1.
webinar
june 9
2016
8 questions to
ask when
evaluating a
cloud access
security broker

2.
STORYBOAR
the traditional
approach to
security is
inadequate

3.
STORYBOAR
security must
evolve to
protect data
outside the
firewall
cloud:
attack on SaaS
vendor risks
sensitive data
access:
uncontrolled
access from
any device
network:
data breach -
exfiltration &
Shadow IT
mobile:
lost device with
sensitive data
3

4.
STORYBOAR
CASB: a
better
approach to
cloud security
identity
discovery
data-centric
security
mobile

5.
STORYBOAR
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
1. how does the solution differ from security built into
cloud apps?
app vendor

6.
STORYBOAR
2. does the solution protect cloud data end-to-end?
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility
and control over data in the cloud
■ Solution must also protect data on end-
user devices
■ Leverage contextual access controls

7.
STORYBOAR
3. can the solution control access from both managed &
unmanaged devices?
reverse proxy
■ unmanaged devices - any device, anywhere
■ no software to install/configure
forward proxy
■ managed devices - inline control for installed apps
■ agent and certificate based approaches
activesync proxy
■ secure email, calendar, etc on any mobile device
■ no software to install/configure
■ device level security - wipe, encryption, PIN etc

8.
STORYBOAR
4. does the solution provide real-time visibility and
control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users,
managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove
share, etc) required to mitigate overall risk

9.
STORYBOAR
5. can the solution encrypt data at upload?
■ Encryption must preserve app functionality
■ Encryption must be at full strength, using
industry standard encryption (AES-256, etc)
■ Customer managed keys required

10.
STORYBOAR
6. does the solution protect against unauthorized
access?
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ Cross-app visibility into suspicious access
activity with actions like step-up multifactor
authentication

11.
STORYBOAR
7. can the solution help me discover risky traffic on my
network, such as shadow IT and malware?
■ Analyze outbound data flows to
learn what unsanctioned SaaS
apps are in use
■ Understand risk profiles of
different apps

12.
STORYBOAR
8. will the solution introduce scale or performance
issues?
■ Hosted on high-performance, global cloud
infrastructure to introduce minimal latency
■ Security should not get in the way of user
experience/productivity

13.
STORYBOAR
about
bitglass
total
data
protection est. jan
2013
100+
customer
s
tier 1
VCs

14.
STORYBOAR
bitglass
solutions
cloud mobile breach
14

15.
STORYBOAR
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm

16.
STORYBOAR
client:
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored
in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure
google
apps +
byod
business
data giant

17.
resources:
more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure O365

18.
STORYBOAR
bitglass.com
@bitglass