This content is part of the Essential Guide: MSP security essentials for every IT service provider

CASB market poised for channel growth

Fueled by cloud security concerns, the CASB market is expected to boom into a $713 million opportunity by 2020. However, not all customers yet understand the technology.

Cloud security is one of the hottest technology areas today, so it's no surprise the cloud access security broker market is expected to see significant growth. The cloud security market is projected to reach $12.73 billion by 2022, according to MarketsandMarkets.

Market research firm Gartner defines cloud access security brokers (CASBs) as on-premises or cloud-based security policy enforcement points that are placed between cloud service users and cloud service providers "to combine and interject enterprise security policies as cloud-based resources are accessed." CASBs consolidate multiple types of security policy enforcement, such as authentication, device profiling, encryption, tokenization, alerting and malware detection/prevention, the firm said.

Citing Gartner's 2016 Market Guide for Cloud Access Security Brokers, Netskope said that 85% of large enterprises will use a cloud access security broker for their cloud services by 2020. "Strong growth in sanctioned and unsanctioned use of SaaS and IaaS will drive end-user CASB spending, from $150.7 million in 2015 to $713 million in 2020," Gartner forecasted.

Jason Bystrak, executive director, Ingram Micro CloudJason Bystrak

Driving the growth of the CASB market is cloud adoption because customers have concerns about the types of cloud products being provisioned and used within the enterprise, said Jason Bystrak, executive director at Ingram Micro Cloud.

"Those responsible for IT want to say 'yes,' due to the benefits of cloud, but there [are concerns] about visibility, compliance, security and threats. CASBs address these concerns," Bystrak said. 

Yet, the CASB market is still relatively nascent. Kristin Carnes, vice president of channels and business development at cloud security software vendor Skyhigh Networks, said "not everyone understands what a CASB is and understands what cloud access security brokers do."

Johna Till Johnson, CEO of Nemertes ResearchJohna Till Johnson

Currently, people with mature security operations are more likely to deploy CASBs, said Johna Till Johnson, CEO of Nemertes Research. A recent global survey the firm conducted found that 16% of respondents are using CASBs today and another 9% will use one by year's end, Johnson said. She noted that another 12% are planning CASB deployments in 2018 and 18% are evaluating it but have set no deployment time.

"Surprisingly, almost 39% have no plans and 6% have looked at [a cloud access security broker] and rejected it," she added.

Consequently, CASB vendors and channel partners need to do "better marketing of CASB, because deployment does correlate with security success," Johnson said. "When 40% [of survey respondents] have not yet considered the technology, or are not aware of it ... that tells me if you're a channel partner you want to tell the CASB story."

Cloud access security broker technology chart
CASB technology consolidates multiple types of security policy enforcement.

Cloud access security broker market: The partner opportunity

Bitglass has jumped on the bandwagon, launching a reseller channel program in March with a cloud access security broker offering "to address the huge opportunity in the market," said Dean Hickman-Smith, senior vice president of sales and field operations. So far, the firm has signed 39 partners. Bitglass is looking to expand the program globally as it builds out operations in Europe and Asia, he said.

Dean Hickman-Smith, senior vice president of sales and field operations, BitglassDean Hickman-Smith

The most important cloud access security broker features for customers are the abilities to have control over all their assets, including enterprise access to the cloud, and, in many cases, securing mobile assets, Hickman-Smith said.

The type of customers that can benefit the most from adopting products in the CASB market are the ones in highly regulated industries, he said. "They'd use CASB for help maintaining regulatory compliance, so healthcare and [pharmaceuticals] are high on our list," Hickman-Smith said. "Anyone involved in the financial services sector, insurance and also the manufacturing sector, where customers are concerned about the value of intellectual property, are also great targets for CASBs that offer control ... over sensitive data leakage."

Bystrak concurred, saying that while CASBs can be used in any size client, larger enterprises "tend to have more complex security policies and the sheer number of users make CASBs a key piece of the cloud environment. Vertical markets such as finance, healthcare and the public sector have additional compliance requirements around data security, so CASBs are even more important to these clients."

Channel partners offering CASBs, and especially those who can wrap professional and managed services around the entire solution, have a great opportunity to move upmarket to these larger clients.
Jason Bystrakexecutive director, Ingram Micro Cloud

Because there are differences between each cloud access security broker offering, partners can be valuable in helping choose the one that best fits a customer's environment, Hickman-Smith said.

"The CASB environment has matured significantly in the last 24 months, so when you think about CASB, you don't have to think about prepackaged apps but policy-based encryption, DLP [data loss prevention] and malware protection," he said. "As organizations move to infrastructure as a service [IaaS], some CASBs like Bitglass can be used to offer control over legacy apps moving to AWS and Azure."

Partners can be instrumental in helping organizations develop their cloud migration and IaaS strategies, he added.

Carnes said Skyhigh's partner program was "kind of an afterthought when I arrived in February," and she is in the process of building it out. Right now, Skyhigh has fewer than 100 partners in North America, but Carnes said she is receiving an average of 10 requests per week from partners who want to know more about the CASB market.

"Channel partners offering CASBs, and especially those who can wrap professional and managed services around the entire solution, have a great opportunity to move upmarket to these larger clients," Bystrak said.  

What customers want from CASB products

In addition to Skyhigh and Bitglass, other CASB products include CloudLock from Cisco, Adallom from Microsoft, Blue Coat from Symantec and Forcepoint from Raytheon.

The technology is still evolving, Bystrak said, but some of the commonly requested features that Ingram Micro sees are single sign-on; encryption of traffic; data protection and monitoring for cloud storage services; application locking and shadow IT prevention; and account management, such as logging, auditing, permissions and profiles.

Johnson said the market is too immature right now to determine whether most offerings in the CASB market are sufficient. "If you're a channel partner, you may want to have more than one option; but for a customer, I would not recommend mixing and matching, because getting one up and running is a good first step."

Next Steps

Get insight into transitioning to a cloud business model

Learn about CASB implementations in enterprise environments

Five tips for overcoming cloud security challenges

Dig Deeper on Managed security for the cloud