Académique Documents
Professionnel Documents
Culture Documents
Brokers
Published: 24 October 2016 ID: G00293664
The cloud access security broker market is still rapidly evolving, with
vendors providing a range of capabilities and delivery options to help secure
usage of the cloud. Security leaders should use this research to understand
the CASB market.
Key Findings
■ The wide adoption of identity and access management into the cloud, delivering cloud single
sign-on, has reduced the friction in adopting cloud services and related security controls like
cloud access security brokers (CASBs).
■ Many enterprise business units are acquiring cloud services directly without IT's involvement.
This form of "shadow IT" is fueling growth in cloud service adoption as well as security risks.
■ The CASB market has evolved rapidly since its gestation period in 2012 and includes a number
of high-profile acquisitions. It has quickly become a compelling cloud security control platform
for organizations of all sizes adopting cloud services.
■ Today, CASBs primarily address back-office applications delivered as SaaS (for example, CRM,
ERP, HR, productivity, file sharing, service desk). Applications focused on specific industry
sectors, such as healthcare and general cloud services (for example, business intelligence), are
not well-covered. Continued growth of reported data breaches and new regulations in Europe
are fueling needs to meet increasingly complex data residency requirements.
■ The continued and growing significance of SaaS, combined with persistent concerns about
security, privacy and compliance, continues to increase the urgency for control and visibility of
cloud services.
Recommendations
■ Deploy CASBs for the centralized visibility and control of multiple cloud services that would
otherwise require individual management.
■ Use Gartner's four pillars of CASB definition and CASB evaluation framework as guides for
selecting the provider that best addresses your cloud service security use cases.
■ Be cautious when entering into long-term contracts due to continued market acquisitions and
feature evolution. Build in flexibility, because you may need more than one CASB or you may
need to transition from your current provider to one that will deliver a complete set of your use
cases during the next two years.
By 2020, 85% of large enterprises will use a cloud access security broker platform for their cloud
services, which is up from less than 5% today.
Market Definition
Cloud access security brokers address security gaps in organizations usage of cloud services (see
"Mind the SaaS Security Gaps"). This technology is the result of the need to secure the significantly
increased adoption of cloud services and access to them from users both within and outside of the
traditional enterprise perimeter. They deliver capabilities that are differentiated and generally aren't
available as a feature in security controls, such as web application firewalls (WAFs), secure web
gateways (SWGs) and enterprise firewalls. CASBs understand that, for cloud services, the
protection target is different: It's still your data, but stored in systems that you don't own. CASBs
provide consistent policy and governance concurrently across multiple cloud services, for users or
devices, and provide granular visibility into and control over user activities.
CASBs primarily address SaaS back-office enterprise applications today, such as enterprise file
synchronization and sharing (EFSS), CRM, HR, ERP, service desk and productivity applications (for
example, Google's G Suite and Microsoft Office 365). They increasingly support control of
enterprise social networking use, and are moving to cover the consoles for popular infrastructure as
a service (IaaS) offerings. Support for platform as a service (PaaS) services is immature today. In
addition, some vendors provide the ability to deploy in front of enterprise applications to bring these
under a consistent cloud service management framework. Because of the rapid adoption of cloud
services by enterprises, we anticipate a battle for control of this growing CASB market, and larger
vendors will likely acquire rather than build a CASB offerings during the next three years as a way to
catch leading stand-alone players.
CASBs deliver functionality around four pillars of functionality, which are of equal importance (see
"Technology Overview for Cloud Access Security Broker"):
Organizations need to look past CASB providers' "list of supported applications and services,"
because there are (sometimes substantial) differences in the capabilities supported for each specific
cloud service, based on its features, the CASB architecture used and the organization's end-user
computing model. For example, one CASB version's "support for Salesforce or Office 365" can be
markedly different from another's, depending on bring your own device (BYOD) use cases, even
though both "on paper" support these applications. Proxy or API architectures from a CASB have
different abilities to perform different actions, which have various implications for how that provider
delivers the four pillars for a specific cloud service.
