CASB delivers must-have protection for your SaaS apps
Starts at $8 per user per month for Discovery, $15 per month for the Active Platform. Options such as DLP, Encryption, and Malware Protection are priced separately.
Starts at $2/month to $30/user month + maintenance costs/help desk costs + those that use a gateway with on-premises can be $30-150K depending on complexity.
Breach Discovery + Log analysis, $2/user/mo. Add Mobile-only protection, $5/user/mo. Standard edition (mobile+web+DLP) $10/user/month, Enterprise (includes encryption and specific app control) $30/user/month).
Detailed platform with very good analytics and administrative tracking; flexible and deep cloud app intelligence, high potential programmability
Extreme encryption flexibility and with it, DLP control for large organizations needing international regulatory compliance
Detailed and broad canned application control, graduated services
Docs could use work; a la carte pricing and configuration potentially inconvenient
Requires platform dedicated work costs; potential additive cloud app coverage costs
Comparatively less programmability.
CipherCloud Trust Platform
CipherCloud provides a hypervised gateway appliance priced per user. Inside the appliance are three functional components, administrative, security, and connectors specific to managed CASB resources. Pricing, like the other products in this review, is based in gradients of services provided.
CipherCloud is a construction set with many pre-fab pieces, and it requires significant planning to deploy in order to gain full effectiveness. It’s in use by some of the largest financial institutions in the world.
The strong upside is its ability to establish strong flexible encryption to the record/field level, and with it, strong DLP controls for its list of covered applications. A hidden cost is integration and adaptation of specific cloud app platforms, like Salesforce. With some work, it can be come annealed to a target application like no other, because of its data protection schemes.
We installed the gateway as an Amazon Web Services VM. Multiple instances of the gateway appliance VM can be used in redundant instances as a reverse proxy gateway between users and cloud resources. Once set, and platforms are encrypted, so it renders AES-256 gibberish of any access that doesn’t use the gateway and its decryption resources. Once accessed through the controls set in CipherCloud’s trust platform, it’s possible to set encryption that allows searches and field-level data loss prevention (DLP) flagging and control.
We like CipherCloud for its certificate key control, staggering varieties of stateful/stateless encryption, tokenization possibilities and breadth of popular SaaS app coverage. (CipherCloud doesn’t cover every app found in the cloud.)
We also like it for its strong flexibility for varying deployment designs for larger organizations. BitDefender services are available as an additional intermediary for streams flowing through, although streaming data examination isn’t totally perfect.
Architecturally, the VM is a reverse proxy gateway appliance that’s licensed by user count, so multiple instances can be generated and deployed without additional cost. The gateway, which requires healthy server-allocation resources, serves as a deep-inspector, even with many pre-set encrypted data flows filtering through it, using AES-256 encryption.
Must read: 10 new UI features coming to Windows 10