isc(2) security briefing part 2 - casbs: real-world use cases
TRANSCRIPT
cloud access security brokers:real world use cases
apr 7 2016
cloud and mobile are inseparable...
saas
driving corporate data outside the firewall.
STORYBOARDS
security must evolve to protect data outside the
firewall
ungoverned access to
corporate data in the cloud
hidden Shadow IT threats
sensitive cloud data on
unmanaged devices
STORYBOARDS
CASB: a better approach to cloud security
identity
discovery
data-centric security
mobile
STORYBOARDS
casb securitya data-centric approach
the new data reality requires a new security
architecture
■ cross-device, cross-platform agentless data
protection
■ granular DLP for data at rest and in motion
■ contextual access control
■ detailed logging for compliance and audit
STORYBOARDS
casb discoverygain visibility into your org’s cloud usage
■ analyze outbound data flows to learn what SaaS apps your organization is using
■ understand risk profiles of different apps
■ essential in process of enabling secure cloud app usage
STORYBOARDS
managed devices
application access access control data protection
unmanaged devices / byod
in the cloud
Forward ProxyActiveSync Proxy
Device Profile: Pass● Email● Browser● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VMActiveSync Proxy
● DLP/DRM/encryption ● Device controls
API Control External Sharing Blocked● Block external shares● Alert on DLP events
Device Profile: Fail● Mobile Email● Browser● Contextual multi-factor auth
typical use casereal-time data protection on any device
STORYBOARDS
use case 1: real-time saas data protection
■ real-time inline data protection
■ leverage proxies to control access to any app on unmanaged devices
■ external sharing control via API
■ integrated data leakage prevention
STORYBOARDS
secure office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing
■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control ■ DLP policy enforcement at upload or
download■ Quarantine externally-shared sensitive
files in cloud ■ Controlled unmanaged device access
fortune 50 healthcare
firm
STORYBOARDS
client:■ 15,000 employees in 190+ locations
globallychallenge:
■ Mitigate risks of Google Apps adoption■ Prevent sensitive data from being stored
in the cloud■ Limit data access based on device risk
level■ Govern external sharing
solution: ■ Inline data protection for unmanaged
devices/BYOD■ Bidirectional DLP■ Real-time sharing control
secure google apps +
byod
business data giant
STORYBOARDS
use case 2: achieve regulatory compliance
■ upload + download dlp and encryption
■ protect regulated cloud data on byod
■ control over external share & sync
■ leverage integrated identity management to ensure secure auth
STORYBOARDS
US hospital system
client:■ 7000 employees in southeastern US
challenge: ■ Require HIPAA compliance with move to
public cloud■ Respect user privacy■ Support future O365 migration
solution:
■ DLP policies applied to PHI
■ Selective wipe, enforce device PIN and encryption
hipaa compliant
byod
STORYBOARDS
use case 3: agentless byod security
■ secure devices without invasive profiles or certificates
■ protect “unwrappable” cloud and native apps
■ selectively wipe corporate data
■ enforce device security policies
■ full data control and visibility for IT
STORYBOARDS
client:■ 8000 employees ■ s&p 500
challenge:
■ Lack of adherence to BYOD security measures
■ Failed MobileIron and SAP Afaria deployments
solution:
■ Bitglass Agentless – device / OS independent
■ Fast deployment
■ Logging for compliance with internal data security policies
■ Seamless integration with ActiveDirectory
fortune 500beverage
co.
byod security
STORYBOARDS
our mission
total data
protectionest. jan 2013
100+ customers
tier 1 VCs
STORYBOARDS
our solutions
cloud mobile breach
16
resources:more info about cloud security
■ bitglass report: cloud adoption by industry
■ case study: UNC Charlotte secures dropbox
■ case study: fortune 100 healthcare firm secure O365
STORYBOARDS
bitglass.com@bitglass