The Cloud Access Security Broker (CASB) market, barely 4 years old, has rapidly evolved from a visibility tool for unsanctioned cloud apps, to the de facto data protection standard as enterprises adopt cloud and mobile. Early entrants in the space drew much press and funding, but after the early shock factor of having 100's of Shadow IT apps wore off, most were left scratching their heads what to do with that data.
Around the same time, Microsoft started making a big push with Office 365 into every enterprise imaginable, turning around the fiercest of cloud opponents. Microsoft's success, however, didn't mean that security and compliance concerns went out the window. Whereas overall security posture of cloud apps was the initial concern for most enterprises, the focus quickly shifted to whether cloud apps could be used securely. Enter Cloud Access Security Brokers.
For most organizations, securing Office 365 is the first use case where CASBs have, or will, proven strategic value to the organization. At Bitglass, we still see Office 365 as the lead app in the majority of new projects, RFPs, and other inbound requests. I don't expect that to change anytime soon, but over the last 6-9 months, I have started to see a shift towards much broader usage of the platform.
Office 365 and other well known SaaS apps are usually at the top of the list of data protection concerns, so we see those deployed first. During that process, customers get more familiar with the range of capabilities a CASB can provide - DLP, contextual access control, encryption, mobile data protection, identity, and more. Inevitably, projects pop up over the next few months and, assuming you've selected the right CASB, you already have a licensed platform that can protect Any application - SaaS apps, custom applications, IaaS platforms, or packaged software running on prem or in the public cloud.
So go ahead, come to CASB for Office 365 Security, stay for the ability to protect Any App.