The cloud access security broker (CASB) market has changed drastically over the last few years. As more and more organizations move to the cloud and make use of cloud applications, they are faced with the reality that their IT departments are ultimately responsible for protecting data at rest in the cloud and on endpoints that have access to that data. Unfortunately, while many cloud apps feature improved infrastructure security and rapid application updates, gaps in native security features still exist.
According to Gartner’s CASB Platforms Deliver the Best Features and Performance report by Craig Lawson, Neil MacDonald, Sid Deshpande, Brian Reed, and Steve Riley, Strategic Planning Assumptions say that, “By 2018, 40% of Office 365 deployments will rely on third-party tools to fill in gaps in security and compliance, which is a major increase from fewer than 10% in 2015.”
This rapidly-evolving market is causing many vendors to focus on niche areas of data security rather than on building a platform for comprehensive cloud and mobile data protection. As a result, many fail to address some of the most critical challenges facing cloud-first and mobile-first organizations.
We believe some CASB vendors that claim to offer comprehensive data protection provide a limited subset of features and ultimately add little value over security capabilities offered natively by cloud app vendors.
Among the top four questions security and risk management professionals should ask when choosing a CASB are the following:
- Does this vendor support any application or just SaaS applications? Can the security solution protect data in IaaS, private cloud, and on-premises applications?
- Can this vendor secure both managed and unmanaged devices?
- Does this vendor offer mobile security?
- Does this vendor enable visibility and offer granular controls over data to match our premises capabilities?
If the answer is no to any of those questions, security professionals should closely evaluate the CASBs capabilities and consider whether it aligns with internal requirements around data protection and long-term security needs.
Download the full report here.