The biggest cloud security trend in the near term is the rapidly expanding cloud footprint that the typical enterprise must secure. Organizations are quickly moving beyond the core group of 8-10 apps, like Office 365 and Salesforce, that really defined the first few years of the enterprise cloud. While those apps are still a major part of the enterprise cloud footprint, it is now common to see organizations looking to protect longer tail SaaS apps, as well as packaged software and custom apps hosted on IaaS/PaaS platforms. The de facto security standard used to secure these applications is a Cloud Access Security Broker (CASB).
This broadening of the enterprise cloud will have several impacts on cloud security teams. First is that a smaller and smaller percentage of applications include security relevant APIs. This means that prior reliance on API integrations with cloud apps will diminish forcing, in some cases, a complete reliance on proxy-based modes of control.
With more apps comes more frequent changes to those applications, largely unannounced or unanticipated changes. This too causes a shift, requiring that tools like proxies, data leakage prevention, encryption, and UEBA develop the capability to automatically learn how apps change and adapt functionality dynamically to account for these changes on the fly.
Finally, the increasing number of available applications also means an exponential increase in the number of unmanaged or "shadow IT" applications in use by employees. This means that app classification databases must move from manual, human curated datasets, to dynamic, machine-learning based systems. The shift will be similar to the early days of Internet search, where Yahoo's human curated index could no longer keep pace with the growth of sites on the Internet and was quickly overtaken by the automated, algorithmic Google approach.
Anticipating this broadening of demand for more and more cloud applications, Bitglass has spent considerable effort over the past 24 months to ensure that our customers can use our CASB for ANY application, not just those in some fixed catalog that we have developed. We have added this support for our proxies, APIs, data protection, threat protection, encryption, access control, identity (MFA, SSO), and more - automating learning for both managed and unmanaged applications.
These changes ensure that our customers are supported immediately whenever the changing needs of their business demand new applications. This is part of what makes us a leader in this space, and the only Next-Gen CASB.