This document discusses securing applications and data in the cloud. It notes that cloud security poses new challenges as data moves beyond the corporate firewall. A cloud access security broker (CASB) is presented as a solution to help close security gaps by providing visibility, data security, compliance, and risk management for cloud services and unsanctioned applications. The document outlines how a CASB can help enforce policies for access control, encryption, identity management, and activity monitoring across multiple cloud platforms and applications. Case studies demonstrate how CASBs help businesses securely adopt cloud services and mobile devices while protecting sensitive data.

1. © 2016 Forrester Research, Inc. Reproduction Prohibited1
Total Data Protection
Outside the Firewall
webinar
closing the
cloud
security
gap with a
CASB

2. © 2016 Forrester Research, Inc. Reproduction Prohibited2
Rich Campagna
VP of Products
Andras Cser
VP, Principal
Analyst
guest speaker:

3. © 2016 Forrester Research, Inc. Reproduction Prohibited3
3
Cloud Pulls the CISO in Many Directions
CISO and
Security
Organization
Changes, aka
Uneven
Handshake
2. LOB
procures
cloud
services
1. Cloud
Offers
Irresistible
Benefits
5. Security
Struggles to
Reduce Cloud
Security Risks
4. Data Center
Is Loosely
Coupled
3. CISO
Can’t Say
‘No’ All the
Time

4. © 2016 Forrester Research, Inc. Reproduction Prohibited4
4
Cloud Security Means a Lot of Things to a
Lot of People
› Security To the Cloud - how can employees securely
interface with our Cloud Providers?
› Security In the Cloud - how can a Cloud Provider (MSFT,
Salesforce) prove that they are secure?
› Security From the Cloud - how can we secure data
accessed from the cloud?
› Organizational Implications - how cloud changes our IT
security organization?

5. © 2016 Forrester Research, Inc. Reproduction Prohibited5
5
Why Cloud Security is like a
two component glue, a
unique blend:
A: The Cloud is not just a
new delivery platform
B: Cloud Security is NOT
just extending existing
security to the cloud
The dual nature of cloud security

6. © 2016 Forrester Research, Inc. Reproduction Prohibited6
6
General Challenges with SaaS Security
› Ease of Use
› Cloud security should not inhibit usage
› Inconsistent Control
› You don’t own the app or infrastructure; data moves beyond the
firewall
› Controlling Access
› Any user, any device can connect to cloud over public networks
› The “share” button!
› Cloud Proliferation
› Whack-a-mole use of built-in app security controls is a losing
proposition.

7. © 2016 Forrester Research, Inc. Reproduction Prohibited7
7
Technology challenges with SaaS Security
› Access controls
› Limited and inconsistent native security
› Information Rights Management
› Identity and Access Management (IAM) and Privileged
Identity Management (PIM)
› Log and event management

8. © 2016 Forrester Research, Inc. Reproduction Prohibited8
How do we
avoid this?
When it comes to
responsibilities…

9. © 2016 Forrester Research, Inc. Reproduction Prohibited9
9
Cloud Does NOT Shift the Responsibility of
Data Protection
“When data is transferred to a cloud, the
responsibility for protecting and securing
the data typically remains with the collector
or custodian of that data.”
Cloud Security Alliance, Guidance v3.0

10. © 2016 Forrester Research, Inc. Reproduction Prohibited10
Who’s Responsible for SaaS Security?

11. © 2016 Forrester Research, Inc. Reproduction Prohibited11
11
Consciously Building the Cloud Data
Protection Onion
Discovery and Tagging
Risk Assessment
Encryption on Premise
Data Leakage Prevention
Encryption in transit
Identity Context
Encryption at Cloud Vendor

12. © 2016 Forrester Research, Inc. Reproduction Prohibited12
› Why do it?
› We are moving our entire IT portfolio to the
cloud, can data protection follow and how?
› How much should we pay for it?
› Does CSG support our application portfolio?
› How does it do provisioning?
Common questions Forrester gets about CSG

13. © 2016 Forrester Research, Inc. Reproduction Prohibited13
› Moving to the cloud is not optional
› Compliance mandates: SOX, GLBA, HIPAA, HITECH,
FERC/NERC
› Cloud cannot increase overall organizational risk
› Privacy and data protection concerns mounting
› Insider threats
› Companies must discover, control and secure shadow IT
› BYOD and “mobile first” is key
Why CSG is important to Forrester customers

14. © 2016 Forrester Research, Inc. Reproduction Prohibited14
Drivers for CSG Implementation
Information
Risk
Efficiency
Compliance
Flexibility

15. © 2016 Forrester Research, Inc. Reproduction Prohibited15
› S&R pros must control data dissemination
› Scan and protect data at upload and download
› Allow employees to work anywhere/any device
› YOU are responsible for security of your data in the
cloud
› Don’t blindly trust cloud app vendors’ built-in security
› Discover risky unsanctioned cloud apps
Requirements for CSG

16. © 2016 Forrester Research, Inc. Reproduction Prohibited16
Source: Forrester Research World Cloud Security Solutions Forecast, 2015 To 2020 (Global)

17. © 2016 Forrester Research, Inc. Reproduction Prohibited17
Source: Forrester Research World
Cloud Security Solutions
Forecast, 2015 To 2020 (Global)

18. © 2016 Forrester Research, Inc. Reproduction Prohibited18

19. © 2016 Forrester Research, Inc. Reproduction Prohibited19
19

20. © 2016 Forrester Research, Inc. Reproduction Prohibited20
20

21. © 2016 Forrester Research, Inc. Reproduction Prohibited21
21

22. © 2016 Forrester Research, Inc. Reproduction Prohibited22
› Increased investment in Cloud Security
› Support for multi-cloud deployments
› (CASB) CSG = CDP + CASI + Cloud Data Governance
› Hybrid Proxy + API + Log management preferred
› Machine Learning/UBA to play a prominent role
› IAM integration is a must
› SIEM integration broadens
› Cloud Data Governance: reviews, campaigns, roles, SoD
checks
Forrester’s Cloud Security Predictions

23. © 2016 Forrester Research, Inc. Reproduction Prohibited23

24. © 2016 Forrester Research, Inc. Reproduction Prohibited24
about
bitglass
total
data
protection est. jan
2013
CA, NY,
MN, MA,
IL, NC
tier 1
VCs

25. © 2016 Forrester Research, Inc. Reproduction Prohibited25
our
solutions
cloud mobile breach
25

26. © 2016 Forrester Research, Inc. Reproduction Prohibited26
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
fortune 50
healthcare
firm

27. © 2016 Forrester Research, Inc. Reproduction Prohibited27
client:
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps
adoption
■ Prevent sensitive data from being
stored in the cloud
■ Limit data access based on device
risk level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure
google
apps +
byod
business
data giant

28. © 2016 Forrester Research, Inc. Reproduction Prohibited28
28
Thank You!
Andras Cser
+1 617.613.6365
acser@forrester.com
Rich Campagna
+1 408.203.7090
rich@bitglass.com
@bitglass

29. © 2016 Forrester Research, Inc. Reproduction Prohibited29