casbs: critical capabilities - in partnership with isc(2)
TRANSCRIPT
webinarmar 10
2016
cloud access security brokers:critical
capabilities
■ challenges ■ what is a casb■ about us
STORYBOARDS
the traditional approach to
security is inadequate
STORYBOARDS
native security features can’t be relied upon:the data blind spot
componentsusage/consumption
dataapplication
servicesservers & storage
network
layer
data
application
infrastructure
owner
enterprise
STORYBOARDS
security must evolve
to protect data outside the firewall
cloud:attack on
SaaS vendor risks
sensitive data
access:uncontrolled access from any device
network:data breach - exfiltration &
Shadow IT
mobile:lost device
with sensitive data
5
■ challenges ■ what is a casb■ about us
STORYBOARDS
CASB: a better approach to cloud security
identity
discovery
data-centric security
mobile
STORYBOARDS
casb discovery:gain visibility into your org’s cloud usage■ analyze outbound data flows
to learn what SaaS apps your organization is using
■ understand risk profiles of different apps
■ essential in process of enabling secure cloud app usage
STORYBOARDS
casb security:a data-centric approach
the new data reality requires a new security architecture
■ cross-device, cross-platform agentless data protection
■ granular DLP for data at rest and in motion
■ contextual access control
■ detailed logging for compliance and audit
STORYBOARDS
mobile security cannot be overlooked:protect data across all devices, managed and unmanaged
■ demand for byod continues to rise
■ employees have rejected mdm and mam
■ IT must securely enable access to frequently used apps
STORYBOARDS
casb identity:centralized identity management is key in securing data
■ cloud app identity management should maintain the best practices of on-prem identity
■ limit potential breaches with contextual multi-factor auth for high risk logins
STORYBOARDS
managed devices
application access access control data protection
unmanaged devices /
byod
in the cloud
Forward ProxyActiveSync Proxy
Device Profile: Pass● Email● Browser● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VMActiveSync Proxy
● DLP/DRM/encryption ● Device controls
API Control External Sharing Blocked
● Block external shares● Alert on DLP events
Device Profile: Fail● Mobile Email● Browser● Contextual multi-factor auth
typical use case:only CASB with real-time data protection on any device
STORYBOARDS
fortune 50conglomerate
use case:
■ office 365 access control
why bitglass:
■ controlled access from any device (ajax-vm)
■ transparent deployment
■ 30,000 employees
■ 100s of locations globally
■ challenges ■ what is a casb■ about us
STORYBOARDS
our mission
total data
protection
STORYBOARDS
our solutions
cloud mobile discovery
STORYBOARDSData Exfiltration (Malware hosts, TOR, Phishing…)
Integrated Identity & SSO
Mobile SecurityActiveSync Proxy
Visibility & Control: Data-at-restAPI integration
Data Protection Watermarking, Encryption,
DLP, DRM
Access ControlForward Proxy
Reverse Proxy + AJAX-VM
Cloud Encryptio
n
ShadowIT
Access Control SAML Proxy
the only casb withreal-time inline data protection on any device
out of band
in band
STORYBOARDS
trusted at over 100
enterprises
healthcare
finance
pharmaceutical
manufacturing
media
higher ed
resources:more info about cloud security
■ definitive guide to casbs
■ bitglass report: project cumulus
■ glass class: cloud security priorities for 2016
download the gartner market guide to casbs
with predictions and recommendations, the market guide is an essential resource for formulating your CASB strategy
download the report
STORYBOARDS
bitglass.com@bitglass