5 Highest-Impact CASB Use Cases
•Als PPTX, PDF herunterladen•
4 gefällt mir•4,246 views
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations. This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie 5 Highest-Impact CASB Use Cases
Ähnlich wie 5 Highest-Impact CASB Use Cases (20)
Mehr von Netskope
Mehr von Netskope (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
5 Highest-Impact CASB Use Cases
- 1. Netskope © 2015, Optiv Security Inc. © 2015 5 Highest-Impact CASB Use Cases Bob Gilbert, Chief Evangelist Netskope
- 2. Netskope © 2015, Optiv Security Inc. © 2015 “By 2017, organizations that have made a strategic decision to invest in cloud applications for mission-critical workloads will consider CASBs to be an essential security control.” © 2016 Netskope. All Rights Reserved. 2
- 3. © 2016 Netskope. All Rights Reserved. What is a Cloud Access Security Broker? 3 • Defined by Gartner in 2012; • Cloud-based or on-premises; • Sits between user and cloud app; • Visibility and control of cloud apps as they are accessed; • Example policies: Authorization, encryption, tokenization, logging, alerting, authentication
- 4. © 2016 Netskope. All Rights Reserved. Gartner’s Four Pillars of CASB 4 VISIBILITY DATA SECURITY COMPLIANCE THREAT PROTECTION
- 5. What is driving the need for a CASB? 5
- 6. Netskope © 2015, Optiv Security Inc. © 2015 There are 22,000 enterprise apps today (and growing).
- 7. © 2016 Netskope. All Rights Reserved. 917 Apps Per Enterprise – It’s Easy to Buy and Use Them! 7 10% 70% 20% MostlyUnsanctionedSanctioned IT-led Business-led User-led
- 8. © 2016 Netskope. All Rights Reserved. How Much of Your Business Data is in the Cloud? 8 30%
- 9. Data Breaches Failed Audits = Fines, Penalties Loss or Theft of IP or Sensitive Data Loss of Reputation, Business Disruption © 2016 Netskope. All Rights Reserved. 9
- 10. © 2016 Netskope. Company Confidential Four ways users interact with cloud apps (Office 365 example) 10 Web Browser Mobile App App Ecosystem Sync Client
- 11. © 2016 Netskope. Company Confidential Safe cloud enablement starts with covering all sources 11 Browser Sync Client Mobile App App Ecosystem • Are risky activities taking place? • Is sensitive data leaking? Where? • Do users with unmanaged devices have the same level of access as users with managed devices? • What is your exposure to threats such as malware or ransomware?
- 12. 5 Highest-Impact CASB Use Cases
- 13. Use Case #1 Discover cloud apps, find sensitive data, and assess risk
- 14. 14 1. Find all cloud apps and report on enterprise-readiness of each cloud app using 45+ criteria 2. Report on sensitive data being shared publicly and outside your company 3. Deployment requirements typically include logs, TAP mode, or inline for apps and APIs for data CASB Requirements
- 15. Use Case #2 Prevent data exfiltration from sanctioned to unsanctioned cloud apps Source: AT&T Cybersecurity Insights
- 16. 16 CASB Requirements 1. Inline deployment options to get access to both sanctioned and unsanctioned cloud traffic 2. Ability to decode details in real-time about activity and data 3. Ability to associate personal and corporate cloud app account credentials 4. Ability to correlate events and perform anomaly detection 5. Need to see cloud usage details from browsers, sync clients, and mobile apps
- 17. Use Case #3 Allow cloud apps instead being forced to block them outright
- 18. 18 1. See detail about real-time activities across all cloud apps 2. Support for category-level policies such as ‘social media’ 3. Cloud DLP engine to focus your policy on specific data and use cases 4. Ability to apply context to your policies CASB Requirements
- 19. Use Case #4 Provide granular access control for managed and unmanaged devices
- 20. 20 1. Ability to classify managed vs. unmanaged devices 2. Ability to set policies based on device classification 3. Support for granular policies based on device classification CASB Requirements
- 21. Use Case #5 Find malware in sanctioned apps, remediate, and reverse attack fan-out
- 22. 22 1. Ability to scan sanctioned cloud apps for various malware types and quarantine the files 2. Ability to replace the eradicated malware with a tombstone file, letting the user know of the action taken CASB Requirements
- 23. The Leading Cloud Access Security Broker Allow cloud apps instead being forced to block them outright Prevent data exfiltration across all cloud apps Discover cloud apps, find sensitive data, and assess risk Provide granular access control for managed and unmanaged devices Find malware in sanctioned apps, remediate, and reverse attack fan-out Don’t leave users in the dark, coach them on safe usage ✓ ✓ ✓ ✓ ✓ ✓
- 24. Netskope © 2015, Optiv Security Inc. © 2015 THANK YOU!
