Why Use Cloud Access Security Brokers?
CASBs help companies deal with some of the biggest security problems plaguing cloud services.
Look at many lists of top technologies for this year, and you'll see "Cloud Access Security Brokers" (CASB) near the top. Gartner named CASBs the number one technology for 2014, and research studies have shown that up to one quarter of surveyed companies will use this technology for cloud security, up from just 1% in 2012.
So what are cloud access security brokers, and what do they do?
Cloud Access Security Brokers and Security Architecture
First and foremost, cloud access security brokers are not individuals or companies who help to broker deals for clouds services. This is confusing, because you can use the term "cloud security brokers" to talk about a company that helps client companies source options for cloud security. However, when you use the particular acronym CASB, you're likely to be discussing, not brokerage services, but actual parts of the cloud security strategy.
CASBs are called "brokers" because the technology that's involved is a gateway between an internal system and external cloud services.
An easy way to think about this is that cloud access security brokers sit at the exit points of the network, where data goes from being handled internally to being sent out into the cloud. And this gateway has been really controversial ever since cloud services began.
Companies love cloud services for the easy outsourcing possibilities that they offer, but security has been a thorn in the side of the average cloud contract, ever since businesses started evolving toward these remote vendor services. There's just a lot of questioning about how well vendors are able to keep client information secure, especially with massive data breaches threatening many major retailers and other companies, sometimes triggered by vendor activity.
Cloud access security brokers are essentially components that catch data as it exits an internal network, and encrypts or "scrubs" it so that it's already secure as soon as it goes out into the cloud.
Here are some top reasons why CIOs and other executives are flocking to cloud access security brokers.
Making Cloud Contract Negotiations Easier
Any time a company selects cloud services, there's a lot to talk about. Executives have to go over uptime and downtime provisions and other service-level issues. They have to talk about costs and exactly what they're paying for over time. They have to talk about implementation and disrupt. And classically, they've had to embed conversations about security in those larger conversations.
But here's the thing — security is a big issue, and something that deserves its own space.
Because using a CASB can make data "cloud-secure," buyers of cloud services don't have to worry so much about having in-depth security conversations with the vendor, as they're already going over all of those other issues. And that can make cloud service contracts go more smoothly. A vendor doesn’t have to hear that security issues are a deal-breaker when other elements have already been resolved. Vendors don’t have to put extensive security reassurances into presentations. It all saves time and money.
Leading a Horse to Water
Another major reason that companies love cloud access security brokers is that with these effective data encryption systems in place, the client no longer has to endlessly bother the vendor about exactly what kind of security the outside company uses.
If your sensitive data is already encrypted, and secured against unauthorized access, a vendor mixup won't automatically leave you liable to legal challenges and a big hit on your reputation.
On the other hand, when companies rely on vendors for security infrastructure, they have to keep checking up to make sure that these third-party companies really do have sufficient security in place. ("Still secure today, Hal?" "Yep, Jeff, we’re still secure.") This is ultimately hard to do, just like it's hard for end consumers to find out what techniques farmers are using to grow their food, and like those farmers, the vendors are going to get tired of all those questions. It's just not that transparent of a process. That's why a lot of companies are going to CASBs, so they don't have to worry about it nearly as much.
Using CASBs for Internet of Things
Another major reason to upgrade to cloud access security brokers is that it provides a comprehensive encryption port for for data that may be zooming in a lot of additional directions.
With billions of Internet-connected appliances and gadgets, and more becoming available every day, the Internet of Things (IoT) is poised to revolutionize network administration and how we think of the Internet. Soon, all of our refrigerators, toasters, washing machines and other home appliances are going to be chatting over IP about everything from energy use to the weather — and let's hope they leave religion and politics out of it.
This makes a cloud access security broker an even more valuable solution. Universal encryption and a central point allows that data to go ricocheting around off of various network or out-of-network endpoints without concern — that is, unless you need to decrypt the data at the endpoint for some reason. Anyway, the idea that you can lock down or lock in security with a CASB is making companies more confident about tackling Internet of Things challenges. In a post on Perpecsys, Chief Marketing Officer Gerry Grealish makes the point that CASB can make companies more confident about using SaaS for "different things" — up to and including IoT network activities where hordes of machines batter the air with signals.
"All of these use cases are driving new forms of regulated data to the cloud…" writes Grealish. "More aggressive use of the cloud is bringing data privacy and governance professionals to the forefront because they are following the flow of the data … and it's starting to flow outside of the enterprise’s control. CASB can bring that situation back into balance, enabling cloud without loss of data control."
Creating Value More Safely
Another argument about CASBs has to do with the innate value of cloud services and Software as a Service (SaaS) contracts.
In a recent article on "SaaS and the enterprise," writer Robert Mullins makes an interesting point about these cloud systems and their role in cloud architectures.
"CASBs are called for in organizations where SaaS and other cloud services have been established outside the control of IT and are needed to help IT regain visibility and control of those cloud resources." Mullins writes, echoing a point that others have made about the use of CASBs to "funnel" security and empower companies to do more with less risk.
While the statement runs pretty close to what was discussed above — the idea that you can't force vendors to be 100% secure all the time — Mullins adds another dimension to this by discussing, in wrapping up the article, why companies went to the cloud in the first place.
Going with third-party remote cloud services, Mullen says, allows companies to "reduce capex in favor of opex," which sounds pretty inscrutable until you Google these two terms.
The difference between capital expenditure or "capex" and operational expenditure or "opex" could be called a semantical designation, but here’s the difference: capital expenditures help to create value in the future. Operational expenditures are just part of day-to-day operations.
You could make the argument that cloud services tend to create more value by placing more of budgeted money onto the capital expenditure side of the ledger, and by helping clients benefit from the economy of scale that a vendor offers. But you can go another step further and say that using a CASB allows you to capitalize more on cloud service contracts, by "outsourcing the outsourcing" of cloud security — by choosing an entirely separate vendor to install a cloud encryption gateway or other resource at the edge of an internal network.
However you say it, the popularity of CASBs is making executives take a hard look at the straightforwardness and integrity of a system where a company polices its own network, encrypts all data and the exit, and lets cloud vendors do what they do without trying to micromanage the security practices of outside companies. These cloud setups also help to solve the public cloud problem, where companies were worried about a vendor housing their data next to someone else's.
Look for cloud access security brokers to become even more popular in the years ahead, as companies find smarter ways to outsource functionality and capacity for networks.