webinaraugust 17

2016

the security gap:

protecting healthcare

data in o365

poll:what is your

biggest concern with

moving to o365?

STORYBOARDS

office 365 is the leading SaaS productivity suite:market share has tripled year over year

2014 2015

google apps office 365

other

16.3%

7.7%

76%

22.8%

25.2%52%

STORYBOARDS

the traditional approach to

security is inadequate

STORYBOARDS

the office 365 security stackshared responsibility model

enterprise(CASB)

end-user devicesvisibility & analytics

data protectionidentity & access control

applicationstorageserversnetwork

STORYBOARDS

healthcare security needs:mitigating threats while empowering users

■ Visibility and control over corporate data■ Restrict access on unmanaged devices■ Prevent account hacking■ Limit external sharing

STORYBOARDS

components of o365 security

identity

cloud

access

mobile

STORYBOARDS

cloud and access:

■ External sharing is made easier than ever with Office 365

■ Granular access controls should be based on context (e.g. device type, user, geo)

■ DLP is critical to securing PHI in risky contexts○ Complete security solutions should

be content-aware, apply DLP at download

STORYBOARDS

mobile:protect data across all devices, managed and unmanaged

■ Demand for byod continues to rise

■ Employees have rejected mdm and mam

■ IT must securely enable access to frequently used apps

STORYBOARDS

identity:centralized identity management is key to securing data

■ Cloud app identity management should maintain the best practices of on-prem identity

■ Limit potential breaches with contextual multi-factor auth for high risk logins

STORYBOARDS

■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD

■ High operational overhead - Complex to configure and maintain

■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs

■ High cost - Must have top of the line license

■ Point solution - Support focused on Office 365, what about other cloud apps?

office 365 native dlp limitations

STORYBOARDS

casb security:a data-centric approach

o365 requires a new security architecture

■ cross-device, cross-platform agentless data security

■ real-time protection■ limit high-risk activities like external

file sharing

■ detailed logging for compliance and audit

STORYBOARDS

managed devices

application access mode data protection

unmanaged devices /

byod

in the cloud

● profile-agent● VPN+IP-restriction

● DLP/DRM/encryption ● Device controls, e.g PIN● Agentless Selective wipe● Client apps: allow/block ● OneDrive

● Sharepoint API● Quarantine DLP● Block external shares● Alert on DLP events

office 365 use casereal-time inline data protection on any device

Legacy Auth Apps e.g Office 2010

● Full access

Modern Auth Apps e.g Office 2013+

● profile agent● VPN+IP-restriction● certificates

● Full access

● Browser● ActiveSync Mail● Client apps

● Reverse-proxy + AJAX-VM● ActiveSync Proxy

STORYBOARDS

secure office 365 + byod

challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing

infrastructure, e.g. Bluecoat, ADFS

solution: ■ Real-time data visibility and control

powered by Citadel■ DLP policy enforcement at upload

or download■ Quarantine externally-shared

sensitive files in cloud ■ Controlled unmanaged device

access via Omni

fortune 50 healthcare firm

STORYBOARDS

challenge:

■ Existing solution, AT&T Toggle, was obsolete

■ HIPAA compliant BYOD■ Migration path to Office 365

solution: ■ Agentless deployment ■ Preservation of employee privacy■ DLP of PII, PCI & PHI

■ Selective wipe; device PIN & encryption

■ Improved mobility for care providers

major US hospital system

secure office 365 + byod

STORYBOARDS

our mission

total data

protection

resources:more info about office 365 security

■ whitepaper: definitive guide to casbs

■ case study: ad agency secures o365

■ infographic: cloud adoption in healthcare

STORYBOARDS

bitglass.com@bitglass