This document discusses enabling secure bring your own device (BYOD) access in organizations using cloud access security brokers (CASBs). It outlines the limitations of traditional mobile device management (MDM) and mobile application management (MAM) approaches. The document advocates for a data-centric security model using CASBs to securely manage access to cloud applications and data from any device, whether managed or unmanaged, while maintaining user privacy and experience. Case studies are presented showing how CASBs can provide agentless BYOD security and access for enterprises.
4. STORYBOAR
security must
evolve to protect
data outside the
firewall
ungoverned
access to
corporate data in
the cloud
sensitive data on
unmanaged
devices
5. STORYBOAR
■ Impedes user privacy
■ Complex solution
deployment and
management
■ Lack of data visibility or
protection
manage
the
device
the evolution of mobile security
data-centric protection is the future
mdm
6. STORYBOAR
■ Impedes user privacy
■ Complex solution
deployment and
management
■ Lack of data visibility or
protection
■ User privacy issues
■ Prevents use of native
apps (mail/calendar)
■ 3rd party / cloud apps
non-functional
■ Challenging
manage
the
device
wrap the
app
the evolution of mobile security
data-centric protection is the future
mdm mam
7. STORYBOAR
■ Impedes user privacy
■ Complex solution
deployment and
management
■ Lack of data visibility or
protection
■ User privacy issues
■ Prevents use of native
apps (mail/calendar)
■ 3rd party / cloud apps
non-functional
■ Challenging
manage
the
device
wrap the
app
secure
the data
the evolution of mobile security
data-centric protection is the future
■ Protection of user
privacy and
experience
■ Any device, any app
■ Full data control and
visibility for IT
mdm mam casb
8. “By 2018, more than half of all bring your
own device (BYOD) users that currently
have an MDM agent will be managed by an
agentless solution”
Rob Smith, John Girard, and Dionisio Zumerle, “How to Live With Unmanaged Devices,” August 2015.
10. STORYBOAR
agentless BYOD access via activesync
■ Secure mobile devices without invasive
profiles or certificates
■ Protect data in “unwrappable” native apps
like mail, contacts, calendar
■ Selectively wipe corporate data
■ Enforce device security policies
■ Full data control and visibility for IT
11. STORYBOAR
agentless BYOD access via reverse proxy
■ Secure access from any unmanaged
device without agents
■ Users are automatically routed through the
proxy via SSO
■ Full data control and visibility for IT
■ Control data access with context and
content-aware DLP
12. STORYBOAR
data leakage prevention
a complete set of data controls
■ Apply granular DLP to sensitive data with
spectrum of actions from watermarking to outright
blocking
■ Context-aware engine can distinguish between
users, managed and unmanaged devices, and
more
■ Easily modify sharing permissions and quarantine
files for review
13. STORYBOAR
client:
■ 8000 employees
■ s&p 500
challenge:
■ Lack of adherence to BYOD security
measures
■ Failed MobileIron and SAP Afaria
deployments
solution:
■ Bitglass Agentless – device / OS
independent
■ Fast deployment
■ Logging for compliance with internal data
security policies
■ Seamless integration with
ActiveDirectory
fortune
500
beverage
co.
byod
security
14. STORYBOAR
secure
office 365
+ byod
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
powered by Citadel
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
via Omni
fortune 50
healthcare
firm
16. resources:
more info about byod
■ Whitepaper - definitive guide to CASBs
■ Whitepaper - BYOD security that works
■ Report: 2015 BYOD security
17. download the full BYOD report
the bitglass
research team
surveyed over 2000
enterprise
employees that own
smartphones and
tablets to uncover
trends in BYOD
download
the report