Top cloud security providers for 2021

Cloud computing has not only changed the way the world does business, but it has also brought new and often difficult corporate security requirements. As a result, a whole new IT industry has emerged over the past decade, focusing on cloud access security – a CASB acronym (for cloud access security brokers) – that requires very different skills and tools from data center or campus security.

From 2021, few areas of security are more important to businesses, the government, the military, consumers or the scientific sector than the CASB. Indeed, all uses do the majority of our work in cloud-based applications.

As companies adopt new services, applications and methods to manage data, the need to address changing data models and threat risks is essential. Organizations need to address a range of issues that revolve around collaborative web applications, data streams, network designs, cloud infrastructure and other key areas.

While major cloud providers typically offer robust built-in protections, including strong authentication, encryption and malware detection, there are often gaps in protection that occur when companies rely on multiple cloud service providers, different network topologies and many applications. These risks often involve key areas such as web application firewalls (WAFs), secure web gateways (SWGs) and data loss prevention (DLP).

Cloud Access Security Brokers (CASBs) are tackling this issue. “They offer differentiated and cloud-specific capabilities that are generally not available as features in other security controls,” said a recent industry report from Gartner Research. “CASB providers understand that for cloud services, the target for protection is different: it’s always your data but processed and stored in systems owned by someone else.” As a result, CASBs store policy management information and governance details across multiple cloud services. This provides granular visibility and more powerful controls. Gartner predicts that by 2022, 60% of large companies will use a CASB to manage cloud services, up from 20% today.

Here’s a look at 10 of the world’s leading cloud security providers. These reviews were organized with data and reviews from Gartner Peer Insights, G2 Crowd and IT Central.

Cisco Systems Cloudlock

San Jose, California.
Security Package: Cisco Cloudlock

Value proposition for potential buyers:

Since Cisco Systems acquired Cloudlock four years ago, he has worked hard to integrate the company into its portfolio of cloud-based products. The CASB solution offers a number of powerful features, including the ability to dynamically configure policies and aggregate users into specific groups, based on real-time actions and behaviors.

Key values/differentiators:

  • Cloudlock can also constrain user behavior, providing a powerful form of adaptive access control. In addition, it provides powerful controls, based on OAuth, that can replace permissions and block certain types of cloud attacks.
  • A strong API framework helps organizations extend controls to SaaS applications that don’t include native support for these and other features.

To consider:

  • One of the drawbacks of Cloudlock’s approach is that all of these features and controls are based on sanctioned applications that provide APIs. Cisco also does not provide support for CSMMs. Users rate the platform as easy to implement, powerful and highly scalable.

Who uses it: medium and large companies
How it works: subscription cloud service and on-site options

Palo Alto Networks

Santa Clara, California.
Security package: Palo Alto opening

Value proposition for potential buyers:

Palo Alto Networks acquired CirroSecure in 2015 and has since relaunched the solution to include more targeted cloud security tools. The 2020 solution is strongly focused on discovery, as well as SaaS policy and security management. Aperture includes robust data classification and monitoring tools, DLP, user activity tracking, known and unknown malware protection, and detailed risk and usage reports.

Key values/differentiators:

  • Palo Alto Networks is considered a niche player in the CASB space. Users say That Aperture is an excellent product with powerful features, although it lacks some desirable features.
  • Among its strengths is an ability to identify SaaS and not SaaS web applications that can be used to exfiltrate data.
  • It also provides comparisons with several industry references and suggests configuration changes to improve compliance.
  • Users rate the company’s support as high

To consider:
Warnings include the complexity of the configuration and a lack of functionality in a few key areas, including reverse proxy inspections.

Who uses it: Mid-range and large companies
How it works: subscription cloud service and on-site servers

CipherCloud

San Jose, California.
Security Package: CipherCloud CASB+

Value proposition for potential buyers:

CipherCloud is one of the most respected cloud security start-ups on the scene. Encryption and tokenization are key elements of cloud security. CipherCloud, which has been offering a CASB solution since 2011, places a strong emphasis on data protection through native cloud security and compliance on the SaaS, PaaS and IaaS platforms. The solution provides robust cloud-based visibility and controls, extending to applications running in the cloud, and can handle structured and unstructured data.

