By Samuel Greengard
It’s no secret that cloud computing has changed enterprise security requirements. As organizations adopt new services, applications and methods to manage data, the need to address changing data models and threat risks is essential. According to Alert Logic’s 2017 Cloud Security Report, the number of cloud security incidents occurring in an 18-month span extended beyond 2.2 million. “Smart attackers, always seeking the weakest spots in network defenses, understand the changing attack scene and have retooled accordingly,” the report noted.
Today, organizations must address an array of issues that revolve around web applications, data flow, network designs, cloud infrastructure and other key areas. Although major cloud providers typically offer robust built-in protections—including strong authentication, encryption and malware detection—there are often gaps in protection that result when organizations rely on multiple cloud service providers, different network topologies and numerous applications. These risks often involve key areas such as web application firewalls (WAFs), secure web gateways (SWGs) and data loss prevention (DLP).
Cloud access security brokers (CASB) take aim at this issue. As Gartner puts it: “They deliver differentiated, cloud-specific capabilities generally not available as features in other security controls.” What’s more, “CASB vendors understand that for cloud services the protection target is different: it’s still your data but processed and stored in systems that belong to someone else.” Consequently, CASBs store policy management information and governance details across multiple cloud services. This delivers granular visibility and stronger controls. Gartner predicts that by 2022, 60 percent of large enterprises will use a CASB to govern cloud services, up from 20 percent today.
Here’s a look at 10 of the top vendors in the cloud security space. These ratings were created with data and reviews from Gartner Peer Insights as well as G2 Crowd and IT Central.
Headquarters: Campbell, Calif.
Security Solution: Bitglass Next-Gen CASB
Bitglass runs natively from the cloud but it also can be deployed as a Docker container that serves as a host on-premises. The vendor has emerged as a leader in the CASB space by introducing a zero-day approach heavily tilted toward trust ratings, trust levels and at-rest encryption that’s tightly integrated with enterprise compliance and governance requirements. The platform, which extends to mobile security and shadow IT controls, is powered by an agentless “AJAX Virtual Machine (VM)” abstraction layer transparently embedded within a user’s browser to support real-time data protection in specific scenarios, including unmanaged devices. Bitglass CASB features an automated learning mode, digital watermarks, and strong data loss prevention. On the downside, Gartner points out that the solution isn’t able to modify SaaS application native security controls and it is limited in its ability to assign and consumer Azure Information Protection templates. Overall, Gartner rated Bitglass a leader in its 2018 Magic Quadrant ratings. Users say that the solution is intuitive and offers powerful capabilities.
Headquarters: San Jose, Calif.
Security Solution: CipherCloud CASB+
Encryption and tokenization are key elements of cloud security. CipherCloud, which has offered a CASB solution since 2011, places a heavy emphasis on data protection through cloud-native security and compliance across SaaS, PaaS and IaaS platforms. The solution offers robust cloud-based visibility and controls—extending to applications running in the cloud—and it can manage both structured and unstructured data. One of the biggest strengths of the solution is an ability to encrypt data before delivering it to SaaS applications—while preserving partial application functionality. The solution manages keys for SaaS-native encryption mechanisms in the CipherCloud or a KMIP-compliant key management server. Potential weakness includes adaptive access controls and continuous risk assessment tools that trail competitors, Gartner noted. It positioned the company between a visionary and leader in its Magic Quadrant. Some adopters rate the product a bit difficult to use and say it’s a bit pricy. Overall ratings are extremely high.
Headquarters: San Jose, Calif.
Security Solution: Cisco Cloudlock
Cisco acquired Cloudlock in 2016 and has strived to incorporate the company into its portfolio of cloud-based products. The CASB solution offers a number of powerful capabilities, including the ability to configure policies dynamically and aggregate users into specific groups, based on real-time actions and behavior. The solution can also constrain user behavior, thus providing a powerful form of adaptive access control. In addition, Cloudlock provides powerful controls, based on OAuth, that can override permissions and block certain types of cloud attacks. A strong API framework helps organizations extend controls to SaaS applications that do not include native support for these and other features. One of the drawbacks to the approach Cloudlock takes is that all these features and controls are based on sanctioned applications that provide APIs. Cisco also offers no support for CSPMs. Users rate the platform as easy-to-implement, powerful and highly scalable.
Identifying shadow IT, preventing compromised accounts and ensuring secure mobile access to cloud apps covers a broad expanse of enterprise security requirements. Clouds ratchet up the challenges exponentially. Forcepoint CASB focuses on these issues. It delivers a broad package of security products that revolve around secure web gateways, email security, user and entity behavior analytics, DLP and data security, and imposing a network firewall. The solution delivers a powerful engine that meshes with workflows and enterprise policies. It also offers risk scoring, anomaly detection, strong analytics and metrics tools, real-time oversight and powerful application governance. The focus is heavily tilted toward business applications. One of the key cautions for adopting the platform revolve around an inability to configure control policies toward preferred SaaS applications. Users describe the solution as powerful, granular and highly flexible. Gartner rates it in the middle of its quadrant.
