CASB TOOLS FOR CLOUD APPLICATION AND DATA PROTECTION
Gartner predicts that by 2022, “sixty percent (60%) of large enterprises will use Cloud Access Security Brokers (CASB), up from the twenty percent (20%) that used them at the end of 2018. Several years ago, many enterprises purchased CASBs to stem the tide of what was then called shadow IT (unapproved IT activities). CASB tools are evolving and many analysts feel CASB will soon be just as important as firewalls.” (CSO Online)
Hybrid Pathways Insight: It is worth noting the gray area between CASB and DLP. In many cases these tools are marketed to address very similar issues. If your company has mature DLP capabilities, then CASB may be less critical. CASB offers more than DLP but many companies are using it only for DLP today. For example, companies can use CASB for application session control and SaaS application protection. Companies can route traffic through CASB for added protection in the shifting and software-defined internet perimeter. In addition to native CASB options, companies should look for 3rd party tools that can expand security across cloud deployments and meet a wider range of use cases. CASB solutions can also help enterprises evolve to a secure Direct Internet Access and “Regional Breakouts” strategy for their workforce members where there are many points of egress to an enterprise’s cloud hosted applications (instead of a single point of access via connection to a data center). CASBs offerings can filter, monitor and act on traffic across many points of egress to cloud hosted applications.
Again, there is no silver bullet and a comprehensive, holistic security strategy that includes DLP and CASB must include integrated and / or independent technology solutions that can meet the risk tolerance thresholds for protecting an enterprise’s sensitive data.
Hybrid Pathways surveyed IT/security leaders and chief architects at enterprise companies across industries in New England. The goal was to provide peer experience and feedback that could help with decision making and planning. This summary provides valuable feedback from 22 senior IT/security leaders and chief architects from large enterprise companies.