All Research
Executive View
Many organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of CipherCloud CASB+ which strongly matches KuppingerCole’s recommended functionality for CASBs. It provides a valuable tool that organizations can use to improve governance over their use of cloud services.

1 Introduction

Organizations are embracing the use of cloud services because of the benefits that they bring in terms of speed to deployment, flexibility and price. However, the use of these services is not well integrated into the organizations IT access governance processes and technologies.

While access to on-premises IT systems is usually well managed through access governance, the same does not always apply to cloud services. In addition, employees and associates can use personal cloud services to perform their jobs without reference to their employer. To compound the problem, mobile devices may also be used to access these services from outside of the organizational perimeter.

This creates challenges around the governance of cloud services that is needed to ensure compliance with laws and regulations as well as to manage cyber threats. The requirements for control over the transmission, processing and storage of personal data from the recent EU GDPR is one example of this. The uncontrolled use of cloud services also increases cyber-risks. Cyber adversaries may obtain unauthorized access to steal or corrupt data held in these services, as well as to implant malware that could then infect the organization using them.

In an ideal world, the functionality to manage access to cloud services and to control the data that they hold would be integrated with the normal access governance and cyber security tools used by organizations. However, these tools were slow to develop the required capabilities, and this has led to a market in CASBs (Cloud Access Security brokers) to plug the gap. It is notable that some of the CASBs on the market have already been acquired by major security software vendors and are being integrated into their toolsets.

KuppingerCole has analysed this market segment and recommends that CASBs should provide functionality that enables customers to:

  • Detect Cloud Service Usage– Identifying the cloud services being used from within an organization and providing control over their use is a key capability to manage risk. The first generation of CASBs focussed on this area providing coarse grained discovery and control using network traffic analysis and proxy gateways.
  • Control Usage of Cloud Services– access to the cloud services should be controlled so that business critical and regulated data can only be moved into approved cloud services. While employees should easily be able to access approved services, their access rights should be controlled in the same way as for other IT systems. Ideally, the access controls should be based on existing organizational directories and provide seamless access for authorized use of the approved services. Many cloud services provide granular access control capabilities, and these should be exploited.
  • Protect Data held in Cloud Services: regulated and sensitive data held in cloud services should be protected against unauthorized access and disclosure. The product should support the discovery and classification of both structured and unstructured data in cloud services as well as policy-based data security controls such as encryption, tokenization and pseudonymization without impact on the functionality of the service.
  • Protect against Cyber Risks– there are different ways in which there could be unauthorized access to a customer’s data held in the cloud service. A CASB should provide capabilities to detect cyber-threats threats to business-critical data and to protect against malware, unauthorized access and data leakage.
  • Support Compliance - many organizations depend upon their data being processed and protected in a way that is compliant with laws and regulations. To support this need, the product should provide “out of the box” capabilities aligned with specific regulations. Ideally these capabilities should be independently certified or, at least, the vendor should be able to provide examples of customers who have successfully used the product to achieve compliance.

CASBs provide a valuable tool for organizations to improve the governance over their usage of cloud services. However, it is important for a customer using these products to understand their specific requirements and select products that match these.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use