How does Cloud Access Security Broker (CASB) fit into the SASE paradigm?
Gartner included the Cloud Access Security Broker (CASB) technology as a core element in its Secure Access Service Edge (SASE) paradigm. This makes sense because CASB is most effectively deployed as a proxy that inspects application traffic, thus serving one of SASE’s fundamental purposes in the process. It’s also timely because of the underlying changes in work, computing and security that are driving SASE adoption.
These include the need for local internet access breakouts to support exponentially growing SaaS traffic. A comprehensive CASB service provides one of the only effective capabilities to secure this traffic. However, it can be difficult for SASE adopters to monitor and effectively respond to CASB-related security alerts. Unless they can detect malicious activity quickly and respond decisively, damages will rapidly mount. Thus, a managed approach to CASB is a more suitable, effective, and economical approach for many organizations that don’t have the resources to build an in-house 24/7 security monitoring capability.
SASE and CASB: How they work together
It’s worth taking a moment to review some basics about SASE and CASB, pronounced “Sassy and Casbee,” which sounds like the title of a children’s book. Far from child’s play, Gartner coined the SASE acronym last year to describe a confluence of technologies the analysts felt were necessary for securing access at the network’s edge. More of a construct than a product at this point, SASE comprises a design strategy for security and networking architecture. The SASE stack creates a high performing and easy to deploy, unified service that offers users and edge devices a variety of essential network and security-related capabilities, e.g. Software-Defined Wide Area Networks (SD-WANs), Web Application Firewalls (WAFS), Zero Trust Network Access (ZTNA), Virtual Private Networks (VPNs) and CASB, among others.
What is CASB?
CASBs are software applications that sit in between end users and cloud resources. As their name suggests, they broker secure access to the cloud. Thus, CASBs perform access control, Software-as-a-Service (SaaS) security policy enforcement, monitor user activity and so forth. IT leaders use CASB for secure access to SaaS applications like Cloud ERP software, Salesforce.com, Microsoft Office 365, or any number of other mainstream cloud apps that handle intellectual property or sensitive customer or patient data.
Forces driving SASE and CASB adoption
Interest in SASE and CASB is on the rise, driven by the evolution of consumer and corporate technology, coupled with significant market forces. People and devices are increasingly moving away from the core data center and toward “The Edge” of the Internet and corporate networks. The growth is striking, with the global edge computing market set to reach $43 billion 2027 while growing at a rate of 37.4% per year. SaaS use is growing in parallel. According to Deloitte research, 94% of technical professionals in small and large organizations use cloud SaaS. The SaaS market itself is growing at the annual rate of 18%.
This year, we have also witnessed a stunning but entirely necessary shift to mass remote work. The COVID-19 pandemic led to many people working from home on personal devices—at the edge. What’s also remarkable is that at least 16% (and likely more) of companies expect to continue with work-from-home policies after the pandemic has subsided. This looks to be a permanent shift of information workers away from the core and to the edge, and this too calls for edge network and cloud security technologies.
Security risks of remote work and edge computing
The growth of the edge is exciting, but it comes with increased risk exposure. Each force moving computing out to the edge amplifies existing vulnerabilities. The following is a list of some of the highest-impact threats affecting users in each area:
- Edge compute—Devices at the edge tend to be more vulnerable to attacks than their counterparts inside the data center. This is partly a matter of architecture. They’re sitting outside of multi-layered defenses. It’s also about incomplete endpoint protection and the poor security design of Internet of Things (IoT) devices. Data breach is another heightened threat at the edge, as is the takeover of edge devices as a pathway for hackers to enter the core of the network.
- SaaS—SaaS solutions tend to contain a great deal of sensitive data, such as customers’ personally identifiable information (PII) and financial records. Thus, a data breach of a SaaS solution can be a major security event. Furthermore, if hackers are able to compromise SaaS accounts, they can engage in phishing attacks that truly appear as if they are coming from inside the organization. Alternatively, if hackers are inside a SaaS application, they can distribute malware back out to other users’ endpoints.
