The document discusses common use cases for Cloud Access Security Brokers (CASBs). It begins by explaining that CASBs enable organizations to extend their information protection policies from on-premises infrastructure to the cloud. It then lists 20 common CASB use cases organized under the categories of governing usage, securing data, and protecting against threats. For each use case, it provides examples and outlines the functional and deployment requirements needed to implement that use case.
A cloud access security broker (CASB) sits between an organization's network and cloud providers to extend security policies to third-party cloud services and applications. CASBs allow organizations to identify and control cloud app usage, enforce data security policies, and protect against threats. CASBs are increasingly adopted due to growth in cloud services and the need to secure data outside of an organization's network. Common CASB functions include visibility, compliance, data security, and threat protection for cloud apps and services.
This document discusses Cloud Access Security Brokers (CASBs). It defines a CASB as a set of cloud security technologies that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure to extend security policies to third-party software and storage. CASBs help identify and manage cloud apps, enforce policies, provide data security through encryption and activity monitoring, and integrate with other security solutions. The document discusses how CASBs work using proxies or APIs, compares architectural choices, and lists some leading CASB providers like Microsoft, Imperva, Bitglass, and Cisco CloudLock.
Regardless of whether your data resides on-premises, in the cloud, or a combination of both, you are vulnerable to security threats, data breaches, data loss, and more. Security is often cited as a concern for organizations who are migrating to the public cloud, but the belief that the public cloud is not secure is a myth.
In fact, the leading public cloud service providers have built rigorous security capabilities to ensure that your applications, assets, and services are protected. Security in the public cloud is now becoming a driver for many organizations, but in a rapidly evolving multicloud environment, you must keep up with changes that might impact your security posture.
This eBook outlines the three core recommendations for cloud security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform
This talk will focus on the use of Microsoft Azure for incident response and forensics. As more organizations move their infrastructure to the cloud, it is important to understand how to effectively respond to security incidents in these environments. We will discuss the tools and techniques available in Azure for collecting and analyzing data during an incident response. We will also cover how to use Azure Security Center and Azure Sentinel for real-time threat detection and response. Additionally, we will cover best practices for securing Azure resources and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Azure for incident response and forensics and be better equipped to handle security incidents in the cloud.
Security and Compliance with SharePoint and Office 365Richard Harbridge
Whether you’re new to security and compliance in Office 365 or a seasoned veteran, we’ll have something for you in this session. Hear about Microsoft’s overall security story from Microsoft MVP Richard Harbridge, and better understand how it relates to SharePoint services, catch up on new developments over the past year, and learn about the new capabilities Microsoft provides. From advanced security management and threat intelligence to sensitive content encryption, governance and sharing there is plenty to discuss.
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
https://www.xylos.com/en/corporate/events/explore-new-digital-ways
Public cloud and security go hand in hand, if you approach it properly
The cloud is already being well used, but lots of organisations still have questions about its security. Is data protection in the cloud really optimal, or is this uncertainty justified? In this breakout session we look at the main concerns we hear from our customers. Can we build a perimeter around cloud applications? Which sectors or scenarios are not suitable for the cloud, and where in particular is it recommended? How do I get to grips with ‘shadow IT’? Do I have to manage things myself in the cloud? Does the public cloud satisfy the strictest security requirements? And what's the most secure authentication? Data protection isn't just limited to firewalls or intrusion systems, after all. The key lies in having a comprehensive security policy, and in this session we zoom in on the major components and challenges.
Speaker: Karim Vaes, Solution Architect, Xylos
Protect sensitive data and ensuring that only authorized users, using known devices, can see data in the clear. We’re happy to let the traditional security experts work on their perimeters, knowing that when they fail, our customers’ data remains secure. And, in contrast with products designed for big enterprises, we’ve created a solution that can be installed, configured, and afforded by small businesses without IT staff.
