Gartner included the Cloud Access Security Broker (CASB) technology as a core element in its Secure Access Service Edge (SASE) paradigm. This makes sense because CASB is most effectively deployed as a proxy that inspects application traffic, thus serving one of SASE’s fundamental purposes in the process. It’s also timely because of the underlying changes in work, computing and security that are driving SASE adoption.
These include the need for local internet access breakouts to support exponentially growing SaaS traffic. A comprehensive CASB service provides one of the only effective capabilities to secure this traffic. However, it can be difficult for SASE adopters to monitor and effectively respond to CASB-related security alerts. Unless they can detect malicious activity quickly and respond decisively, damages will rapidly mount. Thus, a managed approach to CASB is a more suitable, effective, and economical approach for many organizations that don’t have the resources to build an in-house 24/7 security monitoring capability.
It’s worth taking a moment to review some basics about SASE and CASB, pronounced “Sassy and Casbee,” which sounds like the title of a children’s book. Far from child’s play, Gartner coined the SASE acronym last year to describe a confluence of technologies the analysts felt were necessary for securing access at the network’s edge. More of a construct than a product at this point, SASE comprises a design strategy for security and networking architecture. The SASE stack creates a high performing and easy to deploy, unified service that offers users and edge devices a variety of essential network and security-related capabilities, e.g. Software-Defined Wide Area Networks (SD-WANs), Web Application Firewalls (WAFS), Zero Trust Network Access (ZTNA), Virtual Private Networks (VPNs) and CASB, among others.
CASBs are software applications that sit in between end users and cloud resources. As their name suggests, they broker secure access to the cloud. Thus, CASBs perform access control, Software-as-a-Service (SaaS) security policy enforcement, monitor user activity and so forth. IT leaders use CASB for secure access to SaaS applications like Cloud ERP software, Salesforce.com, Microsoft Office 365, or any number of other mainstream cloud apps that handle intellectual property or sensitive customer or patient data.
Interest in SASE and CASB is on the rise, driven by the evolution of consumer and corporate technology, coupled with significant market forces. People and devices are increasingly moving away from the core data center and toward “The Edge” of the Internet and corporate networks. The growth is striking, with the global edge computing market set to reach $43 billion 2027 while growing at a rate of 37.4% per year. SaaS use is growing in parallel. According to Deloitte research, 94% of technical professionals in small and large organizations use cloud SaaS. The SaaS market itself is growing at the annual rate of 18%.
This year, we have also witnessed a stunning but entirely necessary shift to mass remote work. The COVID-19 pandemic led to many people working from home on personal devices—at the edge. What’s also remarkable is that at least 16% (and likely more) of companies expect to continue with work-from-home policies after the pandemic has subsided. This looks to be a permanent shift of information workers away from the core and to the edge, and this too calls for edge network and cloud security technologies.
The growth of the edge is exciting, but it comes with increased risk exposure. Each force moving computing out to the edge amplifies existing vulnerabilities. The following is a list of some of the highest-impact threats affecting users in each area:
A CASB solution is able to mitigate the risks to the cloud at the edge. CASB solutions come in a range of architectural designs and feature depths, but most are able to provide threat protection, data protection, identity policy enforcement and visibility into cloud activities. Collectively, these capabilities enable a robust SASE security stack for the cloud. With SaaS applications, for example, the CASB prevents data leakage and intrusions by acting as an application security proxy between the cloud app and the user.
A CASB solution should also conduct user behavior analytics. This is useful for detecting malicious activities by attackers as well as risky employee behaviors. CASB offerings even provide discovery of “Shadow IT,” those SaaS services utilized by the business without IT’s knowledge. These accounts can be a major source of risk exposure.
Some organizations may find value in a managed CASB option. Needs will vary greatly by company, of course, but in certain cases, the security operations team may want someone outside the department to handle the rigor and nuances of CASB management. One issue is the role of SASE and its CASB component in the context of the bigger SD-WAN picture. The main goal of SASE, after all, is to enable high-performing, reliable and flexible network connectivity across the enterprise.
Any security countermeasure, such as CASB, should be viewed through the perspectives of IT, network and security operations. Matters of people, budget and agility are therefore relevant. If doing CASB in-house inhibits SecOps or NetOps, or strains existing human resources, then a managed CASB becomes a requirement. SASE, in general, requires personnel in order to be an effective closed-loop process of both threat detection and response.
A managed CASB service enables an organization to strike a balance between SD-WAN performance, cost, security and agility. Managers get visibility into what their sensitive data is doing in their cloud apps—without using up their teams’ time. They can similarly enact proactive security controls on demand. Things can move a lot faster this way. Organizations can accelerate their cloud and SaaS strategies, securely rolling out new remote work and digital transformation programs
SASE is rapidly gaining traction as the dominant edge security and network operating paradigm. CASB has a critical role to play in the resulting SASE technology stack. With an effective CASB in place, organizations can protect their growing list of SaaS applications, along with users and other systems that connect with them.
Masergy offers a complete managed SASE solution which includes CASB technology from Bitglass, a “Leader” in the Gartner Magic Quadrant for CASBs. Bitglass, as the integrated CASB part of the Masergy SASE stack, provides protection for any SaaS app, any user and any device. Users derive value from its rapid deployment and scalability for ever-growing SaaS environments. Sold as a standalone solution or as part of a SASE or SD-WAN solution package, CASB is typically paired with Masergy’s managed Security Operations Center (SOC) offering, an innovation that liberates IT, security teams for more valuable work.
Engage in the SASE conversation online. Don’t forget to follow us on Twitter!
Misconceptions abound when it comes to turning SASE into a pragmatic plan. It’s easy to take SASE principles too far. Here’s a practical approach.
eWeek interviews Masergy's CEO to understand how the network is evolving as a key player in today's fast-paced digital transformation.
SD-WAN helps address the challenges of remote work, and 58% of IT decision makers expect to use hybrid access. Here’s why.