- Remote work—When people work remotely, especially on personal devices and home broadband connections, they are vulnerable to phishing attacks. Hackers can more easily impersonate coworkers when everyone’s at home. And, once a hacker has taken over a remote worker’s device, he or she can penetrate the network, generally more easily than has been possible before. Remote workers may also insecurely share confidential information outside the network, perhaps by accident.
How CASB, within SASE, mitigates these risks
A CASB solution is able to mitigate the risks to the cloud at the edge. CASB solutions come in a range of architectural designs and feature depths, but most are able to provide threat protection, data protection, identity policy enforcement and visibility into cloud activities. Collectively, these capabilities enable a robust SASE security stack for the cloud. With SaaS applications, for example, the CASB prevents data leakage and intrusions by acting as an application security proxy between the cloud app and the user.
A CASB solution should also conduct user behavior analytics. This is useful for detecting malicious activities by attackers as well as risky employee behaviors. CASB offerings even provide discovery of “Shadow IT,” those SaaS services utilized by the business without IT’s knowledge. These accounts can be a major source of risk exposure.
Why managed CASB makes sense for many organizations
Some organizations may find value in a managed CASB option. Needs will vary greatly by company, of course, but in certain cases, the security operations team may want someone outside the department to handle the rigor and nuances of CASB management. One issue is the role of SASE and its CASB component in the context of the bigger SD-WAN picture. The main goal of SASE, after all, is to enable high-performing, reliable and flexible network connectivity across the enterprise.
Any security countermeasure, such as CASB, should be viewed through the perspectives of IT, network and security operations. Matters of people, budget and agility are therefore relevant. If doing CASB in-house inhibits SecOps or NetOps, or strains existing human resources, then a managed CASB becomes a requirement. SASE, in general, requires personnel in order to be an effective closed-loop process of both threat detection and response.
A managed CASB service enables an organization to strike a balance between SD-WAN performance, cost, security and agility. Managers get visibility into what their sensitive data is doing in their cloud apps—without using up their teams’ time. They can similarly enact proactive security controls on demand. Things can move a lot faster this way. Organizations can accelerate their cloud and SaaS strategies, securely rolling out new remote work and digital transformation programs.
SASE and CASB from Masergy
SASE is rapidly gaining traction as the dominant edge security and network operating paradigm. CASB has a critical role to play in the resulting SASE technology stack. With an effective CASB in place, organizations can protect their growing list of SaaS applications, along with users and other systems that connect with them.
Masergy offers a complete managed SASE solution which includes CASB technology from Forcepoint, a “Leader” in the Gartner Magic Quadrant for CASBs. Forcepoint, as the integrated CASB part of the Masergy SASE stack, provides protection for any SaaS app, any user and any device. Users derive value from its rapid deployment and scalability for ever-growing SaaS environments. Sold as a standalone solution or as part of a SASE or SD-WAN solution package, CASB is typically paired with Masergy’s managed Security Operations Center (SOC) offering, an innovation that liberates IT, security teams for more valuable work.
Read more articles in the SASE Straight Talk series:
- How do you tease out the differences in SASE solutions?
- Is there more than one way to SASE?
- What lies beyond SASE?
- Can I skip SD-WAN and jump straight to SASE?
- Why are there so many different interpretations of SASE?
- Is SASE real or just a concept?
- What are the benefits of SASE?
Engage in the SASE conversation online. Don’t forget to follow us on Twitter!
Interested in learning more about SD-WAN?
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
SASE from Masergy: Best-of-breed technologies, broad choices, and security that goes beyond SASE
Here’s a look at Masergy’s approach to SASE, the enhancements we have made, and how we’re leaning into network-security convergence.
Masergy Strengthens Its SD-WAN Secure Solution with Deeper SASE Capabilities
Masergy, the software-defined network and cloud platform for the digital enterprise, announced that it is strengthening its SD-WAN Secure solution to offer Secure Access Service Edge (SASE) capabilities
Masergy Receives Frost & Sullivan Technology Innovation Leadership Award for Managed SD-WAN Solution with AIOps
Masergy Named Most Innovative Managed SD-WAN Service Provider by Frost & Sullivan
What lies beyond SASE?
