There is no hotter space in enterprise IT right now than the cloud access security broker (CASB) market. In the past three years, CASBs have gone from a handful of early adopters doing firewall log discovery of shadow IT to a strategic security solution deployed by the world's largest enterprises to protect data in backbone business systems like Office 365 and Salesforce. At the same time, the M&A drums beat with more than $1Bn in acquisitions as Adallom, Cloudlock, Elastica, and Perspecsys have been consumed by bigger players sticking toes in the cloud security waters.
Earlier today, I received an email that has become all too common. I'll anonymize to protect both the innocent and the guilty: [Security architect at major financial institution] has been tasked to evaluate options to replace [CASB vendor] which they purchased 2 years ago as they have not been able to deliver on advertised capabilities. By end of year, they need to have selected a CASB platform to replace.
The self-professed "leading" CASB vendor being replaced prides itself on capital raised and armies of engineers offshore, yet remains undeployable even for the most well-heeled customer. Unfortunately for the enterprise in question, they learned the hard way that "agents everywhere" looks great in the lab, but cannot survive in the real world.
At Bitglass every decision we make takes into account the complexity of enterprise environments and the critical need to deploy and stay deployed in order to ensure success.
With that, drumroll please... The five ways to tell you're buying a CASB that your organization will actually deploy:
1. Can it be Deployed?
Don't be fooled by a logo farm of customers made up of one-time shadow IT assessments. The real test of a CASB comes when you deploy in production with tens of thousands of users and real-time data protection, such as cloud encryption, enabled. Make sure the logos on the website or references you are provided match your use cases and environment. It also helps to ask about churn or renewal rate - a key indicator of customer success that varies widely from one vendor to the next.
2. Supports cloud AND mobile?
When you move to the cloud, unmanaged devices and BYOD become a reality, whether you've allowed them in the past or not. And you know what? That can, and should, be a good thing. Unfortunately, the easy days of requiring that every device be managed by agents or software as a precursor to providing access are behind us - employees simply won't accept big brother IT taking over their devices. Your CASB needs to support both agent-based architecture for managed devices, and a robust, agentless architecture for unmanaged devices to balance rapid deployment, mobility and security.
3. Easy to test?
Several CASB vendors attempt to persuade enterprises to skip the proof-of-concept or trial phase. Why? Because they don't have confidence in their product. At Bitglass, every member of our sales team is eager to get the product in the hands of the customer and make sure that they test it thoroughly. Why? We have confidence in our technology and we know that the enterprise will end up a happier customer if they know that the product works in their environment before they sign-on as a customer. This should be a basic best practice and its staggering to see the number of enterprises willing to skip this critical step.
4. Bold innovation?
At Bitglass, we hold ourselves to the highest possible standard before introducing new functionality, and we make sure to look at each problem from every possible angle. Case-in-point, we worked on Harbor, our patented full-strength, searchable cloud encryption, for more than 1.5 years and only released it once we were sure that we had solved ALL of the problems that our competitors run into. We firmly believe that product shortcuts mean product shortcomings, so we avoid them at all costs.
5. Diverse technical DNA?
As a former employee of big networking/security companies like Juniper, it's tempting to hire people similar to myself - known quantities that hook up boxes with ethernet cables and deck the halls with proxy and VPN agents. While CASBs solve seemingly familiar problems (cloud DLP, access control, identity, encryption), they must be solved for an entirely new environment where mobility is productivity! Look for a heterogeneous leadership team - one that draws from enterprise security, large-scale cloud operations, data science, etc. It is this combination of disciplines that will be able bring innovative approaches to solving your security problems as you move to the cloud.
If you're satisfied with the answers to these five questions, you are well on your path to a successful CASB deployment. At Bitglass, we are 100 percent committed to the success of our customers in their quest to protect corporate data as it moves beyond the firewall. It is not about us, it is about you.