based merchandise. The CASB resolution presents quite a lot of highly effective capabilities, together with the power to configure insurance policies dynamically and mixture customers into particular teams, based mostly on real-time actions and conduct.
Key values/differentiators:
- Cloudlock can even constrain person conduct, thus offering a strong type of adaptive entry management. As well as, it offers highly effective controls, based mostly on OAuth, that may override permissions and block sure kinds of cloud assaults.
- A powerful API framework helps organizations prolong controls to SaaS functions that don’t embrace native help for these and different options.
To Take Underneath Advisement:
- One of many drawbacks to the strategy Cloudlock takes is that each one these options and controls are based mostly on sanctioned functions that present APIs. Cisco additionally presents no help for CSPMs. Customers price the platform as easy-to-implement, highly effective and extremely scalable.
Who makes use of it: Medium to giant enterprises
The way it works: subscription cloud service and on-prem choices
Palo Alto Networks
Santa Clara, Calif.
Safety Bundle: Palo Alto Aperture
Worth proposition for potential patrons:
Palo Alto Networks acquired CirroSecure in 2015 and has since relaunched the answer to incorporate extra targeted cloud safety instruments. The 2020 resolution is closely targeted on discovery together with SaaS coverage and safety administration. Aperture consists of sturdy knowledge classification and monitoring instruments, DLP, person exercise monitoring, recognized and unknown malware safety and detailed threat and utilization reporting.
Key values/differentiators:
- Palo Alto Networks is taken into account a distinct segment participant within the CASB house. Customers say that Aperture is a superb product with sturdy performance, although it lacks some fascinating options.
- Amongst its strengths is a capability to determine SaaS and non-SaaS internet functions that can be utilized to exfiltrate knowledge.
- It additionally delivers comparisons to a number of trade baselines and it suggests configuration adjustments to enhance compliance.
- Customers price the corporate’s help excessive.
To Take Underneath Advisement:
- Cautions embrace configuration complexity and a scarcity of performance in a couple of key areas, together with reverse-proxy inspections.
Who makes use of it: Midrange and huge enterprises
The way it works: subscription cloud service and on-premises servers
CipherCloud
San Jose, Calif.
Safety Bundle: CipherCloud CASB+
Worth proposition for potential patrons:
CipherCloud is likely one of the extra revered younger cloud safety corporations on the scene. Encryption and tokenization are key parts of cloud safety. CipherCloud, which has supplied a CASB resolution since 2011, locations a heavy emphasis on knowledge safety by cloud-native safety and compliance throughout SaaS, PaaS and IaaS platforms. The answer presents sturdy cloud-based visibility and controls—extending to functions working within the cloud—and it may well handle each structured and unstructured knowledge.
Key values/differentiators:
- One of many largest strengths of the answer is a capability to encrypt knowledge earlier than delivering it to SaaS functions—whereas preserving partial software performance.
- The answer manages keys for SaaS-native encryption mechanisms within the CipherCloud or a KMIP-compliant key administration server.
To Take Underneath Advisement:
- Potential weak point consists of adaptive entry controls and steady threat evaluation instruments that path rivals, Gartner famous. It positioned the corporate between a visionary and chief in its Magic Quadrant.
- Some adopters price the product a bit troublesome to make use of and say it’s a bit pricy. General rankings are extraordinarily excessive.
Who makes use of it: small to giant enterprises
The way it works: subscription cloud service
Microsoft
Redmond, Wash.
Safety Bundle: Microsoft Cloud App Safety (MCAS)
Worth proposition for potential patrons:
Microsoft’s addition of Adallom in 2015 broadened the corporate’s safety choices in a giant method. MCAS presents a reverse-proxy-plus-API CASB that may function independently or a part of Microsoft’s Enterprise Mobility + Safety (EMS) suite. This consists of instruments for Azure and different functions and elements. The answer additionally consists of menace protections and complicated analytics.
Key values/differentiators:
- Gartner positions the corporate within the “challenger” quadrant, whereas customers say that whereas it may be a bit difficult to implement, it delivers highly effective options and powerful protections.
- Gartner describes the interface as “intuitive” and says that the answer handles advanced insurance policies utilizing a visible editor. This makes the method easier by eliminating scripting and programming.
- It additionally presents solutions and hints that may information a company to extra sturdy cloud safety.
- Lastly, it delivers sturdy automation, significantly round watermarking and encryption.
Who makes use of it: Private to SMBs to midrange enterprises
The way it works: subscription cloud service
Forcepoint
Austin, Texas
Safety Bundle: Forcepoint CASB
Worth proposition for potential patrons:
Figuring out shadow IT, stopping compromised accounts and making certain safe cellular entry to cloud apps covers a broad expanse of enterprise safety necessities. Clouds ratchet up the challenges exponentially. Forcepoint CASB focuses on these points.
Key values/differentiators:
- It delivers a broad package deal of safety merchandise that revolve round safe internet gateways, e-mail safety, person and entity conduct analytics, DLP and knowledge safety, and imposing a community firewall.
- The answer delivers a strong engine that meshes with workflows and enterprise insurance policies. It additionally presents threat scoring, anomaly detection, sturdy analytics and metrics instruments, real-time oversight and highly effective software governance.
- The main focus is closely tilted towards enterprise functions.
To Take Underneath Advisement:
- One of many key cautions for adopting the platform revolve round an incapability to configure management insurance policies towards most popular SaaS functions. Customers describe the answer as highly effective, granular and extremely versatile. Gartner charges it in the midst of its quadrant.
Who makes use of it: SMBs to midrange enterprises
The way it works: subscription cloud service and on-prem choices
McAfee
Santa Clara, Calif.