Do SASE solutions reach far enough? Here’s a look at what’s inside the SASE framework today, and where it could go in the future.
The permanency of remote healthcare calls for UCaaS + SD‑WAN + Security
Healthcare IT leaders are reducing the complexity of digital transformation by addressing UC, the network, and security in one unified strategy.
Can I skip SD-WAN and jump straight to SASE?
Want to switch from SD-WAN to SASE midstream? These RFP questions can help you roll your IT modernization project into a larger investment.
The future of the network is autonomous: WFH strategies prepare for self-driving networks
While IT leaders are enabling the remote workforce, they are also building an autonomous network. Leverage your investments today for innovation tomorrow.
What are the benefits of SASE?
Why do businesses need SASE and more importantly does it help with work from home? Here’s how SASE solutions deliver real value.
Masergy Launches SD-WAN Work From Anywhere Solutions
Masergy Launches SD-WAN Work From Anywhere Solutions, which extend the value of Masergy SD-WAN Secure to Home and Mobile Users
How do you tease out the differences in SASE solutions? Tech stacks set providers apart
Planning a move toward SASE? Here are three ways to make apples-to-apples comparisons, teasing out the differences in solutions.
SASE from Fortinet & Masergy: Converging best-of-breed network and security solutions recognized by Gartner
SASE is consolidating best-of-breed technologies into one cloud service, and it’s here where the Masergy-Fortinet offering stands above the rest.
Is there more than one way to SASE? Cloud separates two strategies, schools of thought
Are firewalls becoming a dividing line between SASE strategies? Why some IT leaders choose a cloud-managed approach over a cloud-native one.
Is SASE real or just a concept?
When it comes to SASE validity, there are lots of opinions. Here’s a look from all sides and tips for how to evaluate SASE architecture.
Masergy Named Most Innovative Managed SD-WAN Service Provider by Frost & Sullivan
Masergy Announces Zenith Partner of the Year Awards
Co-managed SD-WAN: IT decision makers are leaning in but how do you get the best of both worlds?
What’s the difference between a fully managed SD-WAN service and a co-managed service? Here’s how to get the best out of shared responsibilities.
Why are there so many different interpretations of SASE?
Ask people what SASE is and you’ll likely get 10 answers. While the newness of SASE is a factor in the confusion, here’s what SASE is and what it’s not.
Masergy SD-WAN wins Leading Lights 2020 Award for Most Innovative SD-WAN Service
Masergy releases 2020 SD-WAN Market Trends Report
IDG study finds SD-WAN as key enabler for working from anywhere
Data shows remote work has triggered a modernization of business operations and the network. Explore the highlights from the new IDG study.
The business case for Masergy’s new SD-WAN Secure solutions
Masergy’s new SD-WAN portfolio gives companies of every size unrivaled application performance along with more flexibility and choice.
Masergy launches new Partner Program for accelerated SD-WAN market
Masergy launches SD-WAN enhancements: More options and trailblazing SLAs meet the needs of any transforming business
Masergy expands its SD-WAN portfolio offering the broadest choice, flexibility, and built-in SASE
Masergy announces the SD‑WAN industry’s most competitive Service Level Agreements
Work-from-Anywhere Study: ZK Research webinar explores IT trends and SD-WAN urgency
ZK Research data shows IT spending is up, and the value of the network has increased. Don’t miss the latest SD-WAN strategies in this online event.
Oldcastle infrastructure selects Masergy SD-WAN to build high-availability network for digital transformation
SD-orchestration: SD-WAN and application performance management
SD-WAN has redefined network management, and how you deploy it can impact success. Get the six elements of SD-orchestration and key considerations.
WAN automation: Why SD‑WAN is only step one and what’s needed to reach full autonomy
Networks are on their way to becoming “self-driving.” Understand the current state of networking automation and what’s needed to reach full autonomy.
