Gartner: How to Evaluate and Operate a Cloud Access Security Broker
What Is a Cloud Access Security Broker?
Gartner first introduced cloud access security brokers (CASBs) in 2012, and since then, the segment has seen tremendous evolution and growth. CASBs have become a must-have technology for controlling and securing enterprise access to cloud applications across all industry verticals. Gartner suggested that by 2020, 85 percent of large enterprises will use a CASB.
Fueling the CASB market surge is the continued increase in spend on software-as-a-service (SaaS) for business applications. As the fear of using public clouds wanes with the increased service provider dedication to platform security, the CISO is now focusing attention on increasing visibility, managing access and protecting data.
In 2014, Gartner predicted that the CASB market would impact adjacent security markets such as identity-as-a-service (IDaaS), security information and event management (SIEM), mobile device management (MDM) and others. Today, this seems like a natural progression of the CASB market.
In late 2015, IBM Security threw its hat into the CASB market with a different and unique take: Cloud Security Enforcer. This tool integrates adjacent market technologies to expand its solution scope beyond the first generation of CASB offerings. Most notably, Cloud Security Enforcer has integrated IDaaS, threat intelligence and event correlation.
Common Cloud Challenges
According to “How to Evaluate and Operate a Cloud Access Security Broker,” there are a number of key challenges facing organizations as they explore CASB solutions:
- Many enterprises lack a complete understanding of the cloud services they consume and the risks they represent, making compliance and protection difficult.
- Even when cloud services are known, many enterprises struggle to consistently verify compliance or securely handle sensitive data across these disparate services.
- Enterprises have no standardized way to detect whether compromised credentials or unmanaged devices are being used to access cloud services.
- Many vendors have entered the CASB market with a wide variety of capabilities and approaches, confusing potential customers and blurring use cases.
To learn more, watch our on-demand webinar, “Don’t Be an IT Dinosaur. Accelerate Your Cloud Evolution,” featuring Gartner Research Director Craig Lawson. Lawson has been covering the CASB space since its early development. He, along with IBM Security’s Mark Campbell, will discuss the basic pillars that make up a CASB, important SaaS security gaps and CASB recommendations to consider.