"We make it easy to keep your data safe in the cloud." That's the first slide in Adallom's marketing presentation. We wanted to know what that rather broad statement meant. It turns out that it means exactly what it says. With a primary purpose of reducing the attack surface, Cloud Application Security Platform (CASP) addresses the application directly. The actual system can reside on-premises or in the cloud. In either event, it acts as a broker for all access to protected applications.
Today, the on-premises data center still runs pretty much by the same rules it always has. Even though the idea of a perimeter is fast disappearing, there still is a perimeter of sorts within the server room. Whether the servers are virtualized or physical, there still needs to be some level of protection overall to work with localized protection at the server or virtual machine. There are lots of applications that can achieve that.
When the targets - i.e., the applications that the organization uses - move to the cloud, however, the ball game changes markedly. Now we have a whole new collection of challenges. For example, we have the recurring theme of shadow IT. That means users doing configuration, deployment and management tasks usually reserved for the IT staff. We have no idea what the architecture of the cloud application is and how - or, even, if - it's secured. There is no universal set of security controls that we can expect. And if we integrate the cloud with our data center we may face additional challenges.
Adallom CASP sits between the firewall and the cloud applications where it has the best visibility of the cloud apps used by the organization. Connection back into the organization's security stack provides the coordination between the cloud apps and the organization's internal security policy needed to extend that policy to the cloud.
CASP addresses five specific areas of security for integration of cloud apps into the enterprise.
First, there is visibility which includes such things as app discovery. This covers more than 13,000 apps at this writing - users and accesses.
Compliance includes data loss prevention, eDiscovery - a big one, in our view - and reports on such things as configuration management and cloud activity.
Data security is a bit of a catch-all, including encryption, sharing controls and data access governance (although not, explicitly, access control).
Access control picks up where data security leaves off with NAC for the cloud and, a big one, device pinning. Device pinning forces an application to restrict access to all but attempts from specific devices.
Finally, threat prevention - and we really wish vendors would stop using the term "threat" as a synonym for "malware." These guys are pretty good at that since their idea of threat prevention includes not only malware but anomaly detection, intelligence and incident management. So the threat may or may not be malware and, even so, CASP addresses it.
As with many tools of this type, we enter the tool at the dashboard. This one has a good dashboard with a lot of information that can lead the administrator quickly to areas they believe need to be explored immediately. All cloud apps are being scored continuously on their security - what Adallom calls SaaS Protection Overview. Anything but green shows up clearly on the dashboard and the admin can drill down to find the source of the problem. The usual summaries of activities and problems, of course, are there as well.
CASP handles both standard and sanctioned applications. Sanctioned apps are those that are managed explicitly through an API. These tend to be the most important applications being run. Policies are intuitive and, in most cases, are built up using filters. The process is point-and-click so it goes fast and is clear regardless of the complexity of the final outcome.
The product uses a combination of third-party anti-malware and its own. It uses its own for straight pattern matching while it uses third party solutions for sandboxing (dynamic analysis) and reversing. Logging is comprehensive and the product addresses not only legacy risks from traditional data centers but those new ones that have emerged from the cloud.
The level of application support, the ease of use and the reliability of having all of the traditional application security management functions implemented for apps in the cloud, make Cloud Application Security Platform well worth the moderately low price of admission. Throw in excellent reporting, security alerts triggered by the Adallom heuristics engine and cloud-based threat intelligence make this a very good deal, indeed.
At a glance
Product Cloud Application Security Platform
Company Adallom
Price $5 to $10 per user, per cloud application, per month.
What it does Cloud access security broker.
What we liked Supports a huge number of cloud applications (more than 13,000) and is simple to deploy and seamless to users.