Post on 12-Apr-2017
transcript
webinarjune 92016
8 questions to ask when
evaluating a cloud access
security broker
STORYBOARDS
the traditional approach to
security is inadequate
STORYBOARDS
security must evolve
to protect data outside the firewall
cloud:attack on
SaaS vendor risks
sensitive data
access:uncontrolled access from any device
network:data breach - exfiltration &
Shadow IT
mobile:lost device
with sensitive data
3
STORYBOARDS
CASB: a better approach to cloud security
identity
discovery
data-centric security
mobile
STORYBOARDS
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
1.how does the solution differ from security built into cloud apps?
app vendor
STORYBOARDS
2. does the solution protect cloud data end-to-end?
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility and control over data in the cloud
■ Solution must also protect data on end-user devices
■ Leverage contextual access controls
STORYBOARDS
3. can the solution control access from both managed & unmanaged devices?
reverse proxy■ unmanaged devices - any device, anywhere■ no software to install/configure
forward proxy■ managed devices - inline control for installed
apps■ agent and certificate based approaches
activesync proxy■ secure email, calendar, etc on any mobile
device■ no software to install/configure■ device level security - wipe, encryption, PIN
etc
STORYBOARDS
4. does the solution provide real-time visibility and control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users, managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove share, etc) required to mitigate overall risk
STORYBOARDS
5. can the solution encrypt data at upload?
■ Encryption must preserve app functionality
■ Encryption must be at full strength, using industry standard encryption (AES-256, etc)
■ Customer managed keys required
STORYBOARDS
6. does the solution protect against unauthorized access?
■ Cloud app identity management should maintain the best practices of on-prem identity
■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication
STORYBOARDS
7. can the solution help me discover risky traffic on my network, such as shadow IT and malware?
■ Analyze outbound data flows to learn what unsanctioned SaaS apps are in use
■ Understand risk profiles of different apps
STORYBOARDS
8. will the solution introduce scale or performance issues?
■ Hosted on high-performance, global cloud infrastructure to introduce minimal latency
■ Security should not get in the way of user experience/productivity
STORYBOARDS
about bitglass
total data
protection est. jan
2013
100+ custome
rs
tier 1 VCs
STORYBOARDS
bitglass solutions
cloud mobile breach
14
STORYBOARDS
secure office 365 + byod
client:■ 35,000 employees globally
challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFSsolution:
■ Real-time data visibility and control ■ DLP policy enforcement at upload
or download■ Quarantine externally-shared
sensitive files in cloud ■ Controlled unmanaged device
access■ Shadow IT & Breach discovery
fortune 50 healthcar
efirm
STORYBOARDS
client:■ 15,000 employees in 190+
locations globallychallenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored in the cloud
■ Limit data access based on device risk level
■ Govern external sharingsolution:
■ Inline data protection for unmanaged devices/BYOD
■ Bidirectional DLP■ Real-time sharing control
secure google apps +
byod
business data
giant
resources:more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure O365
STORYBOARDS
bitglass.com@bitglass