Cloud Access Security Broker (CASB) Report Announcement

by Spencer Gisser | 04/20/2017

With Eric Klein

VDC Research is proud to announce our upcoming inaugural CASB report. The report is scheduled for publication in June.

Security startups, particularly those with a cloud-first focus and architecture, have attracted close to $250 million in venture funding in just the last 24 months. This group of vendors have busily expanded their headcounts, grown their customer rosters, and have introduced key cloud security innovations to the market. Two notable CASB vendors have been acquired as well – Microsoft acquired Adallom in July of 2015, and Oracle acquired Palerra this past September. As this market has matured, we see CASB vendors expanding well beyond their policing “Shadow IT” roots – vendors have pivoted to address more complex cloud security challenges and have mobile security ambitions as well. We expect to see tensions grow between CASBs and Enterprise Mobile Management (EMM) vendors.

Our interest in the CASB space does not end at its flurry of recent activity – some CASB vendors are challenging the traditional dynamics between CASBs and enterprise mobile management (EMM). While successful partnerships across the security ecosystem (particularly with network and cloud security vendors) have enabled EMM vendors to enhance their functional/value proposition; we expect to see some CASB vendors position themselves to offer complementary functionality to an EMM deployment; others who have expanded into identity management are beginning to position themselves to displace an incumbent EMM deployment environment. There are divergent views among CASB vendors as to whether EMM vendors are worth partnering with; current integrations and rising competition with EMM providers are already influencing strategies for both vendor classes.

CASB vendors have broad security aspirations.
CASBs can reduce risk exposure by addressing cloud security with methods specifically tailored to this area, providing insight and tools that other security solutions do not. Further, CASBs’ fruitful investments in developing complementary mobile security functionality prove their potential in the mobile security sector—most notably, Bitglass began as a pure play CASB but has since built a user identification platform.

CASB vendors offer software and services that provide additional levels of protection to cloud services. Among their many features and capabilities, CASBs give customers control over their own encryption keys, provide insight into “Shadow IT,” and allow customers to monitor cloud usage at a level unmatched by other kinds of security methods.

  • CASBs can offer an additional layer of encryption, allowing companies to securely manage and store their own cryptographic keys. This is particularly useful to the privacy-conscious financial services industry, which must prove to regulators that it alone can access its customers’ information.
  • CASBs can monitor corporate networks for cloud traffic, alerting clients to the presence of unauthorized and often unsecured cloud applications (referred to as “Shadow IT”). More cloud services transit corporate networks than companies expect: according to Skyhigh Networks, the average enterprise uses more than 1,000 cloud services, whether the company knows it or not; this large number of cloud services is partially due to BYOD policies, which inadvertently allow employees to bring cloud services into the workplace through their own mobile devices.
  • Finally, CASBs automatically inspect cloud traffic to determine what kinds of activities are conducted through cloud applications. This information is used to calculate risk scores, flag suspicious activity, and apply and enforce security policies.

Aside from these central capabilities, CASBs amplify their capabilities by investing in additional features and integrating with other software. For example, Cisco CloudLock and Skyhigh Networks integrate with VMware, allowing them to tailor cloud policies based on alerts from its mobile platforms. Cisco CloudLock, Imperva, Netskope, and Skyhigh Networks have partnered with Centrify to enhance their user identification capabilities. Netskope has partnered with Carbon Black to provide additional endpoint protection, as well as with FireEye and Cyphort for their sandboxing capabilities. These capabilities and integrations allow CASBs to take on the challenge of mobile security, an area that they previously could only address indirectly.

Our decision to write this new report is made in light of recent changes and pivots in the CASB sector. Riding a wave of funding and consolidation, the CASB sector is percolating; below is our depiction of the notable  events that have thrust the CASB market into the spotlight.

Industry Consolidation
Industry Consolidation
Industry Funding
Industry Funding

Going forward , CASB vendors must continue to invest in innovating and expanding their solution range to incorporate sophisticated DLP and encryption functionality-EMM vendors will also be best served by keeping apprised of their own dynamic relationship with CASB vendors; they also need to not only understand that the CASB space holds heterogeneous stances, but also which CASB vendors hold which views, as this will help them plan their partnerships. Our report will detail use cases for CASB solutions, include a market forecast for the CASB market through 2021, and rate market leading vendors. Vendors will learn about the current state of the market, how specific CASB vendors compare, and most importantly, where CASB vendors will take their nuanced relationship with EMM.

For more information about VDC’s coverage of Cloud Access Security Brokers, please download our 2017 Enterprise Mobility & Connected Devices Research Outline.

Back to Top