A cloud access security broker (CASB) sits between an organization's network and cloud providers to extend security policies to third-party cloud services and applications. CASBs allow organizations to identify and control cloud app usage, enforce data security policies, and protect against threats. CASBs are increasingly adopted due to growth in cloud services and the need to secure data outside of an organization's network. Common CASB functions include visibility, compliance, data security, and threat protection for cloud apps and services.
This document discusses Cloud Access Security Brokers (CASBs). It defines a CASB as a set of cloud security technologies that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure to extend security policies to third-party software and storage. CASBs help identify and manage cloud apps, enforce policies, provide data security through encryption and activity monitoring, and integrate with other security solutions. The document discusses how CASBs work using proxies or APIs, compares architectural choices, and lists some leading CASB providers like Microsoft, Imperva, Bitglass, and Cisco CloudLock.
Regardless of whether your data resides on-premises, in the cloud, or a combination of both, you are vulnerable to security threats, data breaches, data loss, and more. Security is often cited as a concern for organizations who are migrating to the public cloud, but the belief that the public cloud is not secure is a myth.
In fact, the leading public cloud service providers have built rigorous security capabilities to ensure that your applications, assets, and services are protected. Security in the public cloud is now becoming a driver for many organizations, but in a rapidly evolving multicloud environment, you must keep up with changes that might impact your security posture.
This eBook outlines the three core recommendations for cloud security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform
This talk will focus on the use of Microsoft Azure for incident response and forensics. As more organizations move their infrastructure to the cloud, it is important to understand how to effectively respond to security incidents in these environments. We will discuss the tools and techniques available in Azure for collecting and analyzing data during an incident response. We will also cover how to use Azure Security Center and Azure Sentinel for real-time threat detection and response. Additionally, we will cover best practices for securing Azure resources and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Azure for incident response and forensics and be better equipped to handle security incidents in the cloud.
Security and Compliance with SharePoint and Office 365Richard Harbridge
Whether you’re new to security and compliance in Office 365 or a seasoned veteran, we’ll have something for you in this session. Hear about Microsoft’s overall security story from Microsoft MVP Richard Harbridge, and better understand how it relates to SharePoint services, catch up on new developments over the past year, and learn about the new capabilities Microsoft provides. From advanced security management and threat intelligence to sensitive content encryption, governance and sharing there is plenty to discuss.
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
https://www.xylos.com/en/corporate/events/explore-new-digital-ways
Public cloud and security go hand in hand, if you approach it properly
The cloud is already being well used, but lots of organisations still have questions about its security. Is data protection in the cloud really optimal, or is this uncertainty justified? In this breakout session we look at the main concerns we hear from our customers. Can we build a perimeter around cloud applications? Which sectors or scenarios are not suitable for the cloud, and where in particular is it recommended? How do I get to grips with ‘shadow IT’? Do I have to manage things myself in the cloud? Does the public cloud satisfy the strictest security requirements? And what's the most secure authentication? Data protection isn't just limited to firewalls or intrusion systems, after all. The key lies in having a comprehensive security policy, and in this session we zoom in on the major components and challenges.
Speaker: Karim Vaes, Solution Architect, Xylos
Protect sensitive data and ensuring that only authorized users, using known devices, can see data in the clear. We’re happy to let the traditional security experts work on their perimeters, knowing that when they fail, our customers’ data remains secure. And, in contrast with products designed for big enterprises, we’ve created a solution that can be installed, configured, and afforded by small businesses without IT staff.
The document discusses security considerations for Software as a Service (SaaS) application providers. It outlines key challenges including lack of visibility and control over how enterprise data is stored and secured in the cloud. The document then provides recommendations in three main areas: 1) Secure product engineering practices to integrate security into the development lifecycle. 2) Secure deployment strategies when using public or private clouds. 3) Governance and regulatory compliance audits as well as third-party security assessments to evaluate and validate security. Regular assessments are recommended to detect vulnerabilities before exploitation.
ActiveBase Security helps implement preventive security policies to protect data without modifying applications or databases. It masks, scrambles, hides, blocks and audits data accessed by outsourced teams, developers or external QA to comply with regulations like PCI and HIPAA. ActiveBase applies rules based on user context to dynamically mask data in real-time, protecting personal information from unauthorized access across applications, databases, and tools.
