In the past, security technologies were black boxes that you placed in your data center. For the most part, customers didn’t look inside the security technology. Those black boxes worked well in a defined perimeter. Things started changing with virtualization. You can now get a powerful security VM stood up in minutes.
Increased adoption of cloud applications and cloud-based email, like Gmail and Outlook.com, has improved a few things. Your end users can access these apps from anywhere in the world with very good performance, availability, scalability, and resiliency. And the infrastructure of Google and Microsoft is mind-blowing. They add more capacity on a daily basis that is larger than your entire infrastructure capacity. They are laying cables and adding data centers in every corner of the world. For example, Google is spending $30B in 2017 on their infrastructure.
Google Data Centers 2017
What does this mean for you and your company? You don’t have to worry much about the performance of G Suite or Office 365 (or even Dropbox and Slack, which rely on another giant in the space, AWS ). The service is always available. It is available from a location closest to your end user irrespective of where they are. It’s a wonderful world indeed.
Now, let’s say you put a black box between your end users and their Gmail account. You just created a constricted pipe and made the whole user experience go downhill. It may not even be a black box, but a proxy sitting in a specific data center somewhere in Northern California. In the 90s, proxies grew like weeds and caused proxy fatigue for IT security. Now, these proxies are even worse in that they do not scale to the needs of your global and mobile workforce. A proxy between your end users and cloud apps can often be the weakest link in the chain.
What good is adopting a cloud app that’s scalable and available if you constrain it with technology from the 90s? It’s both self-defeating and error-prone.
So to answer the original question “does the architecture of your Cloud Access Security Broker (CASB) matter?,” the answer is YES. You need a cloud-native architecture that is deployed on the same infrastructure as your cloud app provider. You don’t want something between your end user and a cloud app. You want a solution that uses APIs to works with your cloud app to enforce your security policy.
For a true cloud-native security solution to protect your cloud apps and cloud-based emails, request your free trial of Cloud Access Monitor today.