Business & Technology

The Difference Between SaaS and IaaS from a CASB Perspective

By Lior Cohen | August 29, 2018

Organizations of all sizes, from small businesses to global enterprises, have been turning to cloud computing in order to accelerate their pace of business innovation and increase the rate at which the development of new technologies can take place. The implementation of new SaaS-based tools makes them available to a wide variety of professionals, and does not require a specific set of technical skills. This has played a significant role in accelerating the pace at which SaaS applications have been adopted across the business technology landscape.

Furthermore, for those larger organizations with an IT staff of technical experts in the areas of finance, operations, and marketing automation, the ubiquity of public cloud IaaS has provided increased opportunities to experiment with new technologies and rapidly develop new business applications independent from the purview of the IT department. In a sense, utilizing ready-to-use SaaS applications is very similar to using instantly available IaaS services. The former delivers business process tools, while the latter offers application development building blocks—which are the software development tools that are enabling today’s business.

Achieving today’s digital transformation requirements, while continuing to satisfy the demands for ubiquitous security—especially across multiple cloud services—has caused organizations to realize that a common set of security controls and tools are required in order to provide consistent security across different types of cloud offerings, whether SaaS, IaaS, or PaaS. Traditionally, the market has been split into using CASB tools to control the rapid usage of SaaS applications, and Cloud Information Security Posture Assessment (CISPA) or Cloud Security Posture Management (CSPM) tools for managing IaaS security. However, today’s usage patterns of technology have begun to blur the lines between these technologies because what organizations ultimately want is a common level of visibility and control across all of the self-service technologies being used in the organization. As a result, the ability to offer unified security visibility and control for both SaaS and IaaS is increasingly beneficial for those organizations involved in rapidly adopting cloud technologies.

In order to address the emerging need of organizations to impose consistent security across the variety of cloud services they are deploying, Fortinet has introduced FortiCASB 2.0. This latest release enhances the capabilities of FortiCASB 1.2, which supported Configuration Assessments and Compliance reports for AWS IaaS cloud services, by extending those capabilities to both Azure and Google Cloud environments.

FortiCASB 2.0, as part of Fortinet’s Security Fabric for the cloud solutions, offers organizations the unique ability to address threats resulting from the sprawl of SaaS applications, as well as shadow IT operations related to the adoption of IaaS services.

Implementing a Saas CASB Solution

Following are some of the highlights of FortiCASB 2.0

1. Actionable Dashboard: A new informational and drill-down capable Risk Posture dashboard for IaaS identifies specific configuration violations

2. IaaS platforms: Support for Azure and GCP configuration assessment and compliance validation

3. Ransomware: New capabilities improve protection against ransomware attacks that may have originated via files hosted in the public cloud.

4. Regulatory Compliance: Support for additional regulatory compliance policies, such as ISO270001, NIST 800-53-V4, and NIST-800-171

5. Collaboration control: Improved visibility and control over the collaboration attributes of SaaS-stored files help manage risks associated with sensitive data collaboration

FortiCASB continuously introduces new capabilities that help organizations manage the risks associated with the adoption of multiple cloud technologies. These capabilities significantly enhance an organization’s ability to enforce consistent security policies while gaining improved visibility across multiple cloud services, without introducing unneeded operational overhead.


Read our guide to learn more about how to support your digital transformation efforts and how you can take the complexity out of security with integration and automation across multi-cloud environments. Manage risk easily and effectively, while gaining visibility.