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
This document outlines an approach to model NIST’s Zero Trust Security Architecture while migrating to MS Azure but still working with hybrid cloud deployments.
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
Clarke Rodgers (CISO, SCOR Velogica)'s presentation on SCOR's journey to SOC2/TYPE2 via AWS at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
This document provides 63 requirements for evaluating Cloud Access Security Broker (CASB) solutions. It covers key areas like visibility, data loss prevention, access control, cloud service provider risk management, threat protection, and non-functional requirements. The requirements are intended to help create a baseline for evaluating CASB solutions and determining what is most important for an organization. Comments or questions can be directed to the provided contact.
Maximize your cloud app control with Microsoft MCAS and ZscalerZscaler
Are you using or ready to deploy Microsoft Cloud App Security (MCAS)? While having CASB visibility and control is key to a good cloud app strategy, it is only as good as the traffic it can see. Zscaler and Microsoft have partnered to deliver key MCAS integrations that help you confidently embrace cloud apps and minimize the risks associated with unsanctioned apps.
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
Are you using or ready to deploy Microsoft Cloud App Security (MCAS)? While having CASB visibility and control is key to a good cloud app strategy, it is only as good as the traffic it can see. Zscaler and Microsoft have partnered to deliver key MCAS integrations that help you confidently embrace cloud apps and minimize the risks associated with unsanctioned apps.
This document provides an overview of the ClearPass access management solution from Aruba, which includes ClearPass Policy Manager, ClearPass Guest, ClearPass Onboard, and ClearPass OnGuard. ClearPass Policy Manager acts as the core policy enforcement and authentication engine. ClearPass Guest enables secure guest access, ClearPass Onboard allows employees to securely onboard personal devices, and ClearPass OnGuard performs device posture checks. The document discusses how these ClearPass modules work together to provide flexible network access policies for BYOD, guests, and security compliance across wired and wireless infrastructures from multiple vendors.
The cloud offers simplified application development and delivery by providing infrastructure, platform and software services that are ready to use immediately. However, the major inhibitor for businesses has been concerns around security. IBM has simplified the typical method for approaching this problem. Whether you’re looking to employ infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) or software-as-a-service (SaaS), use the framework below when designing your solution. Each platform comes with certain built-in security qualities and lets you use add-ons on top of the platform to secure each workload.
Technologies You Need to Safely Use the CloudCloudPassage
There are three main types of cloud services discussed in the document:
1) Infrastructure as a Service (IaaS) requires technologies to verify workload integrity, alert to unauthorized changes, and track incidents as the provider cannot do this. Point solutions and broader providers offer these controls.
2) Software as a Service (SaaS) presents risks if providers mishandle sensitive data or have authentication/application weaknesses exploited. Users should control access and encrypt data.
3) Governance is needed to track cloud service use, as without it companies lack visibility into how data is used and exposed. Technologies help monitor usage and set policies to mitigate risks and protect data.
Service now is a software platform that supports IT service manag.docxedgar6wallace88877
Service now is a software platform that supports IT service management applications and helps to automate many organizational workflow activities. ServiceNow has hundreds of enterprise HR, Healthcare, Financial Services, and Governmental customers who employee a variety of techniques to protect the integrity of their data. We understand that security is paramount. For that reason, we allow you to create access control lists (ACL's) that leverage contextual security. This allows you to restrict access to tables and columns to those people who have the appropriate roles. In the world of data breach. When sensitive data leaves a business and enters the cloud, the risk for mistakes and breaches amplifies. Companies today must adopt advanced next-generation cloud security solutions to prevent and mitigate security threats in their IT environment, protect the privacy of their data and comply with a growing number of global regulations.
