Blue Coat has acquired cloud security provider Perspecsys in order to boost its cloud access security broker (CASB) credentials.
Blue Coat already possess a fairly comprehensive security tools portfolio including its own security analytics and threat intelligence tools. What Perspecsys brings to table is a set of compliance and data sovereignty tools. It is this merger of the two sets of capabilities that has led Blue Coat to claim in its press release that it is now positioned as a leader in the CASB space.
Protecting applications and data even in the public cloud
One of the big security challenges facing companies today is how to manage data that is leaving the organisation and entering the cloud. This is not just about Business Units (BU) moving to cloud services and applications without IT approval but also affects approved cloud projects. This is where the Perspecsys product line fits into Blue Coat’s strategy where it’s products are to become part of the Secure Web Gateway portfolio.
Back in June at Infosec Europe, we talked to Dr Hugh Thompson, CTO, CMO and Snr VP at Blue Coat about the challenge of compliance and tracking data being moved outside of the enterprise. He told us: “We already have the ability to do SSL intercept and decrypt in real-time so that customers can see what is entering and leaving their network. We could take that and begin to put rules on it especially for customers who have Data Loss Prevention (DLP) solutions. This has to be done in silicon not software to get the performance customers demand.”
A major challenge is integrating DLP solutions with the legal framework of compliance. This is one of the reasons why Blue Coat has acquired Perspecsys. Among the solutions that Perspecsys delivers is support for a range of industry standards such as PCI DSS, HIPAA, ITAR, FISMA and FedRAMP. Blue Coat also has solutions that meet some of these standards but Perspecsys gives them wider support.
Alongside this is the more complex problem of understanding country specific privacy laws. Facebook has recently discovered that compliance with Irish privacy laws does not mean it can ignore the law in Germany. This is just the first of several European cases that Facebook is dealing with. Google is also struggling with the European landscape in particular how to deal with Right to be Forgotten cases where the data is available on sites that are based outside of Europe.
Next year, the introduction of the European General Data Protection Regulation will harmonise many of these laws and provide a much tighter base. That does not mean that countries will stop adding additional protections. Perspecsys already has specific products in place for key European countries as well as the US, Canada, Australia, Hong Kong, Mexico and Singapore.
These are all part of the Cloud Data Residency and Data Sovereignty tools that Perspecsys provides. By integrating this into the existing tracking of data and DLP solutions that Blue Coat owns, customers will be able to create much more granular and effective data protection. This will be welcomed by many customers who are struggling to make the different systems they own work together and provide the audit trails they require to meet compliance requirements.
Another benefit of this deal is that Perspecsys AppProtex Cloud Data Protection Platform provides protection for data used by cloud-based applications. Perspecsys has versions of AppProtex for Salesforce, ServiceNow, Oracle and other Software as a Service (SaaS) providers.
When all of this is taken into account it is easy to see why Blue Coat were keen to acquire Perspecsys. It now has the ability to apply rules in silicon that can detect sensitive data moving through the network and align that with the discovery and protection of data already in the cloud.
Conclusion
The cloud-based security service market is growing quickly as security vendors offer to fill the skills gap in cybersecurity professionals. It is not just enterprises that are suffering, vendors are also finding it hard and expensive to fill the skills gap. As a result, we are beginning to see an increase in the number of acquisitions and mergers between companies.
While a merger does bring new skills, products and customers to the table it also raises questions about the ability to integrate. In the security market it is not unusual to see companies with a wide set of products but inconsistencies between them. These inconsistencies create the cracks that cybercriminals and hackers can exploit. Customers will be watching closely to see how well Blue Coat and Perspecsys manage the integration of their portfolios.
