1 Management Summary
The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing that market segment, how it is further divided, and the essential capabilities required of solutions. It also provides ratings of how well these solutions meet our expectations.
This Market Compass covers CASBs (Cloud Access Security Brokers) that address the challenges of security and compliance around the use of cloud services.
Most organizations are now using business applications delivered through cloud services as well as on-premises and hosted IT services. This hybrid IT delivery environment has given rise to many challenges in the areas of management, security, and compliance. These challenges often arise because the use of cloud services is not well integrated into the normal IT security and access governance processes and technologies found within organizations. In addition, the use of cloud services creates other risks.
Employees and associates can use personal cloud services to perform their jobs without reference to their employer. Line of business managers can acquire cloud services without performing risk assessment or considering the impact of these on compliance. The requirements for control over the processing and storage of personal data from the EU GDPR is one example of these challenges. The uncontrolled use of cloud services also increases cyber-risks; cyber adversaries may obtain unauthorized access to steal or corrupt data held in the services, as well as to plant malware that could then infect the organization using them.
CASBs provide security controls that are not available through other security devices to provide a point of control over access to cloud services by any user and from any device. CASB solutions have evolved from the early products that focussed on the discovery of cloud usage, through network access control points to become integrated cloud security solutions.
The major IT and network security vendors all now offer CASBs that are deeply integrated with other end user security controls such as anti-malware, DLP (Data Leak Prevention). They also increasingly offer risk / compliance status reporting under the heading of CSPM (Cloud Security Posture Management). CASBs have traditionally focussed on controlling user access to SaaS services and the protection of unstructured data. However, the increasing use of IaaS to deliver custom business applications exposes new vulnerabilities that bring new risks, and CSPM is intended to help to manage these.
In our opinion, the market for a standalone CASB is shrinking and organizations are now looking for CASB as part of a complete cloud security solution. These are expected to include CASB, CSPM, Data and User Protection as well as Zero Trust Network Controls. In our opinion, this market will expand to embrace the hybrid IT delivery model that is now common as well as the security challenges from the growth in edge computing and 5G.