Next-Gen CASB vs First-Gen CASB

This post was originally published here by  Nat Kausik.

Recently, Bitglass was selected at a Fortune 100 financial services company for their CASB platform.  During the course of the competitive process, we learned some interesting things about the CASB market. 

First-Gen CASB fall into two categories.   

  • Out-of-band CASB that deliver API control and Shadow IT Discovery, i.e. management capabilities for cleaning up after high-risk events.  Being out-of-band, such CASB can be deployed rapidly without impact on end-users.
  • Inline CASB with forward-proxy architectures that require agents on every device.  While such CASB can provide real-time security, they are nearly impossible to deploy outside the laboratory.    There are many enterprises who have purchased such CASB and only have a handful of users deployed after a year or more of trying.  

In other words, First-Gen CASB deliver weak out-of-band security that is deployable, or offer strong inline security that is undeployable.   Neither choice is satisfying if you are Fortune 100 financial services company.  

Bitglass is the only Next-Gen CASB, built on a hybrid agent/agentless architecture.   Our largest customers with over 100K users deployed inline security in weeks and have been in continuous production for over several years.



No posts to display