To meet the data security needs of modern enterprises—ranging from governmental regulatory and industry compliance objectives to implementing risk mitigation controls—ServiceNow offers encryption solutions at the application tier, database tier, and hardware tier.At the application tier, your data is encrypted within the customer instance down to the database, so even an attacker with full software access to the database can’t read your data. Column-level encryption provides data encryption in our network. With ServiceNow Edge Encryption, your data is encrypted before it even reaches your ServiceNow instance in our network—this ensures there’s literally no way anyone at ServiceNow—or an attacker—can read your data.At the database tier, ServiceNow Database Encryption encrypts your data directly in the database accessed by your applications running on your ServiceNow instance.At the hardware tier, our Full Disk Encryption ensures data is encrypted at rest, thereby protecting you from a theft of storage attack
Security for authorized ServiceNow employee logins to customer instances employs encrypted tokens generated by a secure server. Only properly authenticated ServiceNow employees are granted access to a customer instances. Without the SNC Access Control plugin, the security server ensures that access rights are enforced on hi.service-now.com. When the plugin is enabled, the encrypted login tokens must match names in the plugin-provided access list, using the criteria defined in those records. This method of authentication enables our customers to determine precisely which ServiceNow employees may access their instances, and when these employees may do so. Edge Encryption is a ServiceNow product that allows customers to encrypt columns (i.e., application fields) and attachments with encryption keys that customers own, control, and manage within their own networks outside of their ServiceNow instances.Edge Encryption acts as a gateway between your browser and your SaaS ServiceNow instance. The ServiceNow infrastructur.
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
This document discusses cloud computing and security considerations for organizations adopting cloud services. It makes three key points:
1. Cloud computing provides on-demand delivery of computing resources but also poses new security risks and challenges for organizations related to loss of control of data and infrastructure. A holistic risk management approach is needed.
2. Key security considerations for organizations adopting cloud services include understanding compliance requirements, performing risk assessments of cloud assets, validating information lifecycles, ensuring data security, and establishing security agreements with cloud providers.
3. As organizations lose control of their data and infrastructure in the cloud, new strategies are needed to ensure data portability between cloud providers, availability of audit controls, and proper management of data
Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
The document discusses several security issues that must be addressed for Software as a Service (SaaS) applications, including ensuring user authentication and authorization, data confidentiality, availability of cloud services, isolation of virtual machines, network security, and identity management. Proper security measures are needed to prevent unauthorized access to user data stored by SaaS providers and protect against vulnerabilities in web applications, virtualization software, and during the user sign-on process.
The document discusses several security issues that must be addressed for Software as a Service (SaaS) applications, including ensuring user authentication and authorization, data confidentiality, availability of cloud services, isolation of virtual machines, network security, and identity management. Proper security measures are needed to prevent unauthorized access to user data stored by SaaS providers and protect against vulnerabilities in web applications, virtualization software, and during the user sign-on process.
Slack has emerged as a popular collaboration app with 10 million users in 2019. CipherCloud CASB+ for Slack provides security and compliance for Slack by giving visibility into user activity, protecting sensitive data, and preventing threats. It uses techniques like data loss prevention, encryption, and anomaly detection to secure collaboration on Slack.
The document discusses SAP BASIS and security administration. It describes SAP security components including authorization concepts using user IDs, profiles, and authorizations. It outlines the process for security configuration in SAP, including user authentication, creating and assigning authorization profiles, auditing and monitoring, and administration and maintenance. The key aspects of security configuration are creating activity groups to generate authorization profiles, auditing user access and changes, and monitoring default profiles and users.
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Learn how to gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Join us to Learn:
How to protect and automate your AWS deployments while maintaining data segregation
Best practices for creating consistent security for data moving to and from the cloud
How to securely extend your application development testing environment to AWS
Speakers:
AWS Speaker: David Wright, Solution Architect
Palo Alto Networks Speaker: Bisham Kishnani, Senior Consulting Engineer
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdfFrank Fluegel
Mr. Brainwash Beautiful Girl / Mixed Media / signed / Unique
Year: 2023
Format: 96,5 x 127 cm / 37.8 x 50 inch
Material: Fine Art Paper with hand-torn edges.
Method: Mixed Media, Stencil, Spray Paint.
Edition: Unique
Other: handsigned by Mr. Brainwash front and verso.
