Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CASB delivers must-have protection for your SaaS apps

Tom Henderson | Aug. 9, 2016
Cloud Access Security Brokers are products that can be described as firewall plus identity management plus anti-malware plus DLP plus encryption control/implementation plus threat management.



CipherCloud Trust Platform 

Netskope GoScope Platform


Configuation, Flexibility, Installation




Administration, Overall User Experience




Features, Integration with Third Parties












The potential downside is that a clear communications circuit needs to be maintained to the cloud-based Bitglass portal, which isn’t under your control, unlike the on-premises, appliance-based products reviewed here. BitGlass meets high standards for its own security, but does not have worldwide points of presence all in sync with each other.

No one reviewed did, although the CipherCloud architecture uses an autonomous internal gateway VM methodology which places the onus of circuit protection strictly on IT staff. We found other minor foibles mostly relating to our sense of quieting noise; we like a security package that’s nervous. Heaven help us if Bitglass’s portal is ever compromised, a thought that nagged us.


The Netskope platform uses Active Directory, single sign-on or SSO brokerage mechanisms to steer traffic through a customer’s Netskope cloud gateway appliance. The Netskope CASB acts either as a forward proxy, a tokenizer and/or reverse proxy to cloud app destinations, depending on how a cloud application works. Some cloud apps, such as Office365, can need all three interactions, depending on the type of “sub-app” chosen, within Netskope’s construction.

This functionality is divided into progressive gradients of products for billing purposes. You can start with simple log discovery of what cloud apps are being used, by whom, when, and perhaps what’s being done. You can impose rules as the next gradient. You can add significant DLP, then add encryption features, and malware filtration. Or you can buy the full meal deal, which is what we tested.

Netskope, like other CASB products, becomes deeply enmeshed into your infrastructure. There are three major components used in the process of Netskope CASB, including an on-premises gateway appliance, an organization-specific cloud admin portal, and possible client-side agents. Although client agents aren’t required, they’ll provide greater access when present. The portal works with client agents and browser add-ins, or without them.

The SSO can be an Active Directory link, or another SSO service that understands SAML 2.0 — and nearly all of them do. Netskope has relationships with several SSO providers as “partners.” SSO is connected to Netskope as a proxy authenticator, and conversations are then managed by the SecureForwarder VM, itself based on an Ubuntu Server platform.

CASB control is asserted in the gradients we described through steered traffic mechanisms. Traffic is steered through the SecureForwarder appliance (or appliances, depending on the architecture chosen to be deployed). We used one gateway for testing, but the others can work somewhat autonomously, indeed you could use different encryption for geographic controls.


Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for Computerworld eNewsletters.

CIO upfront: The compliance conundrum of digital transformation

Project management: 5 tips for managing your project budget

How to create a company culture that can weather failure

Estonia showcases the advantages of a digital society

Is your workplace as smart as your workforce?

Why eSIM is crucial for managing IoT

HKU and Cyberport commit to building a digital tech ecosystem in Hong Kong

Macao Water builds enterprise asset management system to improve productivity

University of the City of Manila inaugurates technology and innovation centre

Sompo Insurance Singapore's chatbot help consumers make informed buying decisions

Malaysia's Open Data journey ramps up to Asean scale with new accelerator

'Let this be a warning,' says Malaysia enforcement director, seizes pirated Microsoft products

With an eye on WCIT 2020 in Malaysia, PIKOM delegation supports global ICT gathering in Taiwan

Enhanced security is just one reason behind refreshed mobile app, says Malaysia's Hong Leong Bank

Another stride along digitisation highway for Malaysia's BP Healthcare