For enterprises looking to protect cloud app data, Cloud Access Security Brokers (CASBs) have quickly emerged as the go-to solution. But how have CASBs matured and encompassed critical pieces of the security puzzle, from identity management to data leakage prevention?
Join Bitglass and (ISC)2 for Episode 1 of the CASB Wars webinar trilogy for a discussion about the evolution of CASBs from app discovery to complete cloud security suites and basic API-based controls to more capable multi-protocol proxies.
4. STORYBOARDS
shadow IT
gain visibility into your org’s cloud usage
■ Identify unsanctioned apps in
use in your organization
○ Understand risk profiles
of these frequently used
apps
■ Intelligent, time-saving alerts
out of the box
6. STORYBOARDS
data-at-rest in the cloud
api control
visibility and control of cloud data
● DLP scans & quarantine
● modify sharing permissions
● watermark, DRM, redact, encrypt
● proxy-accelerated API-scans
6
7. STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office
2016 on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:
complex, costly, and doesn’t work across apps
8. STORYBOARDS
shadow
IT
API-based
approach
API + in-
line
A New Hope:
The Rebels emerged with a new way to secure SAAS applications with an
agentless in-line approach. The old republic (empire) methods were still
used to maintain balance with the force.
9. STORYBOARD
how casb security works
reverse proxy
■ unmanaged device controls without agents
forward proxy
■ managed devices controls
activesync proxy
■ secure email, calendar, etc on any mobile
device
■ device level security - wipe, encryption, PIN
etc
10. STORYBOARDS
casb security
a data-centric approach
■ Cloud data doesn’t exist only “in the
cloud”
■ IT must protect data at access and on
any device
○ Granular DLP
○ Context-aware to distinguish between
users, device type, more
11. STORYBOARDS
3
top MDM vendors
do not use their
own product
Bitglass BYOD Security Survey 2015
MDM is
obsolete
67%
would participate
in BYOD if IT
couldn’t access
personal data &
apps
38%
of IT professionals
don’t participate
in their own BYOD
security programs
12. STORYBOARDS
mobile security
cloud and mobile are inseparable
■ IT must enable secure access to cloud
apps from any device
■ BYOD poses a threat to data security
due to a lack of visibility and control
after download
■ CASBs accommodate user BYOD
13. STORYBOARDS
casb identity
centralized identity management is key in securing data
■ CASBs offer integrated identity
management across apps
■ Limit potential breaches with step-up
multifactor auth for high risk logins
14. STORYBOARDS
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared
sensitive files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm
15. STORYBOARDS
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps
adoption
■ Prevent sensitive data from being
stored in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
secure
google
apps +
byod
business
data giant
17. resources:
more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure
O365
“By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner
Inseparable