Get started Bring yourself up to speed with our introductory content.

CASB: Good cloud security tool, weird name

If your organization is doing a lot with cloud computing, you may have heard people on your cloud or security teams talk about the need for a CASB. That’s pronounced KAZ-bee.

No, it’s not a magical creature in the Nintendo game The Legend of Zelda. Or a mispronunciation of the word casbah. Or a reference to The Clash cult classic, “Rock the Casbah.”

It stands for cloud access security broker. It’s a cloud security tool that serves as a gatekeeper to your organization’s systems and loops in whatever security policies you have in place. So if someone tries to access a free file-sync-and-share service such as or Dropbox, he or she will get a warning notice or could be shut down.

In an October market report, research outfit Gartner labeled CASB a “required security platform for organizations using cloud services” and predicted enormous growth in coming years. By 2020, it said, 85% of organizations will use one, up from less than 5% in 2015.

Johna Till Johnson, CEO and founder of Nemertes Research, presenting results from a security study in a webinar earlier this month, said cloud access security brokers were in use at companies with the most forward-looking and successful cybersecurity strategies.

“This or something like it is something you have to have as you’re moving out to cloud,” Johnson said. “And using it implies that you already have a set of defined policies, and you have a good sense of who should be using what and why.”

So people say it’s hot stuff. It’s still new, though. The Nemertes study — a small one, surveying 17 organizations — found that just 21% of respondents were using a CASB.

That’s probably not why you might not know what it is, though. The study found that just 41% of respondents have heard of cloud access security brokers, but 57% have plans to deploy the cloud security tool.

I’ll let Johnson deliver the punchline: “What that means is, some people are actually using it without knowing what it is, which is actually pretty funny.”

CASB might be an important piece of a cloud security initiative, she said, but it’s not a great catchword. “The folks that make these products and technologies might want to think about a different marketing acronym — I’m just saying.”

I’m not sure the spelled-out mouthful is much better. As for CASB, I think it works better as a magical creature from The Legend of Zelda.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

We have all sorts of apps that can't be packaged in any other way (apps that modify login screen, etc such as disability software)...

I like VMware's Mirage (formally wanova) approach to this...
Persona and Application distribution in one application. Love it.
Think I'll stick with App-V for app deployment...this sounds a little rudimentary
It provides an alternative to deploy applications in a selective way and within the organizations requirements.
For specific apps and specific use cases it seems very useful. Broad adoption across many segments mat present a challenge though (SLED/FED for instance).
Any solution that does not support physical desktops is going no were right now.
you cant rip and replace Physical with VDI and I'm not going to support 2 parallel environments and deploy applications twice doubling my workload.
People, Look at application Jukebox, Packages "problem apps", Delivers them to users, (near)native performance on 99% of apps. Supports Physical/Vdi/Offline etc,etc...