Enterprises are migrating to the cloud in droves, taking advantage of lower costs, easy deployment, and improved infrastructure security. Protecting data in the cloud, however, remains a challenge as employees push to access cloud apps from any device, anywhere.
In this webinar, Michael Ball, CISO at AGF Investments and Rich Campagna, VP of Products at Bitglass, will discuss the evolution of Cloud Access Security Brokers (CASBs), from app discovery tools to mature solutions that now provide deep visibility and control over data across all cloud apps. Michael and Rich will also highlight real-world CASB deployments and how major organizations are leveraging these solutions to protect data end to end, from cloud to device.
5. “The CASB Market has quickly become a
compelling cloud security control platform
for organizations of all sizes adopting
cloud services”
Craig Lawson, Neal MacDonald, Brian Lowans and Brian Reed, “MarketGuide for Cloud Access Security Brokers” October 2016.
9. STORYBOAR
cloud apps can be secure:
but will they protect everything?
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
9
cloud app
vendor
10. STORYBOAR
gartner recommendations
look for CASBs that:
■ support 12-18 month cloud app plans
■ enable usage patterns (ex: BYOD)
■ integrate with network & existing controls (proxies, SIEM, DLP, etc)
■ support security reqmts (ex: real-time proxy vs API)
■ ease compliance burden
11. STORYBOAR
client
■ 180,000 employees
■ Among the largest US healthcare orgs
challenge
■ HIPAA Compliant cloud and mobile
■ Controlled access to Office 365 from managed &
unmanaged devices
■ Control external sharing
■ Real-time inline data protection
solution
■ Real-time inline protection on any device
■ Contextual access control on managed &
unmanaged devices (Omni)
■ Real-time DLP on any device
■ API control in the cloud
■ Agentless BYOD with selective wipe
■ Enterprise-wide for all SaaS apps
secure
office 365
+ byod
major
healthcare
firm
12. STORYBOAR
secure
salesforce +
office 365
12
client
■ 20,000 employees
■ Global presence
■ $6T in assets under management
challenge
■ Needed complete CASB for enterprise-wide
migration to SaaS
■ Security for Office 365
■ Encryption of data-at-rest in Salesforce
solution
■ Searchable true encryption of data in Salesforce
■ Real-time inline DLP on any device (Citadel)
■ Contextual access control on managed &
unmanaged devices (Omni)
■ API control in the cloud
■ Discover breach & Shadow IT
financial
services
client
14. resources:
more info about office 365 security
■ gartner marketguide to CASBs
■ whitepaper: definitive guide to casbs
■ case study: fortune 100 healthcare firm secures o365
(Rich) Intros
(Michael) high level commentary on evolution of the space over 12 months (primarily a discovery tool for shadow IT to a data protection tool for major apps like O365).
what best describes your organization’s current public cloud strategy?
Cloud only
Cloud first
Cloud sometimes
Cloud if we have to
Cloud never
(Rich) covers explosion of SaaS in the enterprise, leveraging Bitglass Cloud Adoption Report data
Asks Michael whether there is any sign of things slowing down in discussions amongst his peers.
Also asks what the remaining concerns are (focus on securing use of the cloud as opposed to whether or not the cloud can be secure).
Rich asks Michael for commentary on consolidation in the space.
What are your top cloud security concerns?
Cloud data-at-rest protection
Unmanaged device access
External sharing & collaboration
Credential compromise
Other
None
Michael to talk about his 4 areas, then pass to Rich for how CASBs meet this and where you need third party
Access Control - perimeter controls
DLP vs in-house and how it has evolved to meet needs.
MDM capabilities, Identity/SSO
Cloud application built-in security pros/cons - cross app limitations, inconsistency, dual controls models, others?
Rich asks Michael for the CISOs view here - “Set of specific controls varies from one app to the next, but generically, what are the things that you think about as a CISO?”
in: CA, NY, MA, IL, N
(Rich) Intros
(Michael) high level commentary on evolution of the space over 12 months (primarily a discovery tool for shadow IT to a data protection tool for major apps like O365).