casbs: 8 critical capabilities in partnership with ismg media group
TRANSCRIPT
© Information Security Media Group · www.ismgcorp.com© Information Security Media Group · www.ismgcorp.com
CASBs: 8 Critical Capabilities
Presented by
Rich CampagnaVP Products, Bitglass
© Information Security Media Group · www.ismgcorp.com
About Information Security Media Group
• Focused on providing information security content, specifically for unique vertical industries
• Publish articles, interviews, blogs, regulation & guidance alerts, and whitepapers
• Educational webinars offered daily
Global network of
25 SITESSubscribers from over
175 COUNTRIES
© Information Security Media Group · www.ismgcorp.com
Technical Support
(609) 356-1499 x115
Copyrighted MaterialUsed for individual study purposes only. If your institution is interested in using this, or any of Information Security Media Group’s presentations, as part of an
overall information security program, please contact us at (800) 944-0401.
© Information Security Media Group · www.ismgcorp.com
About Bitglass
Bitglass is a Cloud Access Security Broker (CASB) that provides more than 200 enterprises, in every major
vertical, with end-to-end data protection from the cloud to the device.
Bitglass enables enterprises to secure cloud apps like Office 365 and Salesforce, and internal apps like
Exchange and Sharepoint. Corporate data security policies can be enforced across multiple cloud
services. Mobile devices can be protected without the hassles of MDM.
© Information Security Media Group · www.ismgcorp.com
About the Speaker
Rich CampagnaVP Products, BitglassRich runs product management and marketing at Bitglass. Prior to joining Bitglass, Rich was senior director of product management at F5 Networks and at Juniper Networks, responsible for SSL VPN, NAC, and mobile security strategy. Rich started his career in sales engineering at Sprint.
Rich received an M.B.A. from the UCLA Anderson School of Management and a B.S. in electrical engineering from Pennsylvania State University.
STORYBOARDS
the traditional approach to
security is inadequate
STORYBOARDS
security must evolve
to protect data outside the firewall
cloud:attack on
SaaS vendor risks
sensitive data
access:uncontrolled access from any device
network:data breach - exfiltration &
Shadow IT
mobile:lost device
with sensitive data
7
STORYBOARDS
CASB: a better approach to cloud security
identity
discovery
data-centric security
mobile
STORYBOARDS
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
1.how does the solution differ from security built into cloud apps?
app vendor
STORYBOARDS
2. does the solution protect cloud data end-to-end?
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility and control over data in the cloud
■ Solution must also protect data on end-user devices
■ Leverage contextual access controls
STORYBOARDS
3. can the solution control access from both managed & unmanaged devices?
reverse proxy■ unmanaged devices - any device, anywhere■ no software to install/configure
forward proxy■ managed devices - inline control for installed
apps■ agent and certificate based approaches
activesync proxy■ secure email, calendar, etc on any mobile
device■ no software to install/configure■ device level security - wipe, encryption, PIN
etc
STORYBOARDS
4. does the solution provide real-time visibility and control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users, managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove share, etc) required to mitigate overall risk
STORYBOARDS
5. can the solution encrypt data at upload?
■ Encryption must preserve app functionality
■ Encryption must be at full strength, using industry standard encryption (AES-256, etc)
■ Customer managed keys required
STORYBOARDS
6. does the solution protect against unauthorized access?
■ Cloud app identity management should maintain the best practices of on-prem identity
■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication
STORYBOARDS
7. can the solution help me discover risky traffic on my network, such as shadow IT and malware?
■ Analyze outbound data flows to learn what unsanctioned SaaS apps are in use
■ Understand risk profiles of different apps
STORYBOARDS
8. will the solution introduce scale or performance issues?
■ Hosted on high-performance, global cloud infrastructure to introduce minimal latency
■ Security should not get in the way of user experience/productivity
STORYBOARDS
1. How does the solution differ from security built into cloud apps?
2. Does the solution protect cloud data end-to-end?
3. Can the solution control access from both managed & unmanaged devices?
4. Does the solution provide real-time visibility and control?
5. Can the solution encrypt data at upload?
6. Does the solution protect against unauthorized access?
7. Can the solution help me discover risky traffic on my network, such as shadow IT?
8. Will the solution introduce scale or performance issues?
recap: 8 questions to ask when evaluating a CASB vendor
STORYBOARDS
about bitglass
total data
protection est. jan
2013
200+ custome
rs
tier 1 VCs
STORYBOARDS
bitglass solutions
cloud mobile breach
19
STORYBOARDS
secure office
365 + byod
client:
■ 35,000 employees globally
challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution: ■ Real-time data visibility and control ■ DLP policy enforcement at upload
or download■ Quarantine externally-shared
sensitive files in cloud ■ Controlled unmanaged device
access■ Shadow IT & Breach discovery
fortune 50 healthcar
efirm
STORYBOARDS
client:
■ 15,000 employees in 190+ locations globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored in the cloud
■ Limit data access based on device risk level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure google apps +
byod
business data
giant
© Information Security Media Group · www.ismgcorp.com© Information Security Media Group · www.ismgcorp.com
Questions
Please use the following form for any questions or comments:
http://www.bankinfosecurity.com/webinar-feedback.php
Or contact us at: (800) 944-0401
© Information Security Media Group · www.ismgcorp.com© Information Security Media Group · www.ismgcorp.com
Thank You for Participating!Please use the following form for any questions or comments:
http://www.bankinfosecurity.com/webinar-feedback.php
Or contact us at: (800) 944-0401