Interested in how Cloud Access Security Brokers are being deployed by organizations in several industries? Learn about how Cloud, Mobile, and Discovery solutions are used by Bitglass customers.
3. STORYBOAR
native security features can’t be relied upon:
the data blind spot
components
usage/consumption
data
application
services
servers & storage
network
layer
data
application
infrastructure
owner
enterprise
6. STORYBOAR
casb security:
a data-centric approach
the new data reality requires a new security
architecture
■ cross-device, cross-platform agentless data
protection
■ granular DLP for data at rest and in motion
■ contextual access control
■ detailed logging for compliance and audit
7. STORYBOAR
managed
devices
application access access control data protection
unmanaged
devices / byod
in the cloud
Forward Proxy
ActiveSync Proxy
Device Profile: Pass
● Email
● Browser
● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VM
ActiveSync Proxy
● DLP/DRM/encryption
● Device controls
API Control External Sharing Blocked
● Block external shares
● Alert on DLP events
Device Profile: Fail
● Mobile Email
● Browser
● Contextual multi-factor auth
typical use case:
real-time data protection on any device
8. STORYBOAR
real-time enterprise saas data protection
■ real-time inline data protection
■ leverage reverse proxy to control access to
any app on unmanaged devices
■ integrated DLP engine
9. STORYBOAR
business
data giant
needs:
■ secure Google Apps
■ limit data access based on device
risk level
■ control external sharing
key features:
■ inline data protection for
unmanaged devices/byod
■ bidirectional DLP
■ real-time sharing control
■ 20,000
employees
■ global
10. STORYBOAR
UNC
Charlotte
situation:
■ dropbox used campuswide by
faculty and staff for
internal/external file sharing
needs:
■ cross platform data protection
■ secure mobile access
key features:
■ visibility
■ contextual access control
■ DLP / data controls
11. STORYBOAR
achieve regulatory compliance
■ upload + download dlp and encryption
■ protect regulated cloud data on byod
■ control over external share & sync
■ leverage integrated identity management
to ensure secure auth
12. STORYBOAR
situation:
■ inadequate native O365 security
needs:
■ secure email on mobile
■ control file sharing and storage
key features:
■ real-time protection
■ visibility / audit
■ agentless BYOD
■ integrated DLP
fortune 100
healthcare
firm
■ 30,000
employees
■ global
13. STORYBOAR
situation:
■ require HIPAA compliance
with move to public cloud
needs:
■ respect user privacy
■ support future O365 migration
■ HIPAA compliance
key features:
■ DLP policies applied to PHI
■ selective wipe, enforce device
PIN and encryption
US
hospital
system ■ 2500+ employees
■ 160 locations
■ northeastern US
■ 7000
employees
■ southeastern
US
14. STORYBOAR
agentless byod security
■ secure devices without invasive profiles or
certificates
■ protect “unwrappable” cloud and native
apps
■ selectively wipe corporate data
■ enforce device security policies
■ full data control and visibility for IT
19. resources:
more info about cloud security
■ bitglass report: cloud adoption by industry
■ case study: UNC Charlotte secures dropbox
■ case study: major ad agency secures o365
20. download the fortune 100 healthcare firm case study
learn how a large
US-based
healthcare firm used
Bitglass to secure
Office 365 for its
30,000 global
employees
download the
case study
Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
The old approach to the problem is to secure the infrastructure.
Secure your network, put agents on every trusted device to manage the device etc.
Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday.
Malware Mondays!
and expensive to administer since you have to manage every device and network.
And usability is poor too.
One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
When talking to potential customers, sometimes this comes up. Aren’t cloud vendors already protecting their apps with native security features?
Very simple framework for thinking about this. WSJ test.
What are your top cloud security needs?
Discover unknown cloud apps and exfiltration
Control access
Enable secure BYOD
Prevent hacked user accounts
we think CASBs provide a better approach to cloud security.
It starts with discovery.
2500 employees
7000 employees
2500 employees
2500 employees
7000 employees
in: CA, NY, MA, IL, N
Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms
Global Manufacturer - Secure collaboration via cloud apps
Why Bitglass?
Ease of use
Document tracking, DLP
Pharmaceutical Company - Secure intellectual property in the cloud, at access and on device
Why Bitglass?
Visibility and protection, data tracking
Low deployment overhead
Large Healthcare Organization - HIPAA compliant mobile email
Why Bitglass?
DLP on BYOD, no S/W agents
Bitglass team responsiveness
Financial Services - Compliance & Security for customer data on Salesforce.com
Why Bitglass?
Full-strength data-at-rest encryption
Robust to app updates