KuppingerCole Report
Executive View
By Mike Small

CipherCloud CASB+

Many organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of CipherCloud CASB+ which strongly matches KuppingerCole’s recommended functionality for CASBs. It provides a valuable tool that organizations can use to improve governance over their use of cloud services.

1 Introduction

Organizations are embracing the use of cloud services because of the benefits that they bring in terms of speed to deployment, flexibility and price. However, the use of these services is not well integrated into the organizations IT access governance processes and technologies.

While access to on-premises IT systems is usually well managed through access governance, the same does not always apply to cloud services. In addition, employees and associates can use personal cloud services to perform their jobs without reference to their employer. To compound the problem, mobile devices may also be used to access these services from outside of the organizational perimeter.

This creates challenges around the governance of cloud services that is needed to ensure compliance with laws and regulations as well as to manage cyber threats. The requirements for control over the transmission, processing and storage of personal data from the recent EU GDPR is one example of this. The uncontrolled use of cloud services also increases cyber-risks. Cyber adversaries may obtain unauthorized access to steal or corrupt data held in these services, as well as to implant malware that could then infect the organization using them.

In an ideal world, the functionality to manage access to cloud services and to control the data that they hold would be integrated with the normal access governance and cyber security tools used by organizations. However, these tools were slow to develop the required capabilities, and this has led to a market in CASBs (Cloud Access Security brokers) to plug the gap. It is notable that some of the CASBs on the market have already been acquired by major security software vendors and are being integrated into their toolsets.

KuppingerCole has analysed this market segment and recommends that CASBs should provide functionality that enables customers to:

  • Detect Cloud Service Usage– Identifying the cloud services being used from within an organization and providing control over their use is a key capability to manage risk. The first generation of CASBs focussed on this area providing coarse grained discovery and control using network traffic analysis and proxy gateways.
  • Control Usage of Cloud Services– access to the cloud services should be controlled so that business critical and regulated data can only be moved into approved cloud services. While employees should easily be able to access approved services, their access rights should be controlled in the same way as for other IT systems. Ideally, the access controls should be based on existing organizational directories and provide seamless access for authorized use of the approved services. Many cloud services provide granular access control capabilities, and these should be exploited.
  • Protect Data held in Cloud Services: regulated and sensitive data held in cloud services should be protected against unauthorized access and disclosure. The product should support the discovery and classification of both structured and unstructured data in cloud services as well as policy-based data security controls such as encryption, tokenization and pseudonymization without impact on the functionality of the service.
  • Protect against Cyber Risks– there are different ways in which there could be unauthorized access to a customer’s data held in the cloud service. A CASB should provide capabilities to detect cyber-threats threats to business-critical data and to protect against malware, unauthorized access and data leakage.
  • Support Compliance - many organizations depend upon their data being processed and protected in a way that is compliant with laws and regulations. To support this need, the product should provide “out of the box” capabilities aligned with specific regulations. Ideally these capabilities should be independently certified or, at least, the vendor should be able to provide examples of customers who have successfully used the product to achieve compliance.

CASBs provide a valuable tool for organizations to improve the governance over their usage of cloud services. However, it is important for a customer using these products to understand their specific requirements and select products that match these.

2 Product Description

CipherCloud has its US headquarters in San Jose CA with offices worldwide. CipherCloud was founded in 2010 with a focus on enabling enterprises in a ...

The CipherCloud CASB+ can be deployed on-premises, as a hosted service as well as in a hybrid model. It provides the functionality described in the f ...

Login Get full Access

2.1 Cloud Discovery and Analysis

CipherCloud CASB+ aggregates and analyses log files from proxies, advanced firewalls and other network devices to discover cloud applications. It cal ...

Login Get full Access

2.2 Identifying and Controlling User Access

To discover who is using cloud services and control access it is important to be able to correctly identify the users. Many organizations use Microso ...

Login Get full Access

2.3 Data Loss Prevention

CipherCloud CASB+ includes an inbuilt DLP (Data Loss Prevention) engine. It also integrates with commonly used enterprise DLP products. CipherCloud ...

Login Get full Access

2.4 Malware and Threat Detection

Files containing malware may be uploaded to a cloud service or they may become infected while resident. This creates the potential threat that when d ...

Login Get full Access

2.5 User and Entity Behaviour Analytics (UEBA)

CipherCloud CASB+ UEBA identifies abnormal activity, usage patterns and data flows, both inside and outside the organization and across a wide range o ...

Login Get full Access

2.6 Mobile Data Protection

The CipherCloud Mobile App provides customer-controlled encryption, protecting data persistently – in transit, in use, at rest and when downloaded t ...

Login Get full Access

2.7 Encryption / Tokenization

The CipherCloud Encryption Gateway (CSG) resides at the organizational network boundary to provide inline encryption and tokenization of data fields i ...

Login Get full Access

3 Strengths and Challenges

CipherCloud CASB+ strongly matches KuppingerCole’s recommended functionality for CASBs. It provides capabilities which go beyond those found in fir ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.