Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CASB delivers must-have protection for your SaaS apps

Tom Henderson | Aug. 9, 2016
Cloud Access Security Brokers are products that can be described as firewall plus identity management plus anti-malware plus DLP plus encryption control/implementation plus threat management.

Scorecard

Product

CipherCloud Trust Platform 

Netskope GoScope Platform

Bitglass

Configuation, Flexibility, Installation

4

4

3.5

Administration, Overall User Experience

5

4.5

4.5

Features, Integration with Third Parties

4.5

4

4

Documentation/Programmability

4

4.5

4

TOTAL

4.25

4.37

4

The potential downside is that a clear communications circuit needs to be maintained to the cloud-based Bitglass portal, which isn’t under your control, unlike the on-premises, appliance-based products reviewed here. BitGlass meets high standards for its own security, but does not have worldwide points of presence all in sync with each other.

No one reviewed did, although the CipherCloud architecture uses an autonomous internal gateway VM methodology which places the onus of circuit protection strictly on IT staff. We found other minor foibles mostly relating to our sense of quieting noise; we like a security package that’s nervous. Heaven help us if Bitglass’s portal is ever compromised, a thought that nagged us.

Netskope

The Netskope platform uses Active Directory, single sign-on or SSO brokerage mechanisms to steer traffic through a customer’s Netskope cloud gateway appliance. The Netskope CASB acts either as a forward proxy, a tokenizer and/or reverse proxy to cloud app destinations, depending on how a cloud application works. Some cloud apps, such as Office365, can need all three interactions, depending on the type of “sub-app” chosen, within Netskope’s construction.

This functionality is divided into progressive gradients of products for billing purposes. You can start with simple log discovery of what cloud apps are being used, by whom, when, and perhaps what’s being done. You can impose rules as the next gradient. You can add significant DLP, then add encryption features, and malware filtration. Or you can buy the full meal deal, which is what we tested.

Netskope, like other CASB products, becomes deeply enmeshed into your infrastructure. There are three major components used in the process of Netskope CASB, including an on-premises gateway appliance, an organization-specific cloud admin portal, and possible client-side agents. Although client agents aren’t required, they’ll provide greater access when present. The portal works with client agents and browser add-ins, or without them.

The SSO can be an Active Directory link, or another SSO service that understands SAML 2.0 — and nearly all of them do. Netskope has relationships with several SSO providers as “partners.” SSO is connected to Netskope as a proxy authenticator, and conversations are then managed by the SecureForwarder VM, itself based on an Ubuntu Server platform.

CASB control is asserted in the gradients we described through steered traffic mechanisms. Traffic is steered through the SecureForwarder appliance (or appliances, depending on the architecture chosen to be deployed). We used one gateway for testing, but the others can work somewhat autonomously, indeed you could use different encryption for geographic controls.

 

Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for Computerworld eNewsletters.

How to assemble a highly effective analytics team

Unlocking insights for sustainable development in ASEAN

Eying Digital Economy boost, SAP Malaysia appoints new MD

MDEC 2018: What lies ahead for Digital Malaysia’s re-domiciling initiative?

Why European analytics specialist CXS has moved to Malaysia

Security trends 2018: biometric hacking, state-sponsored attacks, daring cyber heists

Eying Digital Economy boost, SAP Malaysia appoints new MD

MDEC 2018: What lies ahead for Digital Malaysia’s re-domiciling initiative?

Why European analytics specialist CXS has moved to Malaysia

At a Glance: What’s really in store for Digital Malaysia in 2018?

Unlocking insights for sustainable development in ASEAN

Eying Digital Economy boost, SAP Malaysia appoints new MD

MDEC 2018: What lies ahead for Digital Malaysia’s re-domiciling initiative?

Why European analytics specialist CXS has moved to Malaysia

At a Glance: What’s really in store for Digital Malaysia in 2018?