Last November, Blue Coat announced the $280 million acquisition of cloud access security broker (CASB) vendor Elastica, a move that is now paying off for the company. Blue Coat is integrating Elastica capabilities with its Secure Web Gateway products as part of an overall push to expand cloud security.
Elastica's Audit subscription service is now being integrated with Blue Coat's AppFeed, providing visibility into cloud access and shadow IT activities, according to Bradon Rogers, senior vice president of product strategy and operations at Blue Coat.
"Elastica Audit provides the ability for organizations to find shadow IT operations and really get an idea of who is using what application and when," Rogers told eWEEK.
Typically with CASB technologies, audit-type capabilities are passive and are only able to alert organizations about potential issues and concerns, without providing the ability to actually act on the alert, Rogers said. He explained that what Blue Coat is now doing is integrating Elastica Audit feeds into the ProxySG security gateway, enabling organizations to not only identify applications but to also have policies around application usage.
Going a step further, attributes around application usage in the cloud can also be enforced. For example, a policy can be put in place to recognize whether or not a given cloud service is using two-factor authentication, or if the application is compliant with a certain specification.
"We track dozens and dozens of attributes around applications, and we allow organizations to build policies around those attributes," Rogers said. "So you can not only get visibility into what's going on, but you get full control as well."
Audit is just one of many technologies in Elastica's cloud security portfolio that Blue Coat intends to integrate into its product lineup.
Elastica has a technology called securlets that enable stand-alone security application deployment, Rogers explained. As an example of how the Elastica securlet technology can be instrumented to work with Blue Coat, mobile is a good use case, he said. An organization could provision a security profile for a user's mobile phone with a securlet and make sure that all traffic flows back through Blue Coat's security services. While it's common for users to have mobile device management (MDM) control, Rogers said there are use cases where the user is not under direct MDM or enterprise control.
"If a user … gets a new phone from their local phone provider and they go to Microsoft Office 365 directly, I can't usually control the user at that point," Rogers said. "But what securlets allow me to do is to reach into that cloud application and control it, no matter what device you're logging in from."
As such, the securlet capabilities provide what is referred to as an "out-of-band" capability for managing a device that is not inline with an enterprise's network or IT operation.
Elastica also has a product called CloudSOC (Security Operation Center) that provides visibility into all cloud applications in use by an organization. Rogers said CloudSOC complements Blue Coat's portfolio by extending user visibility beyond just on-premises applications.
Overall, Elastica integration with Blue Coat to date has been reasonably smooth, according to Rogers.
"If you look at the harmony between what Elastica does and what Blue Coat does, there is a natural cohesion between the two organizations," he said. "Elastica fits very cleanly into what we do at Blue Coat."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.