casbs: critical capabilities - in partnership with isc(2)

webinarmar 10

2016

cloud access security brokers:critical

capabilities

■ challenges ■ what is a casb■ about us

STORYBOARDS

the traditional approach to

security is inadequate

STORYBOARDS

native security features can’t be relied upon:the data blind spot

componentsusage/consumption

dataapplication

servicesservers & storage

network

layer

data

application

infrastructure

owner

enterprise

STORYBOARDS

security must evolve

to protect data outside the firewall

cloud:attack on

SaaS vendor risks

sensitive data

access:uncontrolled access from any device

network:data breach - exfiltration &

Shadow IT

mobile:lost device

with sensitive data

5

■ challenges ■ what is a casb■ about us

STORYBOARDS

CASB: a better approach to cloud security

identity

discovery

data-centric security

mobile

STORYBOARDS

casb discovery:gain visibility into your org’s cloud usage■ analyze outbound data flows

to learn what SaaS apps your organization is using

■ understand risk profiles of different apps

■ essential in process of enabling secure cloud app usage

STORYBOARDS

casb security:a data-centric approach

the new data reality requires a new security architecture

■ cross-device, cross-platform agentless data protection

■ granular DLP for data at rest and in motion

■ contextual access control

■ detailed logging for compliance and audit

STORYBOARDS

mobile security cannot be overlooked:protect data across all devices, managed and unmanaged

■ demand for byod continues to rise

■ employees have rejected mdm and mam

■ IT must securely enable access to frequently used apps

STORYBOARDS

casb identity:centralized identity management is key in securing data

■ cloud app identity management should maintain the best practices of on-prem identity

■ limit potential breaches with contextual multi-factor auth for high risk logins

STORYBOARDS

managed devices

application access access control data protection

unmanaged devices /

byod

in the cloud

Forward ProxyActiveSync Proxy

Device Profile: Pass● Email● Browser● OneDrive Sync

● Full Access

Reverse Proxy + AJAX VMActiveSync Proxy

● DLP/DRM/encryption ● Device controls

API Control External Sharing Blocked

● Block external shares● Alert on DLP events

Device Profile: Fail● Mobile Email● Browser● Contextual multi-factor auth

typical use case:only CASB with real-time data protection on any device

STORYBOARDS

fortune 50conglomerate

use case:

■ office 365 access control

why bitglass:

■ controlled access from any device (ajax-vm)

■ transparent deployment

■ 30,000 employees

■ 100s of locations globally

■ challenges ■ what is a casb■ about us

STORYBOARDS

our mission

total data

protection

STORYBOARDS

our solutions

cloud mobile discovery

STORYBOARDSData Exfiltration (Malware hosts, TOR, Phishing…)

Integrated Identity & SSO

Mobile SecurityActiveSync Proxy

Visibility & Control: Data-at-restAPI integration

Data Protection Watermarking, Encryption,

DLP, DRM

Access ControlForward Proxy

Reverse Proxy + AJAX-VM

Cloud Encryptio

n

ShadowIT

Access Control SAML Proxy

the only casb withreal-time inline data protection on any device

out of band

in band

STORYBOARDS

trusted at over 100

enterprises

healthcare

finance

pharmaceutical

manufacturing

media

higher ed

resources:more info about cloud security

■ definitive guide to casbs

■ bitglass report: project cumulus

■ glass class: cloud security priorities for 2016

download the gartner market guide to casbs

with predictions and recommendations, the market guide is an essential resource for formulating your CASB strategy

download the report

STORYBOARDS

bitglass.com@bitglass