Beautiful Girl by Mr. Brainwash is a mixed media artwork on paper done in 2023. It is unique and of course signed by Mr. Brainwash. The picture is a tribute to his own most successful work of art, the Balloon Girl. In this new creation, however, the theme of the little girl is slightly modified.
In Mr. Brainwash’s mixed media artwork titled “Beautiful Girl,” we are presented with a captivating depiction of a little girl adorned in a summer dress, with two playful pigtails framing her face. The artwork exudes a sense of innocence and whimsy, as the girl is shown in a dreamy state, lifting one end of her skirt and looking down as if she were about to dance. Through the use of mixed media, Mr. Brainwash skillfully combines different artistic elements to create a visually striking composition. The vibrant colors and bold brushstrokes bring the artwork to life, evoking a sense of joy and happiness. The attention to detail in the girl’s expression and body language adds depth and character to the piece, allowing viewers to connect with the young protagonist on a personal and emotional level. “Beautiful Girl” is a testament to Mr. Brainwash’s unique artistic style, blending elements of street art, pop art, and contemporary art to create a visually captivating and emotionally resonant artwork.
The use of mixed media in “Beautiful Girl” adds an additional layer of complexity to the artwork. By combining different artistic techniques and materials, such as stencils, spray paint, and collage, Mr. Brainwash creates a dynamic and textured composition that grabs the viewer’s attention. The juxtaposition of different textures and patterns adds depth and visual interest to the piece, while also emphasizing the artist’s eclectic and experimental approach to art-making. The inclusion of collage elements, such as newspaper clippings and torn posters, further enhances the artwork’s urban and contemporary feel. Overall, “Beautiful Girl” is a visually captivating and thought-provoking artwork that showcases Mr. Brainwash’s talent for blending different artistic elements to create a truly unique and engaging piece.
The document discusses security considerations for Software as a Service (SaaS) application providers. It outlines key challenges including lack of visibility and control over how enterprise data is stored and secured in the cloud. The document then provides recommendations in three main areas: 1) Secure product engineering practices to integrate security into the development lifecycle. 2) Secure deployment strategies when using public or private clouds. 3) Governance and regulatory compliance audits as well as third-party security assessments to evaluate and validate security. Regular assessments are recommended to detect vulnerabilities before exploitation.
ActiveBase Security helps implement preventive security policies to protect data without modifying applications or databases. It masks, scrambles, hides, blocks and audits data accessed by outsourced teams, developers or external QA to comply with regulations like PCI and HIPAA. ActiveBase applies rules based on user context to dynamically mask data in real-time, protecting personal information from unauthorized access across applications, databases, and tools.
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
This document outlines an approach to model NIST’s Zero Trust Security Architecture while migrating to MS Azure but still working with hybrid cloud deployments.
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
Clarke Rodgers (CISO, SCOR Velogica)'s presentation on SCOR's journey to SOC2/TYPE2 via AWS at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
This document provides 63 requirements for evaluating Cloud Access Security Broker (CASB) solutions. It covers key areas like visibility, data loss prevention, access control, cloud service provider risk management, threat protection, and non-functional requirements. The requirements are intended to help create a baseline for evaluating CASB solutions and determining what is most important for an organization. Comments or questions can be directed to the provided contact.
Maximize your cloud app control with Microsoft MCAS and ZscalerZscaler
Are you using or ready to deploy Microsoft Cloud App Security (MCAS)? While having CASB visibility and control is key to a good cloud app strategy, it is only as good as the traffic it can see. Zscaler and Microsoft have partnered to deliver key MCAS integrations that help you confidently embrace cloud apps and minimize the risks associated with unsanctioned apps.
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
Are you using or ready to deploy Microsoft Cloud App Security (MCAS)? While having CASB visibility and control is key to a good cloud app strategy, it is only as good as the traffic it can see. Zscaler and Microsoft have partnered to deliver key MCAS integrations that help you confidently embrace cloud apps and minimize the risks associated with unsanctioned apps.
