next-generation mobile security

Download Next-Generation Mobile Security

Post on 10-Feb-2017

180 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

Next-GenerationMobile Security

Rich CampagnaVP, ProductsBitglassMike SchurichtDirector, ProductsBitglass

STORYBOARDS

Brief History of BYOD

Source: http://www.google.com/trends/explore#q=byod

STORYBOARDSWill you buy a product on Amazon with 2.7 stars?

Brief History of BYOD Security

Source: http://www.google.com/trends/explore#q=byod

STORYBOARDSWill you buy a product on Amazon with 2.7 stars?

Where Are We Now?28%% of organization doing nothing to secure BYOD57%% of employees that refuse MDM/MAM for BYOD9%% of companies using MAM

STORYBOARDSWill you buy a product on Amazon with 2.7 stars?

Where Are We Now?

STORYBOARDSWill you buy a product on Amazon with 2.7 stars?

Where Are We Now?

What Went Wrong?

STORYBOARDSWill you buy a product on Amazon with 2.7 stars?

Its an adoption, NOT a rollout

STORYBOARDS

67%Would participate in BYOD if employer had no ability to view, alter, delete personal data & apps64%IT pros who believe agentless mobile security would make BYOD program more successful

STORYBOARDS

Evolution of Mobile Security

User privacy issuesDifficult to deploy and manageNo data protection or visibility

Manage the Device

STORYBOARDS

Evolution of Mobile Security

User privacy issuesDifficult to deploy and manageNo data protection or visibility

User privacy issuesCant use native apps (mail, browser)Cant use 3rd party (cloud) appsDifficult to deploy

Manage the Device

Wrap the App

STORYBOARDS

Evolution of Mobile Security

User privacy issuesDifficult to deploy and manageNo data protection or visibility

User privacy issuesCant use native apps (mail, browser)Cant use 3rd party (cloud) appsDifficult to deployPrivacy & UsabilityAny device, any app,Full control and visibilityDeploys in minutes, no software

Manage the Device

Wrap the App

Secure the Data

STORYBOARDS

By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution

Rob Smith, John Girard, and Dionisio Zumerle, How to Live With Unmanaged Devices, August 2015.

STORYBOARDS

Next-Gen Approach to Mobile Security

Data-centric securityNo user privacy concernsNo agents or MDM hassles

STORYBOARDSwhy no user reviews? Because Bitglass is transparent!

Bitglass Mobile Security

VisibilityAlerts, ReportingAudit LogsDLPPre-defined, Keywords, Regex

Track/WatermarkEncryptRedactBlockDRMAccess ControlDevice, Role, Geo, etcManaged vs unmanagedSelective Wipe

Full WipeAny Device, AnywhereNo Software AgentsTransparent to EmployeesRespect User Privacy

STORYBOARDSAt the point of access, three visibility and control functions come into play.1.Visibility - complete visibility into everything the user does when accessing protected apps. Capabilities range from detailed audit logs to suspicious or anomalous behavior detection and alerting. If Steve logs into Box from his iPhone in California, and then 5 minutes later, Steve logs into Salesforce from an Android phone in New York, well catch that.2.Contextual Access Control - the access control engine decides whether or not a given session given the broader context. Taking into account several variables - user, role, application, device, location, geography - the customer can decide whether or not to allow a session to be established, and once established, can vary the level of access the user has to the application.3.DLP - once access is granted, the Bitglass DLP engine decides, on a transaction by transaction basis, whether a user should be able to access and/or download sensitive data.Once access is granted, we offer range of data protection technologies. 1.At the most benign end is watermarking. Every office document that flows through has the log-line of the access smeared throughout the document. The watermark is active in that it calls home when the document is viewed. And the watermark is persistent in that it survives copying a paragraph from one document to another. If you find a leaked document, drop it in our console and you will find out who leaked it, and how it got there.2.At the most intrusive end is DLP; block, redact or warn on documents that contain sensitive information.3.In between watermarking and DLP is DRM - automatically encrypt documents that contain sensitive information with a key that is specific to each user. If the user forward the document within the company, the document gets decrypted and re-encrypted with the recipients key. If the user takes the the document out and forwards it by personal Gmail etc. the document remains encrypted.A key technology is our AJAX VM, which enables robust access to any app from any browser. The app runs in our AJAX-VM in the browser. SaaS vendor updates app, nothing breaks. Competing products break every time the app is updated affecting business continuity.

How It Works

Premise Apps

STORYBOARDS

Mobile Security - Traditional vs Next-GenMDM/MAM

1. Device SecurityDevice PIN lockEncrypted StorageFull Device Wipe

2. App SecurityCustom Apps/containersRestrict other appsSelective wipe custom apps

3. Poor Usability & Privacy

4. High Admin OverheadBitglass

1. Device SecurityDevice PIN lockEncrypted StorageFull Device Wipe

2. Data SecurityNative Apps, no agents Block/mask sensitive data (DLP)Containerize sensitive data (DRM)Selective wipe* native appsVisibility & Audit

3. Excellent Usability & Privacy

4. Low Admin Overhead*patents pending

STORYBOARDSAt the point of access, three visibility and control functions come into play.1.Visibility - complete visibility into everything the user does when accessing protected apps. Capabilities range from detailed audit logs to suspicious or anomalous behavior detection and alerting. If Steve logs into Box from his iPhone in California, and then 5 minutes later, Steve logs into Salesforce from an Android phone in New York, well catch that.2.Contextual Access Control - the access control engine decides whether or not a given session given the broader context. Taking into account several variables - user, role, application, device, location, geography - the customer can decide whether or not to allow a session to be established, and once established, can vary the level of access the user has to the application.3.DLP - once access is granted, the Bitglass DLP engine decides, on a transaction by transaction basis, whether a user should be able to access and/or download sensitive data.Once access is granted, we offer range of data protection technologies. 1.At the most benign end is watermarking. Every office document that flows through has the log-line of the access smeared throughout the document. The watermark is active in that it calls home when the document is viewed. And the watermark is persistent in that it survives copying a paragraph from one document to another. If you find a leaked document, drop it in our console and you will find out who leaked it, and how it got there.2.At the most intrusive end is DLP; block, redact or warn on documents that contain sensitive information.3.In between watermarking and DLP is DRM - automatically encrypt documents that contain sensitive information with a key that is specific to each user. If the user forward the document within the company, the document gets decrypted and re-encrypted with the recipients key. If the user takes the the document out and forwards it by personal Gmail etc. the document remains encrypted.A key technology is our AJAX VM, which enables robust access to any app from any browser. The app runs in our AJAX-VM in the browser. SaaS vendor updates app, nothing breaks. Competing products break every time the app is updated affecting business continuity.

Rich Campagnarich@bitglass.com@richcampagnaMike Schurichtmschuricht@bitglass.com@MikeSchuricht

STORYBOARDS

Recommended

View more >