Gartner expects that by 2022 60 per cent of large enterprises will use a CASB to govern cloud services

Gartner has just released its 2018 Magic Quadrant for Cloud Access Security Brokers (CASB), which predicts that by 2022 60 per cent of large enterprises will use a CASB to govern cloud services, up from less than 20 per cent today.

The analyst firm also forecasts that through 2023, at least 99 per cent of cloud security failures will be the customer's fault.

Gartner defines the CASB market as products and services that address security gaps in an organisation’s use of cloud services.

"[CASBs] deliver differentiated, cloud-specific capabilities generally not available as features in other security controls such as web application firewalls (WAFs), secure web gateways (SWGs) and enterprise firewalls," the analyst firm said.

"CASBs provide a central location for policy and governance concurrently across multiple cloud services — for users and devices — and granular visibility into and control over user activities and sensitive data. CASB coverage scope applies broadly across the SaaS, PaaS, and IaaS cloud service delivery models."

One of the leading companies in Gartner's Magic Quadrant is Skyhigh Networks. According to its founder and CEO, Rajiv Gupta, it helped to define the concept of cloud access security broker, now ranked as the fastest growing security category ever by Gartner.

"The cloud access security broker market is expected to grow 50 percent CAGR of the next five years. The next category is less than half that," he said.

Gupta said that Gartner has estimated US$1.3 trillion of annual IT spend is affected by cloud, of which $126 billion security spending will be affected by cloud next year.

Skyhigh, founded in 2012, was acquired by McAfee in early 2018 and Gupta is now senior vice president at McAfee and head of its Cloud Security Business Unit.

Gupta told Computerworld at McAfee's recent MPower event in Sydney that, since the acquisition Skyhigh had been integrated with some of McAfee's products: Endpoint protection, data loss prevention, malware detection, global threat intelligence and its web gateway. "Customers get end to end security, otherwise you end up with silos that become an operational nightmare for a company,” he said.

In its 2018 Magic Quadrant for Cloud Access Security Brokers, Gartner says: "Interest in CASBs is intense and customer adoption is rapid — driven by enterprises of all sizes embracing the cloud as the default starting point for new projects and the next step for updates and enhancements to existing applications."

It adds: "Cloud access security brokers have become an essential element of any cloud security strategy, helping organisations govern the use of cloud and protect sensitive data in the cloud."

Cloud risks are rising, says McAfee

McAfee has just released its Cloud Adoption and Risk Report, which it says is based on analysis of billions of events in anonymised customers' production cloud use. It indicates that a quarter of the data in the cloud can be categorised as sensitive and that sharing of sensitive data in the cloud has increased 53 per cent year on year.

McAfee also said the results indicated 22 per cent of cloud users share files externally, up 21 per cent YoY, that sharing sensitive data with an open, publicly accessible link had increased by 23 per cent YoY, and that the sending of sensitive data to a personal address had increased by 12 per cent YoY.

McAfee also estimated that threats in Office 365 had grown by 63 per cent YoY.

Not surprising, McAfee is recommending CASB deployment as a first step towards protecting data in the cloud. "They help organisations leverage and extend their existing security controls where appropriate and define and deploy new cloud-native ones where appropriate to enable enterprises to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS," McAfee said.