7. STORYBOAR
security must
evolve to
protect data
outside the
firewall
cloud:
attack on SaaS
vendor risks
sensitive data
access:
uncontrolled
access from
any device
network:
data breach -
exfiltration &
Shadow IT
mobile:
lost device with
sensitive data
7
10. STORYBOAR
2. does the solution protect cloud data end-to-end?
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility
and control over data in the cloud
■ Solution must also protect data on end-
user devices
■ Leverage contextual access controls
11. STORYBOAR
3. can the solution control access from both managed
& unmanaged devices?
reverse proxy
■ unmanaged devices - any device, anywhere
■ no software to install/configure
forward proxy
■ managed devices - inline control for installed apps
■ agent and certificate based approaches
activesync proxy
■ secure email, calendar, etc on any mobile device
■ no software to install/configure
12. STORYBOAR
4. does the solution provide real-time visibility and
control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users,
managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove
share, etc) required to mitigate overall risk
13. STORYBOAR
5. can the solution encrypt data at upload?
■ Encryption must preserve app functionality
■ Encryption must be at full strength, using
industry standard encryption (AES-256, etc)
■ Customer managed keys required
14. STORYBOAR
6. does the solution protect against unauthorized
access?
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ Cross-app visibility into suspicious access
activity with actions like step-up multifactor
authentication
15. STORYBOAR
7. can the solution help me discover risky traffic on my
network, such as shadow IT and malware?
■ Analyze outbound data flows to
learn what unsanctioned SaaS
apps are in use
■ Understand risk profiles of
different apps
16. STORYBOAR
8. will the solution introduce scale or performance
issues?
■ Hosted on high-performance, global cloud
infrastructure to introduce minimal latency
■ Security should not get in the way of user
experience/productivity
17. STORYBOAR
1. How does the solution differ from security built into cloud apps?
2. Does the solution protect cloud data end-to-end?
3. Can the solution control access from both managed & unmanaged devices?
4. Does the solution provide real-time visibility and control?
5. Can the solution encrypt data at upload?
6. Does the solution protect against unauthorized access?
7. Can the solution help me discover risky traffic on my network, such as shadow IT?
recap: 8 questions to ask when evaluating a CASB
vendor
20. STORYBOAR
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm
21. STORYBOAR
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being
stored in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure
google
apps +
byod
business
data giant