The cloud access security broker (CASB) market is exhibiting all the signs of rapid maturation — active buying motions, channel engagement, enterprise-ready requirements, and consolidation. Makes sense — the strong adoption of cloud apps, including the prevalence of Shadow IT apps, necessitates purpose-built solutions to secure sensitive data headed northbound and prevent threats coming in southbound. That is, the game of catch-up that many IT and security professional are playing to secure cloud apps their organization are already using is driving CASB evaluations and deployments. Enter Cisco into this market vis-a-vis its announced intention to acquire CloudLock.
At its core, CASB is about intermediating an end-user’s access to the cloud to apply data loss prevention policies and detect threats. As such, and on the heels of Symantec’s acquisition of Blue Coat (driven in part to expand its cloud security portfolio), Cisco’s entry into the CASB market is a natural. What does it mean to this market on an accelerated rate of development?
- CASB is a network security play. OK, wait, I know, I know — integration with cloud APIs is required to applying DLP policies, especially retrospectively, and for inspecting the backend stores for malware. But even CASBs that do not offer their own secure web proxy gateway parse the logs of others to discover what cloud apps are in use. And those who do offer their own cite the ability to do content inspection in-line and in the cloud. The pros and cons of SSL decryption and API latency can be legitimately argued, but the point here is that with Palo Alto Networks, Blue Coat (Symantec), and now Cisco all offering a CASB, it has become a network security play.
- Synergies galore move the goal posts. Cisco’s extensive security portfolio represents numerous synergies with respect to integrations from which incremental value can be delivered on the CloudLock platform including threat intel from Cisco’s Talos team, and network controls across the spectrum of OpenDNS, gateway and next-gen firewall and more to deliver a robust multi-mode offering.
- Extending the platform beyond SaaS. Today’s platforms are more than a set of features aggregated into suites that ride on a platform. In today’s software-driven world APIs are a must for bolting in best of breed tech. CASB has multiple touch points and thus must be based on an open, API-driven platform to enable future integrations. CloudLock was well down the platform path, including extending into IaaS and PaaS via support for custom apps.
- What about the workload? When it comes to cloud security Trend Micro, Intel Security, Symantec, and upstart party crasher Threat Stack will rightfully argue that the workload is the source of truth in that system integrity monitoring is required to detect intrusions based on anomalous activity. And CASB vendor Palerra touts support for SaaS and IaaS as a key differentiator. Like CASB, a big part of the debate here is around the how — on-board agent, API usage monitoring, micro-segmentation — with the pragmatic answer also being, as is the case with CASB, multi-mode because very often the best ways to do things are not mutually exclusive.
Along with CloudLock, Skyhigh Networks and Netskope deserve credit for creating this market and continuing to innovate and challenge the definition of a CASB. Dare I say that for such an early stage market we’re already seeing some next-generation offerings. But some are still fixated on the pros and cons of implementation options when, based on customer conversations, those vendors who focus on outcomes and use cases and then substantiate their ability to deliver on those with the right architecture are better positioned to win the day. In the land of CASB, daylight is truly burning!