Complete CASB solutions require a hybrid architecture with a number of technologies to deliver the following:
- Breach Discovery to analyze outbound data flows in firewall logs for Data Exfiltration AND ShadowIT.
- Visibility and Control of Data-at-rest in cloud applications using API integration with leading cloud applications such as Office365, GoogleApps, Salesforce, Box...
- Identity Management: Integrated SSO and SAML-proxy compatible with leading SSO services such as ADFS, Okta, Ping, Onelogin...
- Mobile Security:Technologies for securing sensitive data on the device, including Selective Wipe, Device Encryption, PIN enforcement, ActiveSync Proxy for visibility and control of email/contacts/calendar without agents
- Contextual Access Control: Secure access on managed devices via Forward proxy technology, secure access on unmanaged devices with zero configuration or software using Reverse-proxy and AJAX-VM technologies. AJAX-VM is a requirement to ensure availability across SaaS application updates.
- Data Protection: High-performance integrated DLP engine, watermarking and data tracking, integrated DRM that works on any browser, file encryption. DLP engine must be compatible with standards for regular expressions.
- Cloud Encryption: Searchable, AES-256 encryption of files and fields in SaaS applications such as Salesforce, OneDrive, Gdrive, Box.
Customers need complete and integrated solutions from a single vendor since latency considerations prohibit chaining together multiple CASB services in the cloud. This constraint against chaining is quite different from the typical on-premise situation where Ethernet latency is negligible, permitting multiple point-products to be chained together.
Bitglass is delighted to announce that we just filled in our last missing piece #2 "Visibility and Control of Data-at-rest" via API integrations with Office365, GoogleApps and Box. And Gartner is spot on in their report titled "Technology Overview for Cloud Access Security Broker" of 19 May 2015 when they said:
"One important point to note is that proxy mode CASBs are actually networking vendors; they are processing traffic similar to Web gateway vendors. This is a considerably harder engineering exercise than that of using APIs. Therefore, it is relatively easy for a proxy vendor to begin supporting and using APIs (and the majority of CASBs that support proxies are doing this), but not the reverse. This means it will be considerably harder for API-only CASB providers to retrot proxy architecture to their platforms. Ideally, organizations often want to have the best of both worlds (proxy and API)."
In summary, Bitglass the first and only vendor to offer a complete CASB solution.
CEO | Bitglass