Subscribe
About
  • Home
  • /
  • Security
  • /
  • CASB is the answer, but are we asking the right questions?

CASB is the answer, but are we asking the right questions?

It is boom time for the cloud access security broker market as every business that uses the cloud needs the solutions in one form or another.
Vernon Fryer
By Vernon Fryer, Chief information security officer and head of CDOC at NEC XON.
Johannesburg, 11 Oct 2019

The cloud access security broker (CASB) market is going to see extensive growth because every business that uses the cloud needs the solutions in one form or another. Just what form, though, remains unanswered.

Evidence suggests the market will likely shift away from the current subscription model typically offered. Annual subscriptions are steadily retreating ahead of use-based fees.

Even though CASB providers are offering software-as-a-service (SaaS) consumption models, billing methods are out-dated. Nobody wants to pay annual fees anymore, not in a hyper-connected, cloud-driven, use-based world. It’s expensive, inflexible and un-agile. But that’s not all that’s likely to fall to the march of progress.

Security is one of the big reasons CIOs have historically inhibited cloud use. But cloud use and the consumption of cloud services is now rising – and quickly.

Gartner says security in the cloud is a valid concern. It reckons at least 95% of cloud security failures are going to be the customer’s fault “through 2022”. Which is one of the major reasons Gartner also predicts 85% of large enterprises will use a CASB by 2020.

The problem for most large businesses is not necessarily the security of any particular cloud service itself. Rather, it is the murky lack of distinction, in a world increasingly populated by multi-cloud environments, of where security starts and ends from one cloud service to another, how to apply consistent policies across systems, and how people are supposed to manage the whole smorgasbord – particularly as businesspeople increasingly spin up their own services.

CASB becomes the transparent conduit to eliminate the runaway costs of unused software licences and cloud-based subscription fees.

Regulatory and reputation concerns insist that every security I is dotted and T crossed. CASB is not first and foremost an exercise in budgetary restraint.

But don’t be disillusioned. CASB can definitely help cut costs. It provides unprecedented visibility into the IT environment as it tracks users, devices and services that create, consume and destroy data as they access services, solutions and networks.

It knows how many people are connected, what apps and software they’re using, what data they’re working with, and what they’re up to on the network. And that makes CASB useful for asset, licence and service management.

CASB becomes the transparent conduit to eliminate the runaway costs of unused software licences and cloud-based subscription fees. Administrators can simply tap its information reservoir for the purpose.

Or not. A triumphant advantage of CASB is that it lends itself to the managed services model.

Businesses big and small grow dark beneath the world’s lengthening shadow of sophisticated hackers and disingenuous cyber actors.

Fraudulently obtaining credit card details is almost a quaint anachronism of online crookery. Almost. And while we used to talk about data being the lifeblood of the business, hackers are now intent on transfusing their own fiscal appendages with that same money-generating resource.

In 2017, their bank accounts reportedly swelled by $172 billion, according to MIT. That’s the booty from the compromised records of 978 million people in 20 countries.

But hackers then ratcheted up their efforts. Last year, they popped 447 million records of personal information into their swag bags in 23% fewer hacking incidents. That means bigger hauls on average per hack. And that was just in the US.

CASB is not only a response to the need for armouring the enterprise’s many new IT limbs in the cloud.

It is also, in a managed offering, the answer to an increasingly pervasive question for businesses worldwide: how will they find enough people with the right skills to secure their processes?

Share