McAfee acquired Skyhigh Networks in January 2018. The solution bolstered the company’s existing portfolio of DLB, SWG and network sandboxing technologies. McAfee’s strengths lie in its powerful dashboard, high level of configurability and flexibility, real-time capabilities, and strong DLP controls. Gartner notes: “McAfee offers extensive CSPM capabilities that exceed those of even some pure CSPM vendors. It includes strong auditing and compliance scanning plus multiple options for automatic and guided manual remediation.” Potential drawbacks in include: the ability to configure error messages for specific users and gaps in certain types of notifications, particularly involving real-time APIs. McAfee ranks the solution among the leaders. Users give the solution high marks and say it provides strong controls, particularly in finding shadow IT.
Microsoft’s acquisition of Adallom in 2015 broadened the company’s security solutions. MCAS offers a reverse-proxy-plus-API CASB that can operate independently or part of Microsoft’s Enterprise Mobility + Security (EMS) suite. This includes tools for Azure and other applications and components. The solution also includes threat protections and sophisticated analytics. Gartner describes the interface as “intuitive” and says that the solution handles complex policies using a visual editor. This makes the process simpler by eliminating scripting and programming. It also offers suggestions and hints that can guide an organization to more robust cloud security. Finally, it delivers strong automation, particularly around watermarking and encryption. Gartner positions in the company in the “challenger” quadrant, while users say that while it can be a bit tricky to implement, it delivers powerful features and strong protections.
Headquarters: Santa Clara, Calif.
Security Solution: Netskope Security Cloud
Netskope remains an independent company in a space where major software and networking companies are scooping up CASB solution providers. The company has been shipping products since late 2013. The company focuses heavily on application discovery and SaaS security posture assessments. Among its strengths are strong analytics tools, including behavioral analytics, and a robust alert system. This, among other things, helps Netskope spot vulnerabilities in APIs, mobile devices and shadow IT. Gartner labeled the company a leader in its 2018 Magic Quadrant. Users report that the solution offers strong visibility, powerful DLP features and excellent threat intelligence feeds. Complaints revolve around difficulties configuring agents and a limited ability to use APIs for remediation. Many CASB vendors now incorporate APIs for posture assessment as well.
Headquarters: Redwood Shores, Calif.
Security Solution: Oracle Cloud Access Security Broker (CASB) Cloud Service
Oracle has moved beyond a one-solution-fits-all approach to CASB. Its solution, originally Palerra, offers discovery and deep visibility into SaaS applications using a log-based approach that revolves around cloud activity. This helps the solution identify risky applications installed through Oracle, Salesforce and other platforms. The result is strong security monitoring, threat protection and incident response. Organizations can also license Inline DLP (for real-time detection) and API DLP (for retroactive scanning). One of Oracle CASB’s strengths is a high level of flexibility, including the ability to expand detection to new content easily. In addition, custom applications running in the Java Virtual Machine (JVM) require no further action. They are automatically protected. Finally, Oracle CASB monitors for misconfigurations and notify users when a problem may be present—and when the organization doesn’t match industry benchmarks. Oracle landed as a challenger on its way to becoming a leader in Gartner’s MQ. Users praise the platform for easy integration and strong protection capabilities but say it can prove difficult to fully integrate across a portfolio of cloud solutions.
Palo Alto Networks
Headquarters: Santa Clara, Calif.
Security Solution: Palo Alto Aperture
Palo Alto Networks acquired CirroSecure in 2015. It has since relaunched the solution to include more focused cloud security tools. Today’s solution is heavily focused on discovery along with SaaS policy and security management. Aperture includes strong data classification and monitoring tools, DLP, user activity tracking, known and unknown malware protection and detailed risk and usage reporting. Among its strengths is an ability to identify SaaS and non-SaaS web applications that can be used to exfiltrate data. It also delivers comparisons to multiple industry baselines and it suggests configuration changes to improve compliance. Cautions include configuration complexity and a lack of functionality in a few key areas, including reverse-proxy inspections. Gartner rates Palo Alto Networks as a niche player in the CASB space. Users say that Aperture is an excellent product with strong functionality, though it lacks some desirable features. They rate the company’s support high.
Headquarters: Mountain View, Calif.
Security Solution: Symantec Cloud Data Protection
Strong cloud security requires an array of features. Symantec delivers strong capabilities through its Cloud Data Protection platform, which incorporates products formerly offered by Blue Coat. The focus is on tokenizing or encrypting data stored in SaaS applications. The platform achieves a high level of protection through log analysis and traffic inspection. It provides cloud security assessment ratings by plugging in user behavior analytics, cloud usage patterns, malware analysis and cloud application discovery. Strengths include: strong reporting capabilities, alerts for policy violations, highly adaptive access controls and a wide range of predefined DLP selectors. Symantec is among the leaders in the Gartner MQ. Users say the platform delivers strong and mature capabilities.