Cloud service APIs available to end users in the long term should help obviate the need to intercept
traffic with proxies if they mature not just in breadth and depth, but also in availability and
performance. However, today the maturity level of APIs across cloud service providers is wildly
divergent. Gartner expects leading cloud application and service providers to develop their APIs
significantly during the next two to three years, even if they are not pursuing compliance with an
industry or recommended standard like the Cloud Security Alliance's Open API Charter. APIs will
increasingly deliver more utility, supporting the potential for newer security use cases not yet
Architectural Choices
Initially, the market was segregated between providers that delivered their CASB features via
forward- and/or reverse-proxy modes and others that used API modes exclusively. Increasingly, a
growing number of CASBs offer a choice between the proxy modes of operation and also support
APIs. Gartner refers to this as "multimode CASBs." They give their customers a wider range of
choices in how they can control a larger set of cloud applications (see "Select the Right CASB
Deployment for Your SaaS Security Strategy" for more details on this critical deployment
consideration):
■ Reverse proxy — This can be deployed as a gateway on-premises or as the more popular
method, as SaaS. This is performed by changing the way authentication works by telling the
cloud service that the CASB (not the identity and access management as a service [IDaaS])
solution is the source of authentication. The CASB then passes the authentication onto the
IDaaS provider, but, importantly, leaves the URL as belonging to the CASB and not the cloud
service. This is one way to provide the ability to insert the CASB in front of end users accessing
the SaaS service (with the exception of mobile native apps using certificate pinning) without
having to touch the endpoint's configuration. It also allows for control over key management
and application of cryptography solutions on-premises with no access by a cloud-based CASB
or cloud service provider. With hosted reverse proxy, there may be indirect access to the key
management system and keys/tokens being used in the cloud by the CASB and/or CSP.
■ Forward proxy — This can be deployed as a cloud or on-premises, and some vendors may
deploy software agents on endpoint devices or pass profiles for enterprise mobile management
(EMM) to enforce or use other methods like DNS and proxy auto-configuration (PAC) files. It is
the most intrusive deployment method from an end-user computing point of view, as you have
to force traffic to the CASB. Some CASB agents can then actually employ the cryptographic
services. The CASB typically provides encryption-standard-compliant keys/tokens to the
endpoints using asymmetric key distribution techniques or VPN connections. It may use self-
signed digital certificates or supported third parties, or it may provide key management
solutions that are managed by the enterprise.
■ API mode — This leverages the native features of the SaaS service itself by giving the CASB
permission to access the service's API directly. This mode also allows organizations to perform
a number of functions like log telemetry, policy visibility and control, and data security
inspection functions on all data at rest in the cloud application or service. The CASB may offer
on-premises or hosted key management options. API mode makes it possible to take
advantage of both CASB-native, and a growing number of SaaS service data protection,
features offered by the SaaS provider itself (for example, Salesforce Shield), whereby it performs
encryption/tokenization functions, but the end users still control the keys. However, the SaaS
provider still has access to the keys, and data is unencrypted while used by the application. If
the SaaS is hosted by another CSP's infrastructure (for example, Amazon, Microsoft), it is
available in the memory of the IaaS provider and may not meet strict data residency or
compliance requirements (see Figure 1 and Table 1).
SSL: Secure Sockets Layer; TLS: Transport Layer Security; DDoS: distributed denial of service.
Enterprise Integration
CASBs provide a number of critical points of integration with an existing enterprise security
infrastructure. These integration points play an important role in preventing enterprise security
delivery from becoming yet another silo. CASB integration points cover identity and access
management (IAM) and IDaaS, reuse of existing DLP security policies for the cloud, integration with
on-premises encryption key management, and event integration with technologies such as security
information and event management (SIEM) for a single view of an organization's security telemetry.
Additionally, they support a number of existing security processes, like incident response and
compliance. CASBs themselves also offer APIs that can be used by enterprises to take advantage
of automation and integration opportunities, and to instrument and integrate them with other
enterprise management tools.
