![Page 1: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/1.jpg)
STORYBOARDS
DLPCloud vs On-
PremisesSalim HafidProduct [email protected]
Rich CampagnaVP, [email protected]
![Page 2: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/2.jpg)
STORYBOARDS
Vote #1
![Page 3: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/3.jpg)
STORYBOARDS
User wants access
Starbucks
Managed Device
Any Device...
Anywhere...
Unmanaged Device
CorporateNetwork
![Page 4: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/4.jpg)
STORYBOARDS
Enterprise wants security and control
Visibility and audit
Restrict data on unmanaged devices
Prevent hacked accounts
Prevent data leakage & control access
![Page 5: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/5.jpg)
STORYBOARDS
First Approach: Secure the Infrastructure
Firewall DLP
Web Proxy
VPN
HQ & Branch Office
Starbucks
ApartmentVPN
MDM
![Page 6: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/6.jpg)
STORYBOARDS
Traditional Data Loss Prevention (DLP)
Limited to managed devices and applications only
Assumes trusted devices - DLP on Outbound/Send traffic only
Content analysis - keyword matches, regular expressions, etc
Doesn’t handle out-of-band access (external/public sharing, etc) typical with cloud apps
No visibility into encrypted traffic from public cloud applications
Performance concerns - WAN latency with cloud apps
![Page 7: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/7.jpg)
STORYBOARDS
Vote #2
![Page 8: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/8.jpg)
STORYBOARDS
CASB Data Loss Prevention (DLP)
Support BYOD, public cloud apps in any access scenario• Ex: BYOD iPad from Starbucks accessing O365
Bidirectional scanning with contextual access control• Ex: Restrict credit card download to BYOD outside of US
Content analysis policies match/integrate via ICAP with Premises DLP
Control external sharing and API-based access to data• Ex: File shared publicly can be quarantined for analysis
Full decryption and analysis of cloud application data
Global, cloud-scale distributed infrastructure minimizes perf impact.
![Page 9: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/9.jpg)
STORYBOARDS
CASB Cloud DLPInbound Policy
Data, User, Device, Location
Any Cloud App
Email, Files
Outbound PolicySharing, Sending, etc
Email, Files
● Contextual DLP
● Any device, zero footprint
● Real-time, proxy-accelerated API scans
Modify sharing permissions, Watermark, DRM, Redact, Encrypt
![Page 10: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/10.jpg)
STORYBOARDS
● Reverse Proxy and ActiveSync○ Secure BYOD without agents
● Forward Proxy○ Enforce policies on managed
devices● API control
○ Watermark, DRM, Redact, Encrypt
How it worksComprehensive CASB Architecture
![Page 11: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/11.jpg)
STORYBOARDS
Typical Policy
Managed device
Application Access Access Control Data Protection
BYOD
In the Cloud
Forward ProxyActiveSync Proxy
Device Profile: Pass● Email● Browser● Thick clients
● Full Access
Reverse Proxy + AJAX VMActiveSync Proxy
● DLP/DRM/encryption ● Device controls
API Control External Sharing Blocked
● Block external shares● Alert on DLP events
Device Profile: Fail● Mobile Email● Browser
![Page 12: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/12.jpg)
STORYBOARDS
Policy
![Page 13: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/13.jpg)
STORYBOARDS
Bay Cove Human Services - Google Apps + HIPAA
2500 Employees
HIPAA Compliance with Google Apps and BYOD
● Secure Protected Health Information (PHI)● Remain HIPAA compliant with DLP, identity
management, mobile data protection
![Page 14: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/14.jpg)
STORYBOARDS
Ad Agency - O365 OneDrive
Protect unreleased creative files in OneDrive
● Visibility and control● Limit access from unmanaged devices; project team
members only● Prevent data leakage
200 EmployeesGlobal clients
![Page 15: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/15.jpg)
STORYBOARDS
Resources
1. Definitive Guide to Cloud Access Security Brokers http://pages.bitglass.com/definitive-guide-to-cloud-access-security-brokers.html
2. Bitglass Case Studies http://www.bitglass.com/resources#case_studies=1
3. Glass Class - Traditional DLP Limitations https://www.youtube.com/watch?v=ZXKvoqQCdNs
![Page 16: Bitglass Webinar - DLP: Content vs On-Premises](https://reader035.vdocuments.mx/reader035/viewer/2022062523/58ecfca61a28abc0088b45fb/html5/thumbnails/16.jpg)
STORYBOARDS
DLPCloud vs On-
PremisesSalim HafidProduct [email protected]
Rich CampagnaVP, [email protected]