IT executives generally prefer holistic security solutions that solve a wide range of needs. But security startups are now able to quickly develop solutions that close critical security gaps when more specific needs arise: Shadow IT is a perfect example of a specific problem that requires a specific solution. However, the biggest cyber security solutions have little to offer. Gartner recently published a piece called the Top 10 Technologies for Information Security, and #1 was:

“By 2020, 80% of new deals for cloud-based cloud-access security brokers (CASB) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.”  (Read ManagedMethods’ CEO, Charlie Sander’s take on the Gartner predictions)

You don’t have to be in the security industry to see why this prediction is a no-brainer. CIOs and CISOs don’t want to feel like they are playing whack-a-mole with gaps in their previously purchased security solutions. They expect those existing security solutions to be future-focused, so when needs arise, a simple adjustment or update is all it takes. But for those who want to address Shadow IT, their existing security solutions fall short.

Why are security vendors so far behind?

While the problem of Shadow IT is well known, the scope of the issue has grown quickly, and traditional firewall vendors have been caught off guard. Businesses transitioned from in-house solutions to cloud-based ones in a blink of an eye. This fundamental change in business process also changed the way we must think about cyber security. Perimeter-based solutions aren’t adequate in an interconnected world. Security needs to be inherent in every connection that’s made with cloud apps. As a result, CASB solutions have a completely different business model than their predecessors. Traditional cyber security is hardware based, but many CASBs are API based and often delivered through a SaaS model.

What are security vendors doing to mend the gap?

Despite a few large acquisitions, most cyber security vendors have partnered with smaller startups to provide clients with Shadow IT coverage. However for most customers, buying an additional security solution isn’t very appealing. As a result, CIOs and CISOs who think they’ve covered every security gap probably still have a Shadow IT problem.

Given the multitude of security solutions that pitch to businesses, industry consolidation makes sense and is already underway. 451 Research just published a piece about Cisco’s acquisition of CloudLock that includes this table:

Date announced Target Acquirer Employees Deal value
June 28, 2016 CloudLock Cisco Systems 150+ $293m
November 9, 2015 Elastica Blue Coat Systems 188 $280m
September 8, 2015 Adallom Microsoft 94 $250m*
July 30, 2015 Perspecsys Blue Coat Systems 100 $44.7m
May 27, 2015 CirroSecure Palo Alto Networks 10 $18m
March 31, 2015 Anicut Systems CipherCloud Fewer than 5 Not disclosed
February 6, 2014 Skyfence Networks Imperva 20* $60m
January 15, 2014 CloudUp Networks CipherCloud 2 Not disclosed
September 26, 2013 SaaSID Intermedia 20 Not disclosed

The CASB space is heating up: as CASBs mature and the market size increases, the deal values are ballooning. Enterprise firewall vendors like Check Point, Fortinet, Sonicwall, Sophos and WatchGuard that are waiting to either acquire an existing CASB or roll out their own solution are watching the window of opportunity beginning to close. Acquisitions will become unaffordable and their customers will either procure their own CASB or switch to a more holistic vendor.

Want to see how a CASB can give you visibility into your company’s cloud app use? Watch Cloud Access Monitor in action in this short video.

David Waugh

David Waugh

VP, Sales and Marketing

Share this entry