Cloud access security brokers arrived on the scene with a bang in 2015, thanks to plentiful venture capital funding, compelling use cases and alluring customer testimonials.
Almost three years later, much has changed with cloud access security broker (CASB) market. There are barely any stand-alone players left in the market following a flurry of acquisitions during that span that drastically reshaped the cloud security industry. A space that was once dominated by borne-in-the-cloud startups is now filled with giants such as Microsoft, Cisco and Symantec.
The latest deal in the CASB market saw McAfee acquire Skyhigh Networks, arguably the top vendor in the space, this week. But there were many acquisitions before it. To recap:
- Microsoft got the ball rolling with CASB acquisitions when it purchased startup Adallom in July of 2015, which later became part of Microsoft’s Cloud App Security business. Terms of the deal were not disclosed but news outlets reported the price ranged between $250 million and $320 million.
- Also in July of 2015, Blue Coat Systems acquired Perspecsys for an undisclosed amount (Blue Coat was later acquired by Symantec in 2016).
- In November of 2015, Blue Coat made another CASB acquisition with its purchase of Elastica for $280 million.
- Cisco acquired CloudLock in June of 2016 for $293 million.
- In September of 2016, Oracle purchased Palerra for an undisclosed amount.
- Proofpoint acquired FireLayers in October of 2016. Terms of the deal were not disclosed.
- In February of this year, Forcepoint acquired Skyfence from Imperva for approximately $40 million. Imperva had purchased the CASB in 2014.
There are a few remaining stand-alone players in the CASB market, including Netskope (which analysts considered a market leader alongside Skyhigh), Bitglass and CipherCloud. But going forward, the space will be increasingly dominated by the old guard rather than the startups.
However, that’s not necessarily a bad thing. While the CASB market as a stand-alone category may soon be a thing of the past, the CASB model is very much alive. Cloud application and SaaS usage, whether approved by IT departments or not, will only increase, and enterprises will continue to need products and services that can discover, manage and secure those apps.
In addition, the vendors that moved into the CASB space have a clearly stated desire to increase their cloud security presence. That includes companies like Microsoft and Oracle, which have their own SaaS offerings as well as a need to protect customer usage of those cloud apps. Even McAfee, which at one point under Intel’s ownership had scaled back on its cloud offerings, has a new vision of combining endpoint and cloud security.
The stand-alone CASB market may be nearly gone, but the business case for the technology remains. It’s unclear whether CASB will continue to be a security product category in the coming years, or if the functionality will simply be folded into existing categories like web security gateways or other cloud security services. But the enterprise challenges of managing shadow cloud services and securing third-party SaaS offerings will remain, and so too will CASB technology.