Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CASB delivers must-have protection for your SaaS apps

Tom Henderson | Aug. 9, 2016
Cloud Access Security Brokers are products that can be described as firewall plus identity management plus anti-malware plus DLP plus encryption control/implementation plus threat management.

No, we didn’t test all of them. Also available are anti-malware and anti-virus stream examination.

The tokenizers are tokenization hashes designed to keep data local, so that one need use only a single encryption key, but keep data partitioned for jurisdictional purposes, so that international branches can comply with data export constraints via administratively generated tokens.

Policies can be based on these fields for varying filtrations. There is an inline antivirus/antimalware app that works either system-wide, or not at all. The gateway and its keys are totally critical to organizational use of protected SaaS resources, and this means the gateway needs to be both replicated and backed up -- and from a communications perspective, constitutes a key critical path for organizations. No access to the gateway means: help desks catch fire.

If you believe in secret sauces, the strongest CipherCloud sauce in our estimation is that fact that it uses stateless/stateful AES encryption variances. This means that CipherCloud can use deep traffic inspection techniques and filter for policy-driven dysfunction indicating data exfiltration/misuse -- hence policy violations. Numerous types of fields can be examined for pattern matches, and when matches (hits) are found, CipherCloud records what’s happening and by policy can halt, or place tombstones representing data while the data is cached elsewhere.

This is where additional costs come into play: if you don’t deal with the warnings, your organization’s compliance is in jeopardy. How each organization deals with warnings and policies is up to the organization’s best practices, and CipherCloud gave us recommendations on how varying situations are dealt with from an administrative and policy perspective.

The downside is that it’s still possible for pre-encrypted data streams that CipherCloud has no keys for to be infiltrated/exfiltrated within an organization, and so CipherCloud isn’t a perfect firewall, but most firewalls can’t halt such activity. We also felt that CipherCloud can be overkill for smaller organizations.

In all, CipherCloud portends an intimate relationship between users, administrators, and SaaS applications. It’s a complex platform, and is not a simple undertaking. We like its encryption infrastructure, and its ability to inspect encrypted flows. It doesn’t cover an unlimited number of potential SaaS applications, but the list of covered apps is impressive.


Bitglass is an online CASB portal that’s preconfigured for use with a variety of SaaS sources, including Google Apps, Microsoft Office 365, Box, Dropbox, ServiceNow, Concur, Evernote, Egnyte, Exchange, and Jive, although mobile devices are limited to a smaller list.

Bitglass has strong situational knowledge to make access decisions. Using browser intelligence, Bitglass knows a lot about who’s accessing what and when.

Bitglass also watermarks data flowing through it, including email attachments, and provides tracking/tracing controls based upon user behavior of files/data that are sent through its forward proxy portal. Bitglass had the fastest initial setup of the three products tested, but that doesn’t mean that Bitglass is shallow, rather it is benefited by its own portal controls.


Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for CIO Asia eNewsletters.