Enterprises must not treat data used in cloud SaaS applications in isolation from on-premises data
environments. There is a critical need to establish enterprisewide data security policies and controls
based on data security governance processes.
In addition, cloud applications and service providers are also building DLP functionality into the
application or service itself. One example is Microsoft adding DLP to multiple areas of the Office
365 platform (see "Data Loss Prevention in Microsoft Office 365"). An advantage of a CASB over
native DLP capabilities is consistency — for example, one can apply a set of common DLP policies
that extends to multiple services and even multiple providers, reducing the overall time required for
developing and enforcing policies.
The selection of particular cryptographic algorithms and key management will also affect the level of
data security provided as a direct trade-off to functionality that has been enabled. For structured
data types, it may still be possible to achieve search and sort, even if the fields are encrypted or
tokenized, but other SaaS functions will be lost. For unstructured files that are encrypted through a
proxy, search and document preview functionality will be lost.
Additionally, the choice of encryption algorithm or tokenization method applied may affect the ability
to achieve compliance, because preserving SaaS functionality may have been traded off against the
strength of cryptography — for example, by weakening the algorithm, adding external metadata or
creating cached copies of indexes. The use of cloud-based key management solutions raises the
potential for application administrators, who often aren't members of the security team, or even the
IT team, accessing the encryption keys/tokens in "the clear" (unencrypted) state.
Market Direction
The CASB market has evolved quickly from its gestation period in 2012. Although most of the
providers are still startups running off venture capital funding, the market is suddenly looking as if it
will mature rapidly. Gartner sees signs of three movements in this market:
Some notable events that align with these market evolution trends include:
In last year's Market Guide, we called out the possibility of the SWG, IDaaS and CASB intersecting,
as well as other cloud services combining like DDoS, WAF and CASB. This is now becoming
increasingly less likely, and Gartner believes that CASB is now a market in its own. The focus and
postacquisition strategies of larger acquiring vendors, as well as those remaining pure players, are
now showing that convergence is less likely. Additionally, CASB is also now further pivoting to cover
IaaS and some PaaS services, moving it away from markets like SWG.
The merger and acquisition activities will be an interesting area of development, as providers that
have been acquired to date now have significantly improved routes to market with larger sales
forces and channels, as well as funding for roadmap expansion. This is likely to shake up the market
landscape and, in some cases, will inhibit the growth of smaller, still venture capital (VC)-backed
CASBs that haven't yet established a beachhead in the market.
Additionally, the intersection of CASBs with data security markets (such as encryption, DLP and
DCAP) is also driving the evolution toward solutions that protect data wherever it resides within the
enterprise — in the cloud, on-premises and on the endpoint.
The CASB feature set described by the four pillars in existing Gartner research will remain as
compelling features for the foreseeable future, regardless of provider consolidation or product
feature set merging. These blended offerings will also begin to present a different value proposition
of having SWG/IDaaS/CASB from the same provider. Regardless of any consolidation, IT security
leaders will still demand competitive feature sets leaving room for pure-play vendors to continue to
lead the market.
CASB capabilities are more mature and targeted for SaaS than for IaaS and PaaS today. Gartner
expects CASB vendors to evolve their coverage across the four pillars for IaaS and PaaS in the
coming 12- to 24-month period, while improving coverage for other applications, such as business
Market Analysis
A large amount of VC funding, many hundreds of millions now, fueled the initial growth of CASBs.
Recent acquisitions by large vendors are showing how the market is maturing, and startups are now
being acquired to take their place as part of bigger vendors' portfolios. Other vendors in adjacent
markets (like IDaaS and EMM) are also starting to partner with these CASB providers. CASB could
also be drivers for vendors in adjacent markets to enter the fray with further acquisitions — for
example, enterprise mobility management, secure web gateway, firewall or other vendors who want
to, or are already, delivering cloud security.