This document provides an overview of the ClearPass access management solution from Aruba, which includes ClearPass Policy Manager, ClearPass Guest, ClearPass Onboard, and ClearPass OnGuard. ClearPass Policy Manager acts as the core policy enforcement and authentication engine. ClearPass Guest enables secure guest access, ClearPass Onboard allows employees to securely onboard personal devices, and ClearPass OnGuard performs device posture checks. The document discusses how these ClearPass modules work together to provide flexible network access policies for BYOD, guests, and security compliance across wired and wireless infrastructures from multiple vendors.
The cloud offers simplified application development and delivery by providing infrastructure, platform and software services that are ready to use immediately. However, the major inhibitor for businesses has been concerns around security. IBM has simplified the typical method for approaching this problem. Whether you’re looking to employ infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) or software-as-a-service (SaaS), use the framework below when designing your solution. Each platform comes with certain built-in security qualities and lets you use add-ons on top of the platform to secure each workload.
Technologies You Need to Safely Use the CloudCloudPassage
There are three main types of cloud services discussed in the document:
1) Infrastructure as a Service (IaaS) requires technologies to verify workload integrity, alert to unauthorized changes, and track incidents as the provider cannot do this. Point solutions and broader providers offer these controls.
2) Software as a Service (SaaS) presents risks if providers mishandle sensitive data or have authentication/application weaknesses exploited. Users should control access and encrypt data.
3) Governance is needed to track cloud service use, as without it companies lack visibility into how data is used and exposed. Technologies help monitor usage and set policies to mitigate risks and protect data.
Service now is a software platform that supports IT service manag.docxedgar6wallace88877
Service now is a software platform that supports IT service management applications and helps to automate many organizational workflow activities. ServiceNow has hundreds of enterprise HR, Healthcare, Financial Services, and Governmental customers who employee a variety of techniques to protect the integrity of their data. We understand that security is paramount. For that reason, we allow you to create access control lists (ACL's) that leverage contextual security. This allows you to restrict access to tables and columns to those people who have the appropriate roles. In the world of data breach. When sensitive data leaves a business and enters the cloud, the risk for mistakes and breaches amplifies. Companies today must adopt advanced next-generation cloud security solutions to prevent and mitigate security threats in their IT environment, protect the privacy of their data and comply with a growing number of global regulations.
To meet the data security needs of modern enterprises—ranging from governmental regulatory and industry compliance objectives to implementing risk mitigation controls—ServiceNow offers encryption solutions at the application tier, database tier, and hardware tier.At the application tier, your data is encrypted within the customer instance down to the database, so even an attacker with full software access to the database can’t read your data. Column-level encryption provides data encryption in our network. With ServiceNow Edge Encryption, your data is encrypted before it even reaches your ServiceNow instance in our network—this ensures there’s literally no way anyone at ServiceNow—or an attacker—can read your data.At the database tier, ServiceNow Database Encryption encrypts your data directly in the database accessed by your applications running on your ServiceNow instance.At the hardware tier, our Full Disk Encryption ensures data is encrypted at rest, thereby protecting you from a theft of storage attack
Security for authorized ServiceNow employee logins to customer instances employs encrypted tokens generated by a secure server. Only properly authenticated ServiceNow employees are granted access to a customer instances. Without the SNC Access Control plugin, the security server ensures that access rights are enforced on hi.service-now.com. When the plugin is enabled, the encrypted login tokens must match names in the plugin-provided access list, using the criteria defined in those records. This method of authentication enables our customers to determine precisely which ServiceNow employees may access their instances, and when these employees may do so. Edge Encryption is a ServiceNow product that allows customers to encrypt columns (i.e., application fields) and attachments with encryption keys that customers own, control, and manage within their own networks outside of their ServiceNow instances.Edge Encryption acts as a gateway between your browser and your SaaS ServiceNow instance. The ServiceNow infrastructur.
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
This document discusses cloud computing and security considerations for organizations adopting cloud services. It makes three key points:
1. Cloud computing provides on-demand delivery of computing resources but also poses new security risks and challenges for organizations related to loss of control of data and infrastructure. A holistic risk management approach is needed.