Key values/differentiators:
One of the solution’s greatest strengths is its ability to encrypt data before delivering it to SaaS applications, while maintaining partial application functionality.
The solution manages keys for SaaS native encryption mechanisms in CipherCloud or a KMIP-enabled key management server.

To consider:
Potential weakness includes adaptive access controls and continuous risk assessment tools that follow competitors, Gartner noted. He positioned the company between a visionary and a leader in his Magic Quadrant.
Some users find the product a bit difficult to use and say it is a bit expensive. The overall scores are extremely high.

Who uses it: small and large companies
How it works: cloud subscription service

Microsoft

Redmond, Wash.
Security Package: Microsoft Cloud App Security (MCAS)

Value proposition for potential buyers:

The addition of Adallom by Microsoft in 2015 has greatly expanded the company’s security offerings. MCAS offers a reverse casB proxy plus API that can operate independently or as part of Microsoft’s Enterprise Mobility-Security (EMS) suite. This includes tools for Azure and other applications and components. The solution also includes threat protections and sophisticated analysis.

Key values/differentiators:
Gartner positions the company in the “challenger” quadrant, while users claim that while it may be a bit tricky to implement, it offers powerful features and strong protections.
Gartner describes the interface as “intuitive” and says the solution handles complex policies using a visual editor. This simplifies the process by eliminating scripts and programming.
It also offers suggestions and tips that can guide an organization towards more robust cloud security.
Finally, it offers strong automation, especially around tattooing and encryption.

Who uses it: from staff to SMEs and mid-range companies
How it works: cloud subscription service

Forcepoint

Austin, Texas
Security package: CasB Forcepoint

Value proposition for potential buyers:

Identifying shadow IT, preventing compromised accounts and ensuring secure mobile access to cloud applications cover a wide range of enterprise security requirements. Clouds increase challenges exponentially. Forcepoint CASB focuses on these issues.

Key values/differentiators:
It provides a wide range of security products that revolve around secure web gateways, email security, user and entity behavior analysis, DLP and data security, and the imposition of a network firewall.
The solution provides a powerful engine that integrates with workflows and corporate policies. It also offers risk assessment, anomaly detection, robust analysis and metric tools, real-time monitoring and powerful application governance.
The emphasis is strongly on business applications.

To consider:
One of the main caveats for platform adoption revolves around the inability to configure control policies to favorite SaaS applications. Users describe the solution as powerful, granular and highly flexible. Gartner classifies him in the middle of his quadrant.

Who uses it: from SMEs to mid-range companies
How it works: subscription cloud service and on-site options

Mcafee

Santa Clara, California.
Security Package: McAfee MVISION Cloud

Value proposition for potential buyers:

McAfee is one of the world’s best-known and most widely used security solutions in several categories that include both B2B and consumer markets. The company, which was owned for a few years by Intel but became independent, acquired Skyhigh Networks in January 2018. The solution has strengthened the existing portfolio of DLP, SWG and network sandboxing technologies.

Key values/differentiators:
McAfee’s strengths lie in its powerful dashboard, high level of configurability and flexibility, real-time capabilities and powerful DLP controls.
Gartner notes: “McAfee offers extensive CSPM capabilities that exceed even those of some pure CSPM providers. It includes rigorous audits and compliance analysis, as well as multiple automatic and guided manual correction options.
Users give the solution high ratings and say it provides solid controls, especially to find the SHADOW IT.

To consider:
Potential drawbacks include: the ability to set up error messages for specific users and gaps in certain types of notifications, especially involving real-time APIs. Gartner ranks the solution among the leaders.