One thing that has become clear, though, is that there are two parts to "cloud security." There is
"delivering security from the cloud." Examples are existing technologies like email and web filtering
being delivered from the cloud and, more recently, we see examples of firewalls moving to be
delivered that way. The second is "securing access to cloud services." This is where capabilities like
CASB and IDaaS come into play. These are similar — different sides of the same coin perhaps —
but fundamentally different in their approaches and in problems being addressed for end users.
Gartner sees three macro IT trends driving the expansion and maturation of the CASB market:
■ Enterprises' move to adopt BYO traditional PC and non-PC form factors, and usage
increases from unmanaged devices access: The massive enterprise adoption of tablets and
smartphones for core business processes creates security risks that can be mitigated effectively
with the assistance of a CASB. In addition, there is an increase in BYOPCs by employees, as
well as business partners who are also accessing your data inside cloud services. The average
enterprise end user is spending significantly more "screen time" on these non-PC form factors,
and CASB helps secure the cloud service side of this equation.
■ The enterprise moves to cloud services: This is significantly accelerating, with SaaS being
approximately 1.5 times bigger than IaaS in spending (see "Forecast: Public Cloud Services,
Worldwide, 2014-2020, 2Q16 Update"). This is driving the need to have security technology
capable of providing similar security capabilities to what you have now, but for this different
model of computing. Significant amounts of spending and computing will aggregate around
cloud service providers. This affects on-premises-based technology in the long term, including
the security software and appliance markets.
■ Heavy cloud investments by vendors: Most large enterprise software providers, such as
Oracle, IBM, Microsoft, SAP and Oracle et all are now heavily invested in cloud, and are actively
driving their large client bases to use their cloud services versus their on-premises versions. The
The forces of cloud and mobility fundamentally change how "packets" (and the transactions and
data they represent) move between users and applications. This causes a need to adjust the list and
the priorities of investment in security controls for any organization that is consuming cloud
services.
However, the climate for cloud is showing geographical differences (see "Survey Analysis:
Geographic Differences Among Buyers — Cloud Services Planning, Adoption and Strategy, 2015").
Although the U.S. is consuming the most cloud services today, parts of Latin America and the Asia/
Pacific region have the highest percentage of end users expecting to significantly increase their
cloud spending. CASBs will always tightly follow geographical and organization-specific cloud
adoption patterns, which require cloud usage to exist (or be planned) prior to CASB adoption.
Some SaaS vendors — Microsoft is a prime example — discourage the placement of certain
products like proxies, caches and WAN optimizers "in front of" their applications. The worry is that
performance or availability issues lying entirely within the other product will be perceived as issues
with the cloud service itself. Don't let this dissuade you from evaluating and deploying a CASB.
SaaS vendors can't place restrictions on how their customers consume their services. Instead, they
need to make sure that they present a range of APIs that support enterprise integration and security
use cases. Additionally, they need to have better performance and availability SLAs for their API
gateways. These two things will help negate the need for having to place proxies in front of their
services. Also, realize that troubleshooting any issues will require you to include the CASB in your
investigations. In a number of cases, CASBs can help this troubleshooting process, rather than
hinder it.
Representative Vendors
The vendors listed in this Market Guide do not represent an exhaustive list. This section is intended
to provide more understanding of the market and its offerings. It is not, nor is it intended to be, a list
of all vendors or offerings on the market. It is not, nor is it intended to be, a competitive analysis of
the vendors discussed.
Bitglass
Bitglass was founded in January 2013 and has been shipping a CASB product since January 2014.
Bitglass integrates several mobile data management (MDM) and IAM capabilities into its offering,
such as remote wipe, single sign-on (SSO) and dual Security Assertion Markup Language (SAML)
proxy, providing basic MDM and IDaaS capabilities. It also integrates several data security policy
capabilities, in addition to integrating with some DLP vendor solutions. With a focus on sensitive
data discovery, classification and protection, it also includes several document management
protection capabilities, such as watermarking and encryption methods that support search and sort.
