CASBs:A New Hope

A long time ago in a CISOs

old security strategy

STORYBOARDS

enterprise(CASB)

end-user devicesvisibility & analytics

data protectionidentity & access control

applicationstorageserversnetwork

CASBs secure data across any cloud app

app vendor

STORYBOARDS

shadow IT

The clone wars:In the beginning before the republic was sabotaged by the empire: Translation - Shadow IT was all we knew

STORYBOARDS

shadow ITgain visibility into your org’s cloud usage

■ Identify unsanctioned apps in use in your organization

○ Understand risk profiles of these frequently used apps

■ Intelligent, time-saving alerts out of the box

STORYBOARDS

shadow IT

API-based approach

Revenge of the Sith:The empire began growing powerful with their management of security approachTranslation - Orgs. are limited with limited API security

STORYBOARDS

data-at-rest in the cloudapi control

visibility and control of cloud data

● DLP scans & quarantine

● modify sharing permissions

● watermark, DRM, redact, encrypt

● proxy-accelerated API-scans

6

STORYBOARDS

■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD

■ High operational overhead - Complex to configure and maintain

■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs

■ High cost - Must have top of the line license

■ Point solution - Support focused on Office 365, what about other cloud apps?

office 365 native dlp:complex, costly, and doesn’t work across apps

STORYBOARDS

shadow IT

API-based approach

API + in-line

A New Hope:The Rebels emerged with a new way to secure SAAS applications with an agentless in-line approach. The old republic (empire) methods were still used to maintain balance with the force.

STORYBOARDS

how casb security works

reverse proxy■ unmanaged device controls without agents

forward proxy■ managed devices controls

activesync proxy■ secure email, calendar, etc on any mobile

device■ device level security - wipe, encryption, PIN

etc

STORYBOARDS

casb securitya data-centric approach ■ Cloud data doesn’t exist only “in the

cloud”

■ IT must protect data at access and on any device

○ Granular DLP

○ Context-aware to distinguish between users, device type, more

○ Device controls on mobile

STORYBOARDS

3top MDM vendors do not use their

own product

Bitglass BYOD Security Survey 2015

MDM is obsolete

67%would participate

in BYOD if IT couldn’t access personal data &

apps

38%of IT

professionals don’t

participate in their own BYOD

security programs

STORYBOARDS

mobile securitycloud and mobile are inseparable

■ IT must enable secure access to cloud apps from any device

■ BYOD poses a threat to data security due to a lack of visibility and control after download

■ CASBs accommodate user BYOD demands and IT security needs without agents

STORYBOARDS

casb identitycentralized identity management is key in securing data

■ CASBs offer integrated identity management across apps

■ Limit potential breaches with step-up multifactor auth for high risk logins

STORYBOARDS

secure office 365 + byod

client:

■ 35,000 employees globally

challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing

infrastructure, e.g. Bluecoat, ADFS

solution: ■ Real-time data visibility and control ■ DLP policy enforcement at upload

or download■ Quarantine externally-shared

sensitive files in cloud ■ Controlled unmanaged device

access■ Shadow IT & Breach discovery

fortune 50 healthcar

efirm

STORYBOARDS

client:

■ 15,000 employees in 190+ locations globally

challenge:

■ Mitigate risks of Google Apps adoption

■ Prevent sensitive data from being stored in the cloud

■ Limit data access based on device risk level

■ Govern external sharing

solution:

■ Inline data protection for unmanaged devices/BYOD

■ Bidirectional DLP

■ Real-time sharing control

secure google apps +

byod

business data

giant

STORYBOARDS

about bitglass

total data

protection est. jan

2013

100+ custome

rs

tier 1 VCs

resources:more info about cloud security

■ whitepaper: the definitive guide to CASBs

■ report: cloud adoption by industry

■ case study: fortune 100 healthcare firm secure O365

STORYBOARDS

bitglass.com@bitglass