Big Tech’s Entry into the CASB Market Is Evolutionary

We’re still in the early stages of cloud security with respect to controls to secure hybrid and cloud-native environments being less mature than those built for more traditional data centers. But that’s an infrastructure view, which is in contrast to the prevalent use of SaaS apps because even the stodgiest enterprise who is trying to get comfortable with deploying production workloads in the cloud is typically already a consumer of cloud services vis-a-vis SaaS apps such as Box, Office 365, and being used by their employees. Research conducted by ESG highlights this fact with 68% of respondents reporting the use of SaaS, representing a steady increase from prior years. The question is whether these cloud apps are sanctioned and governed, or unsecured as a result of shadow IT.


CISOs I speak with express concern that the use of SaaS apps can be a data exfiltration highway if they leave shadow IT unmanaged. This issue created an enterprise requirement for cloud access management and data loss prevention functionality specifically for SaaS apps. This void has been filled, to date, by a number of venture funded Cloud Access and Control Broker (CASB) startups including Elastica, Netskope, and Skyhigh Networks who offer feature-rich solutions differentiated largely on the architectural approach for controlling access to and use of such cloud apps.


The CASB market is now clearly at an inflection point and showing signs of a pattern portending the future. Major household brands are making significant purchases and as deployments grow, so does the need for enterprise-readiness. Markets develop and major IT vendors take note—Microsoft acquired Adallom, Blue Coat acquired Percepsys, Cisco is reselling Elastica, and, in the last week, Palo Alto Networks announced its CASB offering based on the Cirrosecure technology it acquired in May while IBM Security launched Cloud Security Enforcer. The entry of these major tech vendors marks a pivotal evolutionary step in the increasingly competitive CASB market.


CASB functionality is the center of a Venn diagram of access control, data loss prevention, and threat detection complicated by mobility. Like other IT products, if you want more than visibility, you have to get over installing agents, re-routing traffic, putting something in-line, or some combination thereof. Put this reality right alongside death and taxes, pick your lesser evil, and get over it. Vendors who are positioned to meet all the circles of the diagram and are already deployed on the network, especially those operating at layer 7 and thus are already application-centric, are especially well positioned. This is why network security players are going from partnering with CASB vendors to delivering competitive functionality, and potentially vice-versa. Who else may we see enter the space? Let’s take a look at some of requirements and market dynamics.

  • Other NGFW Vendors: Palo Alto Networks can now have a conversation other next-gen firewall vendors cannot—controlling all applications, be they of the old school, on-prem variety or cloud-delivered, is a point of differentiation that will put pressure on Fortinet and others.
  • DLP 2.0: DLP products are already deployed on the wire and instrumented by some CASB products today and seem well positioned, never mind situated, to deliver cloud DLP—i.e., CASB.
  • SSL Decryption: The DLP aspect of CASB requires content inspection to determine if a user is violating policy. More specifically, determining whether, for example, text with a birthdate format is located close to text in social security number format in a payload being uploaded to cloud storage by an unauthorized user typically requires decrypting SSL traffic, hopefully without degrading performance. F5 Networks does SLL decryption especially well, making them a possible party crasher.
  • SaaS Service Providers: The battleground in the enterprise file sync and share market is in the business editions where Box, DropBox, and others are fighting it out with the victor likely the one that makes its service the most secure. Encryption and integration with SSO offerings seems like a logical roadmap for such vendors.

This leaves the pure plays getting squeezed from the entry of the major tech vendors and the SaaS vendors themselves. A few of these vendors, however, are well funded, generating appreciable cash flow, and expanding market reach via channel leverage. As a result, a Coke and Pepsi among the pure plays who have created the CASB market will emerge and continue to be market leaders, but having staying power will be predicated on proving large-scale deployments as well as their ability to partner and integrate with incumbent network security vendors. Now that the pure plays have created the market, they need to prove best of breed wins out over the stickiness and account control incumbent big tech brands leverage to cross sell new offerings.

threat intel infographic