The market for cloud access security brokers (CASBs) has only been in existence for a few years, and most CASB vendors are startups funded by venture capital. Some CASBs have already been acquired by larger companies such as Palo Alto Networks, Blue Coat Systems and even Microsoft.
Cloud access security brokers rely on proxying or cloud provider APIs (or a combination of both) to get access to and control of cloud data, and offer on-premise or SaaS CASB security to their customers.
Gartner expects the industry to consolidate to about seven or eight cloud access security brokers over the next two years, but for now there are many more. Here are some CASB vendors worth investigating further.
Bitglass CASB system employs a "multimode" architecture, using a forward proxy and ActiveSync proxy for managed devices, a reverse proxy for unmanaged devices and APIs to provide visibility and control for data at rest in cloud applications including Salesforce, Google Apps, Office 365, Box and ServiceNow.
Employees are authenticated via existing identity management infrastructure. For companies that don't use SSO already, Bitglass provides SAML SSO and native Active Directory integration to eliminate the need to deploy another solution.
Bitglass' approach to cloud encryption maintains security application functionality including sorting, wildcard search and autocomplete.
Perspecsys Cloud Data Protection Gateway can be deployed in a wide range of configurations with optional server components. The core system in the Gateway is the server, acting as a forward or a reverse proxy.
In addition to monitoring and reporting on cloud use and encrypting and tokenizing data in accordance with an enterprise's data protection policies, the server intelligently indexes encrypted and tokenized data. These indices play a central role in the platform's ability to preserve cloud application functionality - such as searching or generating reports - on data that has been encrypted.
A management console allows authorized users to define and maintain data discovery, analysis and protection policies. Supported applications include Salesforce, ServiceNow and Oracle cloud applications.
Perspecsys was purchased by Blue Coat in July.
Adallom, which was purchased by Microsoft in September, delivers visibility, governance and protection for popular SaaS applications.
Its CASB product provides visibility into application usage; monitors privileged user accounts; prevents sensitive data leakage to unmanaged devices; manages the sharing of confidential corporate data; identifies malicious data exfiltration; and addresses regulatory and compliance mandates for cloud data.
The platform can be deployed as a 100 percent SaaS offering or installed on-premise, and works both in proxy mode and API mode.
Adallom's application templating framework secures data in any cloud application, including Salesforce, Google Apps, Box, Office 365, Jive, SAP Success Factors, AWS, ServiceNow, Ariba and DropBox. Custom, home-grown applications can also be supported.
CloudLock delivers security for any cloud application and platform, including IaaS, PaaS and IDaaS. Its CASB offering is completely SaaS based and works in API mode. That means it requires no changes to the underlying infrastructure and no network configurations, agents, proxies or gateways.
CloudLock discovers cloud apps authorized by any users or administrator, and provides the ability to whitelist or blacklist them based on risk profile and access scope.
The cloud access security broker offers specific API-based solutions for Salesforce, Google Apps, Dropbox, Box, ServiceNow, AWS, Office365 and Slack, while supporting any other cloud-based apps.
Elastica's CloudSOC platform has a modular design, with four modules that can be picked and chosen: Audit, for discovery; Detect, to detect cloud security threats; Protect, to provide unified controls across cloud services; and Investigate, to perform post-incident investigations and forensic analysis.
It also offers Securelets: standalone APIs that provide security functionality for specific cloud apps including Box, Google Drive, Yammer, Salesforce and Office365. These Elastica Securelets are deployed in conjunction with the Elastica Apps to provide more fine grained control and monitoring.
Elastica is owned by Blue Coat.
Netskope is deployed primarily as a cloud service. The Netskope cloud is built on the backbone of the Internet and is hosted in private data centers that are SOC-1, Type II and SOC-2, Type 1 and Type II certified.
After signing up for Netskope, customers get secure access to a dedicated private cloud tenant. The next step toward cloud data security is to steer cloud app traffic to the tenant.
Netskope offers a choice of non-mutually exclusive in-line and out-of-band deployment options, from a forward proxy with no agent footprint required, to a reverse proxy for sanctioned cloud apps, to API connectors that provide near real-time visibility and control of sanctioned cloud apps.
Specific support is provided for cloud apps including Salesforce, Office365, Google Apps, Box, Dropbox and Egnyte.
CipherCloud delivers a set of protection controls including encryption, tokenization, activity monitoring, data loss prevention (DLP) and malware detection, to provide cloud data security.
It provides visibility and control over data as it goes from the enterprise to any location in the cloud. It also enables the protection of data before it leaves the organization, ensuring persistent security that only the customer can unlock. By providing a control point for data going to and from the cloud, CipherCloud makes it possible to ensure data privacy, data residency and regulatory compliance, prevent data leaks, encrypt or tokenize sensitive data and get visibility into cloud activity.
The company offers specific support for cloud applications including ServiceNow, Box and Salesforce.
Palerra's LORIC platform provides threat visibility and helps ensure compliance in the cloud by combining threat detection, predictive analytics, security configuration management and automated incident response in a single solution.
LORIC is an API-based system which does not require hardware, software or agents and is not deployed inline with cloud services.
The CASB system supports a growing list of cloud applications and infrastructure, including Salesforce, Force.com, OneDrive, Lync, Box, GitHub, SharePoint, AWS EC2 and AWS S3.
Firelayers is an API-based CASB system offering discovery, risk based authentication, policy based and risk based mitigations and privileged account permission management, threat prevention and other protections for cloud applications.
The cloud access security broker can also detect and alert about risky behavior related to regulated data for compliance with PCI, PII, PHI and others.
Its Safezones products offer specific security protection for a range of cloud applications that includes Office365, AWS, Salesforce, Google Apps, Box, ServiceNow, Tribehr, Yammer, Asana and Zendesk.
Skyhigh delivers a single cross-cloud platform that enables companies to monitor cloud usage and risks, enforce data security policies, ensure regulatory and company compliance, detect and respond to potential threats, and control data access.
Skyhigh has pre-defined roles with customizable permissions that allow companies to tailor the platform to their specific needs. It integrates with firewalls/proxies, SIEMs, IDM, EMM/MDM, key management systems, and IRM.
Supported applications include Box, Slack, Office 365, Salesforce, Google Drive, Dropbox, Evernote, Workday, and Service Now.