Elements of SD-WAN & SASE platforms: Differentiators, characteristics and the hidden secret
SD-WAN solutions are now platforms, but what does that mean? Moreover, what differentiates platforms from solution sets? Here’s the hidden secret.
5G and fixed wireless: Where does it fit in your SD-WAN connectivity strategy?
With SD-WAN’s many connectivity options, when do you deploy 4G and 5G links and when should you avoid them? Here’s how Masergy advises its clients.
COVID-19 is changing how IT thinks about MPLS: What networks and leaders need now
The idea of converting all your private network connections into public ones is being challenged. Attitudes are shifting. Here’s what it shows us.
What digital transformation looks like now: Omdia webinar has the outlook for Europe
Research from European enterprises surveyed as the pandemic lockdown began helps IT leaders identify new trends and what businesses need now.
Extending secure SD-WAN to secure SD-Branch: The convergence of WAN and LAN at the edge
SD-WAN is giving way for terms like SD-Branch. Understand the benefits and how SD-Branch is addressing security challenges at the network edge.
Network security and automation: Why you need user identity analytics now
Here’s a guide to understanding the value of user identity analytics and why these details are increasingly important for security today and network automation tomorrow.
Advancing SD-WAN security and control, Masergy introduces identity-based WAN analytics
SD-WAN management portals typically track only IP traffic for entire sites, but Masergy’s SD-WAN gives you per-user analytics as a standard offering.
The autonomous enterprise: Building your digital vision
Masergy's CTO, Chris MacFarland, teaches you how to reach the milestone of true autonomy. This article originally appeared in Forbes.
The impact of COVID-19 on corporate networks: VPN connections skyrocket, increasing by 676%
See how Masergy’s network is changing in light of Coronavirus. Get tips for fast VPNs and understand shifts in digital transformation priorities.
COVID-19: Prioritizing health & safety
Learn how Masergy is acting with urgency to protect employees, clients, and business continuity. We explain how Masergy helps clients respond and how he virtualized the company.
Masergy wins Stevie® award for Sales & Customer Service
How security threats are evolving now: the cause and effect on security strategy
How do you keep up with advanced threats? Explore the causes behind more frequent attacks and the assumptions your security strategy needs to make now.
20 things you didn’t know about Masergy
With 20 years of history, Masergy is full of fun factoids. Explore the pioneering moments, pivotal transformations, and tales from the startup days.
4-time Visionary: Gartner positions Masergy as Visionary in 2020 Magic Quadrant for Network Services, Global
Get a free copy of Gartner's report. Learn how Masergy pioneered software-defined networks and is building the autonomous networks of tomorrow.
How SD-WAN is converging network, security and AI
Many technologies are uniting under SD-WAN. Learn what’s changed and why new additions are starting to look like autonomous networking.
Masergy celebrates 20 years of success marked by service excellence and early SD-WAN innovation
Masergy’s biggest innovation milestones
2020 marks Masergy’s 20th anniversary. The celebration starts with our top innovation landmarks and where we’re going next.
Small beginnings, big impact: Terry Traina reflects on Masergy’s legacy
In celebration of Masergy’s 20th anniversary, we’re honoring our greatest leaders and key players. Here’s the story of Terry Traina, Masergy’s Chief Digital Officer.
Scrappy startup delivers leading network performance: Mark McCann explains Masergy’s early innovation
3 common problems with security services and what you should be getting
Are you getting value out of your security services? These frequent pain points illustrate how partners should be strengthening your security posture.
Masergy AIOps wins 2020 BIG Innovation award
Harnessing the power of AIOps: Paving the way to autonomous networking
AIOps puts a virtual network engineer on your team, but it’s also paving the way for autonomous networking. Get the requirements and four next steps.
Fortinet & Masergy: The security-driven approach to SD-WAN
Here’s a fully managed SD-WAN solution that helps organizations truly transform the WAN edge with a security-driven approach.
Shadow IT: Getting the visibility you need
Think you only have 30-40 apps running on your network? It’s probably more like 900+. Here’s a quick guide to handling the blind spots of shadow IT.