Who uses it: SMEs, mid-range, large companies
How it works: cloud subscription service

Bitglass

Campbell, California.
Security Package: Bitglass Next-Gen CASB

Value proposition for potential buyers:

Bitglass runs natively from the cloud, but it can also be deployed as a Docker container that serves as a site host. The provider has become a leader in the CASB space by introducing a zero-day approach strongly oriented towards trust ratings, confidence levels and resting encryption that is closely integrated with the compliance and governance requirements of the company.

Key values/differentiators:
The platform, which extends to mobile security and shadow IT controls, is powered by an agent-free “AJAX Virtual Machine (VM)” agent-free layer seamlessly integrated into a user’s browser to support real-time data protection in specific scenarios, including unmanaged devices.
Bitglass CASB offers automated learning, digital watermarks and strong data loss prevention.
On the other hand, Gartner points out that the solution is not able to modify the native security controls of SaaS applications and that it is limited in its ability to assign and use Azure Information Protection models. Overall, Gartner ranked Bitglass among the leaders in its 2018 Magic Quadrant ratings. Users say the solution is intuitive and offers powerful capabilities.

Who uses it: medium and large companies
How it works: subscription cloud service with container option

Netskope

Santa Clara, California.
Security package: Netskope Security Cloud

Value proposition for potential buyers:

Netskope remains an independent company in a space where large software and network companies pick up CASB solution providers. The company has been shipping products since the end of 2013. The company is very focused on finding applications and assessing SaaS security posture.

Key values/differentiators:
Its strengths include strong analytical tools, including behavioral analysis, and a robust alert system. This, among other things, helps Netskope detect vulnerabilities in APIs, mobile devices and shadow IT.
Gartner called the company a leader in its 2018 Magic Quadrant.
Users report that the solution offers high visibility, powerful DLP features and excellent information flows about threats.

To consider:
Complaints revolve around the difficulties of setting up agents and a limited ability to use APIs for correction. Many CASB vendors now also include APIs for posture assessment.

Who uses it: SMEs, mid-range, large companies
How it works: cloud subscription service

Oracle

Redwood Shores, California.
Security Package: Oracle Cloud Access Security Broker (CASB)

Value proposition for potential buyers:

Oracle has gone beyond a one-time solution approach for CASB. Its solution, originally Palerra, offers in-depth discovery and visibility of SaaS applications using a log-based approach that revolves around cloud activity. This helps the solution identify risky applications installed via Oracle, Salesforce and other platforms. The result is enhanced security surveillance, threat protection and incident response. Organizations can also obtain Inline DLP (for real-time detection) and API DLP (for retroactive analysis) licenses.

Key values/differentiators:
One of Oracle CASB’s strengths is its high level of flexibility, including the ability to easily extend detection to new content. In addition, custom applications run in the Java Virtual Machine (JVM) require no additional action. They are automatically protected.
Finally, Oracle CASB monitors configuration errors and alerts users when a problem may be present and when the organization does not meet the industry benchmarks.
Oracle has landed as a challenger poised to become a leader in Gartner’s MQ. Users praise the platform for easy integration and strong protection capabilities, but say it can be difficult to fully integrate into a portfolio of cloud solutions.

Who uses it: big business
How it works: subscription cloud service and on-site servers

Symantec

Mountain View, California.
Security Package: Symantec Cloud Data Protection

Value proposition for potential buyers:

Enhanced cloud security requires a range of features. Symantec offers strong capabilities through its Cloud Data Protection platform, which integrates products previously offered by Blue Coat. The focus is on creating tokens or encrypting data stored in SaaS applications. The platform achieves a high level of protection through log analysis and traffic inspection. It provides cloud security assessments by integrating user behavior analysis, cloud usage patterns, malware analysis and cloud application discovery.

Key values/differentiators:
Strengths include: strong reporting capabilities, policy breach alerts, highly adaptive access controls and a wide range of pre-defined DLP selectors.
Symantec is one of the leaders of the Gartner MQ. Users say the platform offers solid and mature capabilities.

Who uses it: small, medium and large companies
How it works: cloud subscription service

Leave a Reply