Security "Bits"

Gartner Insight on CASBs - Proxy vs API Approaches

By Rich Campagna | May 22, 2015 at 9:43 AM

taming_shadow_itIt's exciting to be part of a new space as it evolves and grows. Gartner has really stepped up their coverage of the Cloud Access Security Broker (CASB) space, with the most recent note, "Technology Overview for Cloud Access Security Broker*," (Gartner subscription required) published May 19, 2015. We believe their research cadence is a sign that they are fielding a lot of inquiries from enterprises looking for security and compliance solutions for cloud applications like Office 365 and Salesforce. As a vendor in the CASB space, we feel the rapidly increasing inbound interest in our solutions reinforces that issue.

As with any new space, every vendor has their own take on what will make its customers successful with their CASB solution, making it difficult for enterprises to wade through the noise to figure out what really matters. This is where research like what Neil MacDonald, Craig Lawson, and Jay Heiser have put out is so important. It helps to provide a framework and foundation for what matters and what doesn't.

One of the key areas that the note dives into is the topic of architecture. What's important about architecture is that it is difficult to change - it's the baked-in core of the product. Features will change and evolve, but the fundamental architecture is a decision made early-on in a company and is the foundation upon which all features are built.

Today's CASBs offer proxy-based and/or API-based approaches. Both provide some ability for an organization to gain control and visibility into data in cloud-based applications, and both are likely to be adopted by leading CASBs over time. If they haven't been already - Bitglass uses a combination of both, with proxy-mode being the main focus. While the note states that CASB features will evolve and change over time, it does make some strong recommendations on architecture, including this one:

"One important point to note is that proxy mode CASBs are actually networking vendors; they are processing traffic similar to Web gateway vendors. This is a considerably harder engineering exercise than that of using APIs. Therefore, it is relatively easy for a proxy vendor to begin supporting and using APIs (and the majority of CASBs that support proxies are doing this), but not the reverse. This means it will be considerably harder for API-only CASB providers to retrofit proxy architecture to their platforms. Ideally, organizations often want to have the best of both worlds (proxy and API). A number of providers do offer both, and it's an important point to consider when deciding on a CASB provider."

If you don't have a Gartner Subscription to access the document, you can get Gartner Research VP Neil MacDonald's thoughts on CASBs here. Or download The Definitive Guide to Cloud Access Security Brokers.


*Gartner, Technology Overview for Cloud Access Security Broker, Craig Lawson, Neil MacDonald, Jay Heiser, May 19, 2015.



see all