Here we are already, rounding out the second quarter of 2021. In this time of year you may be asking: who comes out at the top of Forrester’s Q2 Wave Assessment for Cloud Security Gateways? The Forrester Wave looks at technology providers in a particular category—say, Security Analytics Platforms—and ranks them on both x and y scales. The x scale stands for strategy and the y scale represents each company’s current offering. Additionally, the points on the graph are larger or smaller according to each provider’s market presence. Let’s take a look at this quarter’s Wave chart for Cloud Security Gateways (perhaps more commonly called Cloud Access Security Brokers, or CASB).
Forrester Wave for Cloud Security Gateways
The Wave chart gives a visual where the strongest providers make their way toward the top and right sides of the graph. Those closest to the top are what Forrester determines to have the strongest current offerings. In this quarter’s chart, Broadcom comes out vertically at the top, followed closely by Microsoft. The strongest strategy and biggest market presence go to Microsoft as well. It’s worth noting that Netskope basically created the modern CASB market and has been classified as a Leader in Gartner’s Magic Quadrant, a similar assessment chart, for the past several years. But according to Forrester here, it seems to be falling behind this quarter’s Leaders. Netskope no longer makes it to the Leader category and has more or less swapped places with Microsoft in terms of offerings and vision.
The Four Pillars of CASB
The strength of Leaders in the Cloud Access Security Broker market lies in their ability to excel in what are sometimes called the Four Pillars of CASB. According to Forrester’s assessment, quality in these areas is most evident in Broadcom’s CloudSOC CASB and Microsoft’s Cloud App Security (MCAS), and Microsoft shows particularly impressive strategy among them.
CASB customers need to be able to easily see what’s happening in various cloud services: who is using them, what data is being transmitted and stored, and which policies are being carried out. With multi-cloud and Software as a Service (SaasS) environments common in many organizations, this broad visibility is crucial.
Providers need to have strong data security policies they can enforce—things like access control, encryption, sharing restrictions, and enhanced authentication. Microsoft’s Cloud App Security offers many options among these capabilities, and it scored the top rating possible for data loss prevention (DLP) in Forrester’s evaluation.
Comprehensive threat protection is also vital. The best CASB providers can integrate with other cybersecurity products to offer excellent abilities in detection and remediation of unauthorized access. Forrester also gave Microsoft the top score possible in user threat protection, recognizing the real-time malware that MCAS provides.
Finally, compliance can’t be left out. CASB offerings should give clear reporting to show areas at risk for falling short of compliance standards. Microsoft has aimed to make the ability to quickly enforce compliance requirements “a key design principle” in MCAS. Here again, Microsoft received top possible scores in several categories regarding policy management.
More About the Forrester Wave for Cloud Security Gateways
All in all, there were 29 criteria that Forrester evaluated in order to make its assessment. They selected the eight Cloud Access Security Brokers that they identified as the most significant in the market and analyzed them according to these criteria. (Forrester often includes more than eight companies in its Wave assessments, so we can assume that no other CASB providers create any significant competition.) For more details on the providers and criteria in the Forrester Wave assessment for Cloud Security Gateways, see Forrester’s full report.