It uses an agentless Ajax-VM technology within the user's browser to support real-time data
protection in specific scenarios, including unmanaged devices. Bitglass provides cloud application
CensorNet
CensorNet was founded in February 2007 and has been shipping a CASB product since April 2015.
CensorNet is one of the newer entrants into the CASB market, and its CASB offering complements
its existing email and web security products. It also recently acquired a two-factor authentication
company (SMS Passcode) to complement its product portfolio. Based on its existing SWG platform,
CensorNet is already positioned to capture traffic and see the flow of data to and from SaaS
applications. Like most SWGs, CensorNet is based on a forward-proxy architecture, using on-
premises physical/virtual appliances. It now also has a cloud-delivered option. CensorNet can also
support deployments of the technology in the cloud. The initial offering is focused on visibility and
SaaS application user and policy control, and has improved in the past year to deliver more
capabilities to a larger number of cloud services.
CipherCloud
CipherCloud was founded in October 2010 and has been shipping a CASB product since March
2011. CipherCloud was an early entrant in the CASB market, with an initial focus on the encryption
and tokenization of data in popular enterprise cloud services, like Salesforce. Its most popular
deployment is software or virtual on-premises appliance(s) that encrypt/decrypt content before it
enters a cloud service to maintain complete data sovereignty for an organization within the end
users' data centers. A hosted option is also available. CipherCloud is well-known for this use case
and can integrate with on-premises key management, DLP and DCAP solutions. It has expanded its
data protection capabilities to cover a broader range of structured and unstructured data within
SaaS applications.
CipherCloud also supports content and user activity monitoring, cloud discovery and SaaS security
posture assessment. CipherCloud uses a primary implementation model based on a reverse-proxy
model for Salesforce and other popular services. It also supports forward-proxy implementations,
for example, with SAP, along with API support for other services. Although it is most often deployed
on-premises, it is available in the cloud with the cloud-based service providing API-only integration
with a range of services. There is a delta between what the multitenanted cloud service delivers
versus its traditional software and appliance-based solution as both have different management
interfaces.
Cisco CloudLock
In 2016, Cisco announced its acquisition of CloudLock. CloudLock was founded in January 2011
and has been shipping a CASB product since October 2013; it was acquired by Cisco in June 2016.
Cisco CloudLock is one of the more successful CASBs, with a large client base, and it uses an API-
only approach to the CASB market. It leverages APIs from cloud services (SaaS, PaaS, IaaS), in
CloudLock also uses its end users to help "crowdsource" ratings, risky or otherwise, for a large
number of cloud services. This community trust rating also enables end users to see a current rating
about why a service has been blocked from use at an organization. CloudLock supports
homegrown and marketplace applications built on public IaaS or PaaS, such as Amazon Web
Services (AWS) and Force.com, by allowing customers to embed their software development kit
(SDK) into their own applications via APIs. The company launched an integration with Cisco's
FirePOWER product in August and released an integration with Cisco's OpenDNS cloud security
offering in early October.
FireLayers
FireLayers was founded in November 2013 and has been shipping a CASB product since April
2014. FireLayers is a multimode CASB delivering API, forward and reverse proxy, plus a SAML
gateway. It provides cloud application discovery, but not SaaS service security posture
assessments. Instead, it focuses on threat protection, behavior analytics, contextual access control
and detailed activity monitoring (with a focus on privileged account monitoring) for supported SaaS
applications and some IaaS services. It is also improving its email inspection capabilities for Office
365 to include phishing, encryption, URL and file inspection.
Imperva
Imperva was founded in November 2002 and has been shipping a CASB product since January
2014, when it acquired Skyfence. Imperva's vision is to provide full visibility and protection of data
for databases, websites, file shares, SharePoint or in SaaS applications. Imperva focuses on
providing detailed user activity monitoring, cloud DLP, access control and threat protection.
