As more organizations look to deploy new or additional cloud apps to enable employee productivity, securing corporate data becomes a challenge. Cloud Access Security Brokers (CASBs) have emerged as the go-to solution for organizations that need end-to-end data security, from cloud to device.
4. STORYBOARDS
casb security
a data-centric approach
■ Cloud data doesn’t exist only “in the cloud”
■ IT must protect data at access and on any
device
○ Granular DLP
○ Context-aware to distinguish between
users, device type, more
○ Device controls on mobile
5. STORYBOARDS
mobile security
cloud and mobile are inseparable
■ IT must enable secure access to cloud
apps from any device
■ BYOD poses a threat to data security due
to a lack of visibility and control after
download
■ CASBs accommodate user BYOD
6. STORYBOARD
how casb security works
reverse proxy
■ unmanaged device controls without agents
forward proxy
■ managed devices controls
activesync proxy
■ secure email, calendar, etc on any mobile device
■ device level security - wipe, encryption, PIN etc
7. STORYBOARDS
casb identity
centralized identity management is key in securing data
■ CASBs offer integrated identity
management across apps
■ Limit potential breaches with step-up
multifactor auth for high risk logins
8. STORYBOARDS
casb discovery
gain visibility into your org’s cloud usage
■ Identify unsanctioned apps in
use in your organization
○ Understand risk profiles of
these frequently used apps
■ Intelligent, time-saving alerts out
of the box
9. STORYBOARDS
managed
devices
application access access control data protection
unmanaged
devices / byod
in the cloud
Forward Proxy
ActiveSync Proxy
Device Profile: Pass
● Email
● Browser
● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VM
ActiveSync Proxy
● DLP/DRM/encryption
● Device controls
API Control External Sharing Blocked
● Block external shares
● Alert on DLP events
Device Profile: Fail
● Mobile Email
● Browser
● Contextual multi-factor auth
typical use case
hybrid CASBs provide real-time protection on any device
10. STORYBOARDS
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm
11. STORYBOARDS
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored
in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure
google
apps +
byod
business
data giant
13. resources:
more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure O365
we think CASBs provide a better approach to cloud security.
It starts with discovery.
“By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner
Inseparable