closing the cloud security gap with a casb (in partnership with forrester)

Total Data ProtectionOutside the Firewall

webinar

closing the cloud

security gap with a

Rich Campagn

aVP of Products

Andras CserVP, Principal

Analyst

guest speaker:

Cloud Pulls the CISO in Many Directions

CISO and Security

Organization Changes, aka

Uneven Handshake

2. LOB procures

cloud services

1. Cloud Offers

Irresistible Benefits

5. Security Struggles to

Reduce Cloud Security Risks

4. Data Center Is Loosely Coupled

3. CISO Can’t Say ‘No’ All the

Cloud Security Means a Lot of Things to a Lot of People

› Security To the Cloud - how can employees securely interface with our Cloud Providers?

› Security In the Cloud - how can a Cloud Provider (MSFT, Salesforce) prove that they are secure?

› Security From the Cloud - how can we secure data accessed from the cloud?

› Organizational Implications - how cloud changes our IT security organization?

Why Cloud Security is like a two component glue, a unique blend:

A: The Cloud is not just a new delivery platform

B: Cloud Security is NOT just extending existing security to the cloud

The dual nature of cloud security

General Challenges with SaaS Security

› Ease of Use› Cloud security should not inhibit usage

› Inconsistent Control› You don’t own the app or infrastructure; data moves beyond the

firewall

› Controlling Access› Any user, any device can connect to cloud over public networks

› The “share” button!

› Cloud Proliferation› Whack-a-mole use of built-in app security controls is a losing

proposition.

Technology challenges with SaaS Security

› Access controls

› Limited and inconsistent native security

› Information Rights Management

› Identity and Access Management (IAM) and Privileged Identity Management (PIM)

› Log and event management

How do we avoid this?

When it comes to responsibilities…

Cloud Does NOT Shift the Responsibility of Data Protection

“When data is transferred to a cloud, the responsibility for protecting and

securing the data typically remains with the collector or custodian of that data.”

Cloud Security Alliance, Guidance v3.0 X

Who’s Responsible for SaaS Security?

Consciously Building the Cloud Data Protection Onion

Discovery and Tagging

Risk Assessment

Encryption on Premise

Data Leakage Prevention

Encryption in transit

Identity Context

Encryption at Cloud Vendor

› Why do it?› We are moving our entire IT portfolio to the

cloud, can data protection follow and how?› How much should we pay for it?› Does CSG support our application portfolio?› How does it do provisioning?

Common questions Forrester gets about CSG

› Moving to the cloud is not optional› Compliance mandates: SOX, GLBA, HIPAA, HITECH,

FERC/NERC› Cloud cannot increase overall organizational risk› Privacy and data protection concerns mounting› Insider threats› Companies must discover, control and secure shadow IT› BYOD and “mobile first” is key

Why CSG is important to Forrester customers

Drivers for CSG Implementation

InformationRisk

Efficiency

Compliance

Flexibility

› S&R pros must control data dissemination› Scan and protect data at upload and download› Allow employees to work anywhere/any device› YOU are responsible for security of your data in the

cloud › Don’t blindly trust cloud app vendors’ built-in security› Discover risky unsanctioned cloud apps

Requirements for CSG

Source: Forrester Research World Cloud Security Solutions Forecast, 2015 To 2020 (Global)

› Increased investment in Cloud Security› Support for multi-cloud deployments› (CASB) CSG = CDP + CASI + Cloud Data Governance› Hybrid Proxy + API + Log management preferred› Machine Learning/UBA to play a prominent role› IAM integration is a must› SIEM integration broadens› Cloud Data Governance: reviews, campaigns, roles, SoD

checks

Forrester’s Cloud Security Predictions

about bitglass

total data

protectionest. jan 2013

CA, NY, MN, MA, IL, NC

tier 1 VCs

our solutions

cloud mobile breach

secure office 365

+ byod

client:

■35,000 employees globally

challenge:

■Inadequate native O365 security■Controlled access from any device■Limit external sharing■Interoperable with existing

infrastructure, e.g. Bluecoat, ADFS

solution:

■Real-time data visibility and control ■DLP policy enforcement at upload or

download■Quarantine externally-shared sensitive

files in cloud ■Controlled unmanaged device access

fortune 50 healthcare

client:

■15,000 employees in 190+ locations globally

challenge:

■Mitigate risks of Google Apps adoption

■Prevent sensitive data from being stored in the cloud

■Limit data access based on device risk level

■Govern external sharing

solution:

■Inline data protection for unmanaged devices/BYOD

■Bidirectional DLP■Real-time sharing control

secure google apps +

business data giant

Thank You!

Andras Cser+1 617.613.6365acser@forrester.com

Rich Campagna+1 408.203.7090

rich@bitglass.com

@bitglass

closing the cloud security gap with a casb (in partnership with forrester)

Technology

my forrester

the forrester wave™: enterprise public forrester...the...

casb rooms 117 and 144...

the avanan casb

forrester engagement

finding forrester

forrester whitepaper

forrester - accommodation

casb presentation: the roc - a roadmap for optimizing...

forcepoint casb and aws security hub - integration guide ·...

casb info pack

5 highest-impact casb use cases

paul da silva sales engineer , eastern canada...dlp 8.5:...

forrester healthcare

casb ds- 1 - public contracting institute

casb ds- 1

leadership workbook - casb

forcepoint casb and azure sentinel - integration guide ·...

casb pipework modelling rev 2.0

whitepaper lookout casb