CASB vs SASE
In the second-half of the 2010s, CASB (cloud access security broker) was the hottest infosec market segment, with Gartner projecting a 46% CAGR from 2017 to 2022. Gartner coined the CASB term to describe the security solutions designed to address the challenges created by shifting workloads to the cloud. Last year, in Gartner’s report titled “The Future of Network Security in the Cloud” they coined another term, SASE (secure access service edge), that is effectively a superset of CASB, delivering cloud security along with other network and security services. Since then, a lot of the attention that was focused on CASB has shifted to SASE.
So, what is CASB how does it fit into the broader concept of SASE? Additionally what exactly does SASE offer that CASB can’t? Let’s dive into the details and answer those questions.
What is CASB
CASB came about because the cloud introduced a dynamic threat vector that traditional security solutions weren’t ideal for. The old “castle and moat” approach to IT security begins to fall apart when business-critical apps and data reside in the cloud. CASBs provide a way for enterprises to adapt to the new threats that come with cloud computing while also reducing the workload and complexity in-house IT faces.
CASB According to Gartner
So how exactly do CASBs deliver this value? While solutions vary from vendor to vendor, for example, some CASBs use on-premises appliances while others adopt a SaaS model, there are some commonalities across the CASB market. For this reason, we have outlined important considerations to take into account when choosing a SASE vendor According to Gartner, CASBs have four fundamental pillars and at a minimum CASB providers should check these boxes.
The four CASB pillars are:
- Threat protection. Enterprise attack surface and exposure to potential hacks, user negligence, and malware increase linearly with the adoption of more and more cloud services. Each new service is another attack vector. CASBs help address these threats with features such as SWG and anti-malware engines dedicated to cloud services.
- Data security. The implementation of security features such as tokenization, access controls and DLP (data loss prevention) help enterprises protect the integrity of their data. By providing data security for cloud services, CASBs provide a way for enterprises to shift to the cloud while mitigating the risk of critical data becoming compromised.
- Compliance. Remaining compliant to standards such as PCI-DSS or HIPAA is complicated enough on-premises. Things become even more complex when data security and data sovereignty in the cloud is thrown into the mix. CASBs help enterprises achieve and maintain compliance with cloud services.
- Visibility. Running workloads across multiple cloud platforms can limit network visibility as each vendor may have different processes for logging, auditing, and monitoring. This is particularly true when users access cloud services that aren’t explicitly authorized by IT. CASBs provide enterprises with a means to document and track activity across multiple disparate cloud platforms.
Where CASB comes up short
With CASB, enterprises can address most cloud security challenges. However, there are still network and security requirements that IT needs to address. Coupling CASB with point solutions that deliver functionality for SD-WAN, ZTNA, and WAN optimization can help meet those requirements, but also drive up costs and complexity. SASE solves this problem by delivering all the functionality of CASB along with those other network and security services in a single holistic network fabric.
How SASE delivers CASB and more
CASB is important, and that’s why it is a key aspect of SASE, but SASE goes a step further by addressing all of the requirements an enterprise WAN needs to meet. SASE achieves this by way of a cloud native architecture that abstracts away the complexities of multiple point solutions. Gone is the need to manage multiple appliances, access multiple interfaces, and perform complex integrations. As a result, IT can focus more on core business tasks and less on WAN maintenance.
To summarize, with SASE not only does enterprise IT get visibility, data security, threat protection, and compliance for cloud, mobile, and on-premises, they get a robust network feature set as well. With all the major network and security services converging into a single cloud native multi-tenant platform, enterprises gain increased security, enhanced performance, less network complexity, and reduced costs.
The world’s first SASE platform
Of course, with SASE being such a hot topic, there are plenty of platforms adding the term to their marketing materials. This can make it difficult to determine exactly what is and what is not SASE. In simple terms, true SASE is:
- Based on identity-driven security
- Cloud native
- Able to support all network edges
- Capable of providing performant network connectivity at a global scale
In addition to being listed as a sample vendor in Gartner’s “Hype Cycle for Enterprise Networking, 2019” Cato Networks provides the world’s first true SASE platform. Cato’s SASE platform was built from the ground up to deliver the full potential of SASE and address the needs of the modern digital enterprise. As a result, it is also the only platform capable of truly delivering on the promise of SASE today.
In addition to cloud native infrastructure that includes network and security services such as CASB, SWG, NGFW, SD-WAN, and WAN optimization, Cato provides a global private backbone as well. With over 50 PoPs connected by multiple Tier 1 ISPs and a 99.999% uptime guarantee, the Cato backbone helps enterprises achieve optimal network performance across the globe without MPLS.
Interested in learning more about SASE and CASB?
For a deeper dive on SASE, download our eBook “The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)”. If you’re interested in learning more about Cato, SASE, or CASB contact us today or sign up for a demo to see the platform in action for yourself.