2. Key security considerations for organizations adopting cloud services include understanding compliance requirements, performing risk assessments of cloud assets, validating information lifecycles, ensuring data security, and establishing security agreements with cloud providers.
3. As organizations lose control of their data and infrastructure in the cloud, new strategies are needed to ensure data portability between cloud providers, availability of audit controls, and proper management of data
Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
The document discusses several security issues that must be addressed for Software as a Service (SaaS) applications, including ensuring user authentication and authorization, data confidentiality, availability of cloud services, isolation of virtual machines, network security, and identity management. Proper security measures are needed to prevent unauthorized access to user data stored by SaaS providers and protect against vulnerabilities in web applications, virtualization software, and during the user sign-on process.
The document discusses several security issues that must be addressed for Software as a Service (SaaS) applications, including ensuring user authentication and authorization, data confidentiality, availability of cloud services, isolation of virtual machines, network security, and identity management. Proper security measures are needed to prevent unauthorized access to user data stored by SaaS providers and protect against vulnerabilities in web applications, virtualization software, and during the user sign-on process.
Slack has emerged as a popular collaboration app with 10 million users in 2019. CipherCloud CASB+ for Slack provides security and compliance for Slack by giving visibility into user activity, protecting sensitive data, and preventing threats. It uses techniques like data loss prevention, encryption, and anomaly detection to secure collaboration on Slack.
The document discusses SAP BASIS and security administration. It describes SAP security components including authorization concepts using user IDs, profiles, and authorizations. It outlines the process for security configuration in SAP, including user authentication, creating and assigning authorization profiles, auditing and monitoring, and administration and maintenance. The key aspects of security configuration are creating activity groups to generate authorization profiles, auditing user access and changes, and monitoring default profiles and users.
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Learn how to gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Join us to Learn:
How to protect and automate your AWS deployments while maintaining data segregation
Best practices for creating consistent security for data moving to and from the cloud
How to securely extend your application development testing environment to AWS
Speakers:
AWS Speaker: David Wright, Solution Architect
Palo Alto Networks Speaker: Bisham Kishnani, Senior Consulting Engineer
Similar to 20-most-common-casb-use-cases-2-.pdf (20)
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdfFrank Fluegel
Mr. Brainwash Beautiful Girl / Mixed Media / signed / Unique
Year: 2023
Format: 96,5 x 127 cm / 37.8 x 50 inch
Material: Fine Art Paper with hand-torn edges.
Method: Mixed Media, Stencil, Spray Paint.
Edition: Unique
Other: handsigned by Mr. Brainwash front and verso.
Beautiful Girl by Mr. Brainwash is a mixed media artwork on paper done in 2023. It is unique and of course signed by Mr. Brainwash. The picture is a tribute to his own most successful work of art, the Balloon Girl. In this new creation, however, the theme of the little girl is slightly modified.
In Mr. Brainwash’s mixed media artwork titled “Beautiful Girl,” we are presented with a captivating depiction of a little girl adorned in a summer dress, with two playful pigtails framing her face. The artwork exudes a sense of innocence and whimsy, as the girl is shown in a dreamy state, lifting one end of her skirt and looking down as if she were about to dance. Through the use of mixed media, Mr. Brainwash skillfully combines different artistic elements to create a visually striking composition. The vibrant colors and bold brushstrokes bring the artwork to life, evoking a sense of joy and happiness. The attention to detail in the girl’s expression and body language adds depth and character to the piece, allowing viewers to connect with the young protagonist on a personal and emotional level. “Beautiful Girl” is a testament to Mr. Brainwash’s unique artistic style, blending elements of street art, pop art, and contemporary art to create a visually captivating and emotionally resonant artwork.
