Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | bitglass |
View: | 108 times |
Download: | 2 times |
CASBs:A New Hope
A long time ago in a CISOs
old security strategy
STORYBOARDS
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
CASBs secure data across any cloud app
app vendor
STORYBOARDS
shadow IT
The clone wars:In the beginning before the republic was sabotaged by the empire: Translation - Shadow IT was all we knew
STORYBOARDS
shadow ITgain visibility into your org’s cloud usage
■ Identify unsanctioned apps in use in your organization
○ Understand risk profiles of these frequently used apps
■ Intelligent, time-saving alerts out of the box
STORYBOARDS
shadow IT
API-based approach
Revenge of the Sith:The empire began growing powerful with their management of security approachTranslation - Orgs. are limited with limited API security
STORYBOARDS
data-at-rest in the cloudapi control
visibility and control of cloud data
● DLP scans & quarantine
● modify sharing permissions
● watermark, DRM, redact, encrypt
● proxy-accelerated API-scans
6
STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:complex, costly, and doesn’t work across apps
STORYBOARDS
shadow IT
API-based approach
API + in-line
A New Hope:The Rebels emerged with a new way to secure SAAS applications with an agentless in-line approach. The old republic (empire) methods were still used to maintain balance with the force.
STORYBOARDS
how casb security works
reverse proxy■ unmanaged device controls without agents
forward proxy■ managed devices controls
activesync proxy■ secure email, calendar, etc on any mobile
device■ device level security - wipe, encryption, PIN
etc
STORYBOARDS
casb securitya data-centric approach ■ Cloud data doesn’t exist only “in the
cloud”
■ IT must protect data at access and on any device
○ Granular DLP
○ Context-aware to distinguish between users, device type, more
○ Device controls on mobile
STORYBOARDS
3top MDM vendors do not use their
own product
Bitglass BYOD Security Survey 2015
MDM is obsolete
67%would participate
in BYOD if IT couldn’t access personal data &
apps
38%of IT
professionals don’t
participate in their own BYOD
security programs
STORYBOARDS
mobile securitycloud and mobile are inseparable
■ IT must enable secure access to cloud apps from any device
■ BYOD poses a threat to data security due to a lack of visibility and control after download
■ CASBs accommodate user BYOD demands and IT security needs without agents
STORYBOARDS
casb identitycentralized identity management is key in securing data
■ CASBs offer integrated identity management across apps
■ Limit potential breaches with step-up multifactor auth for high risk logins
STORYBOARDS
secure office 365 + byod
client:
■ 35,000 employees globally
challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution: ■ Real-time data visibility and control ■ DLP policy enforcement at upload
or download■ Quarantine externally-shared
sensitive files in cloud ■ Controlled unmanaged device
access■ Shadow IT & Breach discovery
fortune 50 healthcar
efirm
STORYBOARDS
client:
■ 15,000 employees in 190+ locations globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored in the cloud
■ Limit data access based on device risk level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure google apps +
byod
business data
giant
STORYBOARDS
about bitglass
total data
protection est. jan
2013
100+ custome
rs
tier 1 VCs
resources:more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure O365
STORYBOARDS
bitglass.com@bitglass