Hinweis der Redaktion
- Official Gartner definition: CASBs are on-premises, or cloud-based, security policy enforcement points placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, SSO, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
- There are more than 900 cloud apps per enterprise, on average. If we look at how these applications make their way into the enterprise, about 10% are sanctioned by IT and include apps such as Office 365, Salesforce, Box, and a variety of business applications. IT often doesn’t know about the other 90%. Those fall under the Shadow IT category. Shadow IT is created by apps being brought in by users and lines-of-business, who today feel more empowered than ever because apps are easy to get and use. Whether sanctioned or Shadow IT, many of these apps has an important, and sometimes critical, role to play in the success of your organization.
- The real question, though, is how much of your data is in these apps? What do you think? [build] Last year we did a study with Ponemon to examine the impact the cloud has on the probability and economic impact of a data breach. One of the question we asked IT and security professionals was how much business data they believe is in the cloud. Their (self-reported) estimate is about 30 percent. [build] Whether it’s 30 percent or more than that, it’s only going up from here.
- Discover Cloud Apps and Assess Risk Show App Analytics page and go over top-level stuff we report on (number of app, users, etc.) Pivot to the CCI and talk about how to assess your risk associated with the cloud apps discovered Filter by cloud apps discovered, cloud storage category, and CCI score of poor Zoom into the app Droplr and talk about the 45+ criteria across 7 categories Key point to stress: Discovery is often the starting point for many of our customers. Netskope’s advanced Discovery can help you assess your risk, do due diligence on new cloud apps that you may be considering bringing into your organization, or perhaps getting your arms around what your cloud spend is. Show the demo when the wheel lands on: Find or Inspect
- Advanced Enterprise DLP Show data exfiltration and infiltration use case slide Show a DLP rule where we look for a previous employer and the word confidential Show a document that is sensitive and try to upload it to sanctioned Box Policy is triggered and block message appears (use short video) Key point to stress: Netskope provides the most powerful cloud DLP solution. Not only does it support for than 3,000 data identifiers, 500+ file types and advanced features like proximity and Exact Match, but you can also uniquely apply our DLP and leverage deep context to scan content tied to a real-time activity for both sanctioned and unsanctioned apps as well as content that is resident in sanctioned apps. Show the demo when the wheel lands on: Secure or Encrypt (change action to encrypt)
- Step 1: As we discussed previously, you need to get a handle on what cloud apps are running in your environment and measure each one’s enterprise-readiness using 40+ factors.
- Step 2: The next step is to understand how those cloud apps are being used. You need visibility into the details of what the activities are taking in account contextual details such as the app, user, specific activity, and device that was used.
- Active Threat Protection Show malware attack fan-out animation Show Box folder being shared with 70+ people and how many of them have sync clients Drag a malware test file to Box and show how it propagates to the local sync clients belonging to the users that have accepted the share Introduce Active Threat Protection - how you enable it in tenant and how it scans app instances and quarantines malware (mock-up dashboard) Summarize and also talk about how the malware that has been spread to sync clients is replaced by a safe tombstone file Key point to stress: This demo is the first phase of our Active Threat Protection, which is about finding and quarantining malware in sanctioned cloud apps. We recently announced Active Threat protection, supporting the ability to find and remediate malware and threats in real-time as they are uploaded, downloaded, or shared across unsanctioned or sanctioned cloud apps. Show the demo when the wheel lands on: Protect
- Advanced Enterprise DLP Show data exfiltration and infiltration use case slide Show a DLP rule where we look for a previous employer and the word confidential Show a document that is sensitive and try to upload it to sanctioned Box Policy is triggered and block message appears (use short video) Key point to stress: Netskope provides the most powerful cloud DLP solution. Not only does it support for than 3,000 data identifiers, 500+ file types and advanced features like proximity and Exact Match, but you can also uniquely apply our DLP and leverage deep context to scan content tied to a real-time activity for both sanctioned and unsanctioned apps as well as content that is resident in sanctioned apps. Show the demo when the wheel lands on: Secure or Encrypt (change action to encrypt)