Imperva's CASB, called Imperva Skyfence Cloud Gateway, is provisioned within its existing DDoS
and Incapsula cloud WAF and content delivery network (CDN) offering as SaaS. It can also now
leverage its threat intelligence service, ThreatRadar. An on-premises physical or virtual version is
also available. Imperva's primary implementation model is API and/or reverse proxy, which is a good
Microsoft (Adallom)
In September 2015, Microsoft completed its acquisition of Adallom, a CASB that had been shipping
since early 2013. This brought CASB to Microsoft's Enterprise Mobility + Security (EMS) suite and
added new capabilities to Office 365. Developed from Adallom's technology, Microsoft Cloud App
Security (MCAS) today is an API-only CASB that emphasizes three capabilities: discovery, data
control and threat protection. The roadmap plan is to return proxy capabilities back to MCAS this
year. Through analyzing logs from firewalls and proxy servers, MCAS generates reports showing
which SaaS applications an organization is using, helps identify anomalous activity and can rank the
risk of SaaS applications according to 60 attributes. MCAS offers control over sanctioned SaaS
applications via predefined and custom policies. Policies can include DLP, but not in real time as
MCAS (in its current incarnation) has no proxy mode. MCAS observes how users interact with SaaS
applications and can detect risky or abnormal behavior that indicates possible attack.
For all new customers, MCAS is delivered as SaaS from Azure data centers. No endpoint agents or
on-premises editions are available. With the exception of DLP, certain Office 365 subscriptions
include a subset of MCAS capabilities called Office 365 Advanced Security Management, designed
to protect an Office 365 tenant only (not other SaaS applications).
Netskope
Netskope was founded in October 2012 and has been shipping a CASB product since October
2013. Netskope was one of the early CASB providers that emphasized cloud application discovery
and SaaS security posture assessments as an initial use case for CASB adoption. It has developed
deep visibility into user actions, including user behavior analytics, within managed and unmanaged
SaaS applications, including extensive user activity monitoring and DLP/DCAP capabilities. This
also includes integration with on-premises DLP systems via ICAP. Netskope is one of the few
CASBs that deploy and run their own distributed proxy fabric and don't rely on an IaaS provider like
Amazon for their offering.
Netskope's primary implementation model is forward proxy (with or without agents, depending on
the use case required) or forward-proxy chaining. It added support for reverse-proxy capabilities in
2014 and already supported APIs. Netskope's agents allow for the monitoring and control of native
mobile applications and sync clients, and file-level encryption. It has further expanded its threat
protection features by adding native in-line and API-based inspection of content for malware.
The user behavior analytics features in Loric incorporate analytics from access and in-application
activity, support for threat intelligence feeds, and custom enterprise threat modeling to assist with
threat detection. Incident response includes case management, multilevel alerting and notification,
and support for external ticketing systems with orchestration for consent-driven remediation.
Palerra also delivers features that allow organizations to control the configuration of SaaS and other
cloud service policies centrally from one location (SaaS platform security management [SPSM]).
Palerra is currently delivered from a global multiregion data center backbone as SaaS, or available
as a dedicated cloud-based appliance.
Skyhigh Networks
Skyhigh Networks was founded in December 2011 and has been shipping a CASB product since
January 2013. Skyhigh was one of the first CASB providers to emphasize the shadow IT problem
with a large cloud service discovery database; and cloud service security posture and risk
assessment was an initial and still critical use case for CASB technology. It has built a large installed
base with its multimode CASB that supports the control of a broad range of cloud services. It has
since expanded further into data security with DLP/DCAP features, such as, encryption and
tokenization of structured and unstructured data for a number of SaaS applications such as
Salesforce and Office 365. Skyhigh is continuing to improve its security analytics with user activity
analytics and monitoring (that is, UEBA) capabilities.
The 2015 Elastica acquisition is best-known for providing Blue Coat with its data science, machine
learning and deep content inspection with DLP features. Application discovery is performed via
access to logs and cloud application usage. This allows for cloud service assessment ratings, cloud
usage analytics, user behavior analytics, malware analysis, remediation actions and reporting.
