Security "Bits"

Next-Gen CASB vs First-Gen CASB

By Nat Kausik | February 22, 2018 at 1:48 PM


Recently, Bitglass was selected at a Fortune 100 financial services company for their CASB platform.  During the course of the competitive process, we learned some interesting things about the CASB market. 

First-Gen CASB fall into two categories.   

  • Out-of-band First-Gen CASB that deliver API control and Shadow IT Discovery, i.e. management capabilities for cleaning up after high-risk events.  Being out-of-band, such CASB can be deployed rapidly without impact on end-users.
  • Inline First-Gen CASB with forward-proxy architectures that require agents on every device.  While such CASB can provide real-time security, they are nearly impossible to deploy outside the laboratory.    There are many enterprises who have purchased such CASB and only have a handful of users deployed after a year or more of trying.  For example, a healthcare organization in the US with 200,000 users has only 10 users deployed after 18 months of work.  And some switch to Bitglass, e.g. John Muir Health.

In other words, First-Gen CASB deliver weak out-of-band security that is deployable, or offer strong inline security that is undeployable.   Neither choice is satisfying if you are Fortune 100 financial services company.  

Bitglass is the only Next-Gen CASB, built on a hybrid agent/agentless architecture.   Our largest customers with over 100K users deployed inline security in weeks and have been in continuous production for over several years.

 Get a free trial of the Bitglass Next-Gen CASB today.



see all