3. STORYBOAR
office 365 is the leading SaaS productivity suite:
market share has tripled year over year
2014 2015
google apps
office 365
other
16.3%
7.7%
76%
22.8%
25.2%52%
4. STORYBOAR
enterprises face a security balancing act:
maintaining security/control while empowering users
■ visibility / control
■ restricting access to data on unmanaged devices
■ preventing account hacking
■ controlling external sharing
6. STORYBOAR
native security features can’t be relied upon:
the data blind spot
components
usage/consumption
data
application
services
servers & storage
network
layer
data
application
infrastructure
owner
enterprise
9. STORYBOAR
casb security:
a data-centric approach
o365 requires a new security architecture
■ cross-device, cross-platform agentless
data security
■ real-time protection
■ limit high-risk activities like external file
sharing
■ detailed logging for compliance and audit
10. STORYBOAR
access:
protect data across all devices, managed and unmanaged
■ granular access controls based on context
(e.g. device type, user, geo)
■ redact, encrypt, or watermark sensitive
content with Citadel DLP
■ apply DLP to files on download
11. STORYBOAR
mobile:
protect data across all devices, managed and unmanaged
■ secure unmanaged devices with an
agentless solution
■ enable access to frequently used
native apps
■ enforce mobile device protection
policies on byod
12. STORYBOAR
identity:
centralized identity management is key in securing data
■ cloud app identity management should
maintain the best practices of on-prem
identity
■ limit potential breaches with contextual
multi-factor auth for high risk logins
13. STORYBOAR
managed
devices
application access access control data protection
unmanaged
devices / byod
in the cloud
Forward Proxy
ActiveSync Proxy
Device Profile: Pass
● Email
● Browser
● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VM
ActiveSync Proxy
● DLP/DRM/encryption
● Device controls
API Control External Sharing Blocked
● Block external shares
● Alert on DLP events
Device Profile: Fail
● Mobile Email
● Browser
● Contextual multi-factor auth
o365 use case:
only CASB with real-time data protection on any device
14. STORYBOAR
secure
office 365
+ byod
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
powered by Citadel
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
via Omni
fortune 100
healthcare
firm
15. STORYBOAR
secure
office 365
challenge:
■ Inadequate native O365 security
■ Protection of sensitive creative files
■ Prevention of data leakage
solution:
■ Real-time visibility and control over file
sharing, powered by Citadel
■ Restricted access from unmanaged
devices
■ Integrated identity/SSO
global ad
agency
What is your biggest concern with moving to Office 365?
Visibility into how corporate data is being used
Control over access to data
Encryption of sensitive data
Potential for breaches
Something else
The old approach to the problem is to secure the infrastructure. Historically this has been where the spend for large organizations has been.
Secure your network, put agents on every trusted device to manage the device etc.
Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday.
Malware Mondays!
Issues with this approach - cumbersome. expensive to administer since you have to manage every device and network.
And usability is poor too, especially when it comes to mdm
One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
When talking to potential customers, sometimes this comes up. Aren’t cloud vendors already protecting their apps with native security features?
Very simple framework for thinking about this. WSJ test.
What are your Cloud Access Security Broker deployment plans?
Already deployed
Plan to deploy in 2016
Plan to deploy beyond 2016
No plans to deploy a CASB
What is a CASB?
we think CASBs provide a better approach to cloud security.
It starts with discovery.
“By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner
Inseparable
Competition: Skyhigh, Netskope, Adallom
Competition: Skyhigh, Netskope, Adallom
in: CA, NY, MA, IL, N
Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms