Cloudflare acquires ‘modern’ CASB, aims to become most-deployed SASE

Join today’s leading executives online at the Data Summit on March 9th. Register here.

Cloudflare has added a key missing piece for its secure access service edge (SASE) offering, with the acquisition of a startup that brings easy-to-implement capabilities for securing web-based applications, according to cofounder and CEO Matthew Prince.

The startup, Vectrix, serves as a “modern” version of a cloud access security broker (CASB), Prince told VentureBeat. The startup has developed technology that offers enhanced visibility and control for data at rest in software-as-a-service (SaaS) applications — which Cloudflare is now adding into its SASE offering, the Cloudflare One platform.

“And my hunch is that, if you check in a year from now, this will be the most broadly deployed CASB platform in the world,” Prince said, with the company able to bring the capabilities to its extensive customer base.

San Francisco, California-based Cloudflare reportedly had 132,390 paying customers as of the end of September.

The terms of the acquisition, which is being announced today, were not disclosed. Vectrix was founded in 2020 and took part in the Y Combinator Summer 2020 cohort. The San Francisco startup had raised $2.2 million in funding, and has brought its seven employees to Cloudflare, the company said.

Future of the network

Cloudflare One represents the direction that the company — known for its global network that enables strong security and performance for web properties — is most focused on now. The SASE platform provides a zero trust architecture and “network-as-a-service” approach for securely connecting users to enterprise resources, the company says, while also leveraging Cloudflare’s well-known security capabilities such as distributed denial of service (DDoS) mitigation.

Cloudflare One debuted in October 2020, and the company has touted it as “the future of the corporate network.” Customers using the platform include Canva, Delivery Hero, and a Fortune 500 pharmaceuticals company, the company said.

Key capabilities that Vectrix will bring to the platform include the ability to scan third-party tools to detect security issues such as misconfigurations and unauthorized user access, inappropriate file sharing, and shadow IT usage.

The average business now uses approximately 110 SaaS applications, a seven-fold increase since 2017, according to a report from BetterCloud. At the same time, the use of SaaS apps in the business continues to be challenging to secure due to issues such as lack of visibility, the report found.

SASE aims to offer a more dynamic and decentralized security architecture than existing network security architectures, as it accounts for the increasing number of users, devices, applications, and data that are located outside the enterprise perimeter. SASE’s “anywhere, anytime” approach for enabling secure remote access typically includes capabilities such as secure web gateway, CASB, next-generation firewalls, and zero-trust network access.

Along with Cloudflare, major vendors in the SASE market include Cisco, VMware, Zscaler, Cato Networks, Fortinet, Palo Alto Networks, Perimeter 81, Versa Networks, Netskope, and Aryaka.

A simplified approach

Prince says he’s so bullish about the prospects for Cloudflare’s new offering because unlike other CASBs, Vectrix offers a dramatically simplified deployment.

CASB has become something of a “four-letter word,” due to its reputation for being “incredibly difficult to implement,” he said. Cloudflare surveyed the CASB market broadly as it investigated whether to partner with a vendor, acquire a vendor, or internally develop capabilities to bring CASB functionality to its SASE platform, he said.

With the Cloudflare One platform, “one place that we were really missing visibility was when data was actually at rest in an application,” Prince said. “We could see the data as it flowed through the network. We could control who had access to those applications. But oftentimes, the applications themselves — Salesforce, or Workday, or whatever it is that you’re running — might store information that is sensitive. And you don’t necessarily have a clear picture of what is stored where, and who has access to that.”

Conversations with enterprises, however, indicated that many enterprises were still in the process of implementing CASB capabilities due to the difficulty involved, he said. And those who had already implemented CASB told Cloudflare that the technology “doesn’t work all that well,” Prince said.

With other CASB vendors, implementation is “a process and it’s an ordeal—and if you don’t get it right, then they don’t deliver very much value,” he said. “We really weren’t happy with any of the vendors that were out there.”

Vectrix, on the other hand, actually “fulfills the promise of CASB,” Prince said.

“The thing that really struck us was how much their philosophy of going after this space was similar to Cloudflare’s philosophy, when we went after the network security space in the beginning—which was that ease of use is the killer feature,” he said.

What the team at Vectrix “really understood is that none of this matters unless you can get people to actually implement it,” Prince said. The startup developed a system “which is incredibly powerful, incredibly easy to use. And when we looked at it, we said, this is better than something that we could build ourselves,” he said.

‘Modern infrastructure’

Vectrix was able to develop an easy-to-implement platform in part through taking advantage of APIs and the “modern infrastructure stack that we have today,” said Corey Mahan, cofounder and CEO of Vectrix and now a director of product on the Cloudflare One team. By contrast, many of the major CASB vendors didn’t have this option when they first built their products, Mahan said.

The capabilities offer customers “almost immediate time to value,” he said.

“We’re providing users insights by that time most people have signed agreements for [proof of concepts],” Mahan said. “We’ve really taken the difficulty in integrating and setup, and made it very seamless and consistent across apps—so that anyone can get up and running very, very quickly.”

Along with Mahan, Vectrix cofounders Alex Dunbrack and Matthew Lewis have also joined Cloudflare.

Vectrix is the eighth acquisition for Cloudflare since its founding in 2009, and follows the company’s acquisition of website performance enhancement startup Zaraz in December.

By bringing the Vectrix technology into Cloudflare One, customers will be able to reduce their need for other vendors in addition to improving their security and gaining insights into their environments, Prince said.

“It means that more and more, our customers can consolidate vendors and use Cloudflare for all of their network and other security needs,” he said.

Ultimately, “we believe that we’ve got the best user experience of any SASE out there,” Prince said. “Other SASE applications slow IT teams down, are a pain to implement, and really disappoint and frustrate end users. But from the beginning, one of our key value propositions was performance. And we take that incredibly seriously.”

Originally appeared on: TheSpuzz