Safety Bundle: McAfee MVISION Cloud
Worth proposition for potential patrons:
McAfee is likely one of the best-known and utilized safety options on the planet, in a number of classes that inlcude each B2B and shopper markets. The corporate, owned for a couple of years by Intel however again to being unbiased, acquired Skyhigh Networks in January 2018. The answer bolstered the corporate’s current portfolio of DLP, SWG and community sandboxing applied sciences.
Key values/differentiators:
- McAfee’s strengths lie in its highly effective dashboard, excessive stage of configurability and adaptability, real-time capabilities, and powerful DLP controls.
- Gartner notes: “McAfee presents in depth CSPM capabilities that exceed these of even some pure CSPM distributors. It consists of sturdy auditing and compliance scanning plus a number of choices for computerized and guided guide remediation.”
- Customers give the answer excessive marks and say it offers sturdy controls, significantly find shadow IT.
To Take Underneath Advisement:
- Potential drawbacks embrace: the power to configure error messages for particular customers and gaps in sure kinds of notifications, significantly involving real-time APIs. Gartner ranks the answer among the many leaders.
Who makes use of it: SMBs, midrange, giant enterprises
The way it works: subscription cloud service
Bitglass
Campbell, Calif.
Safety Bundle: Bitglass Subsequent-Gen CASB
Worth proposition for potential patrons:
Bitglass runs natively from the cloud but it surely additionally will be deployed as a Docker container that serves as a bunch on-premises. The seller has emerged as a pacesetter within the CASB house by introducing a zero-day strategy closely tilted towards belief rankings, belief ranges and at-rest encryption that’s tightly built-in with enterprise compliance and governance necessities.
Key values/differentiators:
- The platform, which extends to cellular safety and shadow IT controls, is powered by an agentless “AJAX Digital Machine (VM)” abstraction layer transparently embedded inside a person’s browser to help real-time knowledge safety in particular situations, together with unmanaged gadgets.
- Bitglass CASB options an automatic studying mode, digital watermarks, and powerful knowledge loss prevention.
- On the draw back, Gartner factors out that the answer isn’t in a position to modify SaaS software native safety controls and it’s restricted in its capability to assign and shopper Azure Data Safety templates. General, Gartner rated Bitglass a pacesetter in its 2018 Magic Quadrant rankings. Customers say that the answer is intuitive and presents highly effective capabilities.
Who makes use of it: mid-range to giant enterprises
The way it works: subscription cloud service with container choice
Netskope
Santa Clara, Calif.
Safety Bundle: Netskope Safety Cloud
Worth proposition for potential patrons:
Netskope stays an unbiased firm in an area the place main software program and networking corporations are scooping up CASB resolution suppliers. The corporate has been delivery merchandise since late 2013. The corporate focuses closely on software discovery and SaaS safety posture assessments.
Key values/differentiators:
- Amongst its strengths are sturdy analytics instruments, together with behavioral analytics, and a strong alert system. This, amongst different issues, helps Netskope spot vulnerabilities in APIs, cellular gadgets and shadow IT.
- Gartner labeled the corporate a pacesetter in its 2018 Magic Quadrant.
- Customers report that the answer presents sturdy visibility, highly effective DLP options and glorious menace intelligence feeds.
To Take Underneath Advisement:
- Complaints revolve round difficulties configuring brokers and a restricted capability to make use of APIs for remediation. Many CASB distributors now incorporate APIs for posture evaluation as nicely.
Who makes use of it: SMBs, midrange, giant enterprises
The way it works: subscription cloud service
Oracle
Redwood Shores, Calif.
Safety Bundle: Oracle Cloud Entry Safety Dealer (CASB) Cloud Service
Worth proposition for potential patrons:
Oracle has moved past a one-solution-fits-all strategy to CASB. Its resolution, initially Palerra, presents discovery and deep visibility into SaaS functions utilizing a log-based strategy that revolves round cloud exercise. This helps the answer determine dangerous functions put in by Oracle, Salesforce and different platforms. The result’s sturdy safety monitoring, menace safety and incident response. Organizations can even license Inline DLP (for real-time detection) and API DLP (for retroactive scanning).
Key values/differentiators:
- Considered one of Oracle CASB’s strengths is a excessive stage of flexibility, together with the power to increase detection to new content material simply. As well as, customized functions working within the Java Digital Machine (JVM) require no additional motion. They’re mechanically protected.
- Lastly, Oracle CASB displays for misconfigurations and notify customers when an issue could also be current—and when the group doesn’t match trade benchmarks.
- Oracle landed as a challenger on its option to turning into a pacesetter in Gartner’s MQ. Customers reward the platform for simple integration and powerful safety capabilities however say it may well show troublesome to totally combine throughout a portfolio of cloud options.
Who makes use of it: giant enterprises
The way it works: subscription cloud service and on-premises servers
Symantec
Mountain View, Calif.
Safety Bundle: Symantec Cloud Information Safety
Worth proposition for potential patrons:
Robust cloud safety requires an array of options. Symantec delivers sturdy capabilities by its Cloud Information Safety platform, which includes merchandise previously supplied by Blue Coat. The main focus is on tokenizing or encrypting knowledge saved in SaaS functions. The platform achieves a excessive stage of safety by log evaluation and site visitors inspection. It offers cloud safety evaluation rankings by plugging in person conduct analytics, cloud utilization patterns, malware evaluation and cloud software discovery.
Key values/differentiators:
- Strengths embrace: sturdy reporting capabilities, alerts for coverage violations, extremely adaptive entry controls and a variety of predefined DLP selectors.
- Symantec is among the many leaders within the Gartner MQ. Customers say the platform delivers sturdy and mature capabilities.
Who makes use of it: Small,midrange and huge enterprises
The way it works: subscription cloud service
eWEEK repeatedly runs top-vendor articles in about 20 sectors of the IT enterprise.
