Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

8 questions to ask when evaluating a Cloud Access Security Broker

Cargando en…3

Eche un vistazo a continuación

1 de 18 Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (20)


Similares a 8 questions to ask when evaluating a Cloud Access Security Broker (20)

Más de Bitglass (16)


Más reciente (20)

8 questions to ask when evaluating a Cloud Access Security Broker

  1. 1. webinar june 9 2016 8 questions to ask when evaluating a cloud access security broker
  2. 2. STORYBOAR the traditional approach to security is inadequate
  3. 3. STORYBOAR security must evolve to protect data outside the firewall cloud: attack on SaaS vendor risks sensitive data access: uncontrolled access from any device network: data breach - exfiltration & Shadow IT mobile: lost device with sensitive data 3
  4. 4. STORYBOAR CASB: a better approach to cloud security identity discovery data-centric security mobile
  5. 5. STORYBOAR enterprise (CASB) end-user devices visibility & analytics data protection identity & access control application storage servers network 1. how does the solution differ from security built into cloud apps? app vendor
  6. 6. STORYBOAR 2. does the solution protect cloud data end-to-end? ■ Cloud data doesn’t exist only “in the cloud” ■ A complete solution must provide visibility and control over data in the cloud ■ Solution must also protect data on end- user devices ■ Leverage contextual access controls
  7. 7. STORYBOAR 3. can the solution control access from both managed & unmanaged devices? reverse proxy ■ unmanaged devices - any device, anywhere ■ no software to install/configure forward proxy ■ managed devices - inline control for installed apps ■ agent and certificate based approaches activesync proxy ■ secure email, calendar, etc on any mobile device ■ no software to install/configure ■ device level security - wipe, encryption, PIN etc
  8. 8. STORYBOAR 4. does the solution provide real-time visibility and control? ■ Apply granular DLP to data-at-rest and upon access ■ Context-awareness should distinguish between users, managed and unmanaged devices, and more ■ Flexible policy actions (DRM, quarantine, remove share, etc) required to mitigate overall risk
  9. 9. STORYBOAR 5. can the solution encrypt data at upload? ■ Encryption must preserve app functionality ■ Encryption must be at full strength, using industry standard encryption (AES-256, etc) ■ Customer managed keys required
  10. 10. STORYBOAR 6. does the solution protect against unauthorized access? ■ Cloud app identity management should maintain the best practices of on-prem identity ■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication
  11. 11. STORYBOAR 7. can the solution help me discover risky traffic on my network, such as shadow IT and malware? ■ Analyze outbound data flows to learn what unsanctioned SaaS apps are in use ■ Understand risk profiles of different apps
  12. 12. STORYBOAR 8. will the solution introduce scale or performance issues? ■ Hosted on high-performance, global cloud infrastructure to introduce minimal latency ■ Security should not get in the way of user experience/productivity
  13. 13. STORYBOAR about bitglass total data protection est. jan 2013 100+ customer s tier 1 VCs
  14. 14. STORYBOAR bitglass solutions cloud mobile breach 14
  15. 15. STORYBOAR secure office 365 + byod client: ■ 35,000 employees globally challenge: ■ Inadequate native O365 security ■ Controlled access from any device ■ Limit external sharing ■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS solution: ■ Real-time data visibility and control ■ DLP policy enforcement at upload or download ■ Quarantine externally-shared sensitive files in cloud ■ Controlled unmanaged device access ■ Shadow IT & Breach discovery fortune 50 healthcare firm
  16. 16. STORYBOAR client: ■ 15,000 employees in 190+ locations globally challenge: ■ Mitigate risks of Google Apps adoption ■ Prevent sensitive data from being stored in the cloud ■ Limit data access based on device risk level ■ Govern external sharing solution: ■ Inline data protection for unmanaged devices/BYOD ■ Bidirectional DLP ■ Real-time sharing control secure google apps + byod business data giant
  17. 17. resources: more info about cloud security ■ whitepaper: the definitive guide to CASBs ■ report: cloud adoption by industry ■ case study: fortune 100 healthcare firm secure O365
  18. 18. STORYBOAR @bitglass

Notas del editor

  • The old approach to the problem is to secure the infrastructure. Historically this has been where the spend for large organizations has been.
    Secure your network, put agents on every trusted device to manage the device etc.
    Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday.
    Malware Mondays!
    Issues with this approach - cumbersome. expensive to administer since you have to manage every device and network.
    And usability is poor too, especially when it comes to mdm

    One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot

  • we think CASBs provide a better approach to cloud security.

    It starts with discovery.
  • in: CA, NY, MA, IL, N
  • Competition: Skyhigh, Netskope, Adallom
  • Competition: Skyhigh, Netskope, Cloudlock, Elastica/Bluecoat