Combined, Symantec offers a complete multimode CASB platform with optional data encryption/
tokenization using the Perspecsys technology. It has already integrated its cloud application
discovery and security posture assessment capabilities into its traditional Blue Coat management
console for its SWG customers, creating an upsell opportunity to its full CASB services. Symantec
has also integrated its existing DLP solution into Blue Coat for consistent sensitive data discovery
and protection policies across on-premises and cloud services. However, this is different console
and requires licensing.
■ Digital Guardian
■ Centraya
■ BetterCloud
■ Eperi
■ Ionic Security
■ IBM
■ StratoKey
■ Protegrity
Market Recommendations
IT security leaders should:
■ Immediately review vendors' cloud, mobile and on-premises enterprise software roadmaps for
the future, so they can gain an understanding of vendors' intentions for cloud and how that is
aligning to the security architecture and budgeting cycle.
■ Facilitate and support the shift of applications and services to the cloud. IT security leaders
should avoid being the "no" team; instead, they should be the "yes we can and here's how"
team.
■ Organize their IDaaS program prior to or during the selection of CASBs, because open-
standards-based IDaaS is a foundational control that will make all cloud service adoption more
efficient and secure.
■ Tactically deploy the entry-level IDaaS capabilities of their CASB to stretch their Active Directory
into the cloud, if a stopgap measure is needed until a more comprehensive IDaaS strategy can
be delivered.
■ Avoid contracts that are longer than two years at this point in time, as features and vendors are
still evolving their offerings.
■ Consider the differences of CASBs that are multimode versus those that are API only, not only
to ensure a successful deployment today, but also to account for future use-case scenarios as
organizations adopt more cloud services.
■ Start with an investigation of what cloud services are being used in their environments in order
to determine how many cloud services must be sanctioned, remediated, controlled, monitored
or blocked.
■ Identify cloud services your organization is running (like Office 365 and Salesforce) that need
treatment immediately, and develop a tactical plan to start applying control to these "known"
cloud services.
■ Establish enterprisewide data security governance policies that prioritize the protection of
sensitive data and establish the appropriate data security controls from a CASB before using a
SaaS.
Additional contributions to this research were provided by Jay Heiser, Ramon Krikken, Steve Riley,
Sid Deshpande and Mark Nicolett
"Select the Right CASB Deployment for Your SaaS Security Strategy"
Evidence
"Proofpoint Signs Definitive Agreement to Acquire FireLayers, Extending Targeted Attack Protection
(TAP) to SaaS Applications," Yahoo Finance.
"Symantec Acquires Blue Coat: Defining the Future of Cyber Security," Symantec.
Microsoft (Adallom)
"Microsoft Plans to Buy Israeli Cloud-Security Firm Adallom for $320 Million," The Wall Street
Journal.
"Microsoft Reportedly Acquires Cloud Security Firm Adallom for $320 Million," TNW.
Check Point-FireLayers
"FireLayers and Check Point Bring Security to Enterprise Cloud Apps," BetaNews.
"Blue Coat Acquires Perspecsys to Make the Public Cloud Private," Blue Coat.
Imperva Skyfence
Elastica-Centrify
"Centrify and Elastica Partner to Provide Comprehensive Cloud Security Solution for SaaS
Applications," Elastica.
"Centrify Partners With Elastica for a Comprehensive SaaS Security & Analytics Solution," Centrify
Elastica-Cisco
"Cisco, Elastica Join Forces on Cloud Security Monitoring," Business Cloud News.
"Elastica Announces Reseller Partnership With Cisco to Deliver Cloud Access Security Broker
(CASB) Solutions to Global Enterprises," Elastica.
Bitglass
"Palo Alto: Teams Up With Cyber Security Agency of Singapore to Strengthen the Nation's Cyber
Defense," 4-traders.com.
"CipherCloud and Cloud Security Alliance Forge Cloud Security Working Group," The Cloud
Security Alliance.
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096
Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM
© 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This
publication may not be reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access
this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained
in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy,
completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This
publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions
expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues,
Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company,
and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of
Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization
without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner
research, see “Guiding Principles on Independence and Objectivity.”