The use of mixed media in “Beautiful Girl” adds an additional layer of complexity to the artwork. By combining different artistic techniques and materials, such as stencils, spray paint, and collage, Mr. Brainwash creates a dynamic and textured composition that grabs the viewer’s attention. The juxtaposition of different textures and patterns adds depth and visual interest to the piece, while also emphasizing the artist’s eclectic and experimental approach to art-making. The inclusion of collage elements, such as newspaper clippings and torn posters, further enhances the artwork’s urban and contemporary feel. Overall, “Beautiful Girl” is a visually captivating and thought-provoking artwork that showcases Mr. Brainwash’s talent for blending different artistic elements to create a truly unique and engaging piece.
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA.COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
Kalyan chart DP boss guessing matka number➑➌➋➑➒➎➑➑➊➍
Satta Matka Kalyan Main Mumbai Fastest Results
Satta Matka ❋ Sattamatka ❋ New Mumbai Ratan Satta Matka ❋ Fast Matka ❋ Milan Market ❋ Kalyan Matka Results ❋ Satta Game ❋ Matka Game ❋ Satta Matka ❋ Kalyan Satta Matka ❋ Mumbai Main ❋ Online Matka Results ❋ Satta Matka Tips ❋ Milan Chart ❋ Satta Matka Boss❋ New Star Day ❋ Satta King ❋ Live Satta Matka Results ❋ Satta Matka Company ❋ Indian Matka ❋ Satta Matka 143❋ Kalyan Night Matka..
SATTA MATKA | DPBOSS | KALYAN MAIN BAZAR | FAST MATKA RESULT KALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
MATKA NUMBER FIX MATKANUMBER FIX SATTAMATKA FIXMATKANUMBER SATTA MATKA ALL SATTA MATKA FREE GAME KALYAN MATKA TIPS KAPIL MATKA GAME SATTA MATKA KALYAN GAME DAILY FREE 4 ANK ALL MARKET PUBLIC SEVA WEBSITE FIX FIX MATKA NUMBER INDIA.S NO1 WEBSITE TTA FIX FIX FIX MATKA GURU INDIA MATKA KALYAN CHART MATKA GUESSING KALYAN FIX OPEN FINAL 3 ANK SATTAMATKA143 GUESSING SATTA BATTA MATKA FIX NUMBER TODAY WAPKA FIX AAPKA FIX FIX FIX FIX SATTA GURU NUMBER SATTA MATKA MATKA143 SATTA SATTA SATTA MATKA SATTAMATKA1438 FIX MATKA MATKA BOSS SATTA LIVE 3MATKA 143 FIX FIX FIX KALYAN JODI MATKA KALYAN FIX FIX WAP MATKA BOSS440 SATTA MATKA FIX FIX MATKA NUMBER SATTA MATKA FIXMATKANUMBER FIX MATKA MATKA RESULT FIX MATKA NUMBER FREE DAILY FIX MATKA NUMBER FIX FIX MATKA JODI SATTA MATKA FIX ANK MATKA ANK FIX KALYAN MUMBAI MATKA NUMBER FIXMATKANUMBER SATTA NUMBER FAST MATKA RESULT SATTA BATTA INDIAN SATTA SATTA RESULT MADHUR SATTA PRABHAT SATTA FIX FIX FIX SATTA NUMBER SATTAKING143 GUESSING SATTA CHART KALYAN PENAL CHART MATKA420 SATTA GUESSING NUMBER KALYAN NIGHT CHART SATTA FIX FIX FIX SATTA NUMBER FIX FIX FIX OPEN FIX FIX WAPKA MATKA DPBOSS FIX FIX 3ANK MATKA KALYAN CHART MATKA GUESSING TARA MATKA FIX FIXMATKANUMBER FINAL ANK MATKABOSS DUBAI SATTA MATKA GOLDEN MATKA FIX FIX MATKA NUMBER FIX MATKANUMBER FIX FIX FIX MATKA NUMBER FIX MATKANUMBER FIX SATTAMATKA FIXMATKANUMBER SATTA MATKA ALL SATTA MATKA FREE GAME KALYAN MATKA TIPS KAPIL MATKA GAME SATTA MATKA KALYAN GAME DAILY FREE 4 ANK ALL MARKET PUBLIC SEVA SATTA FIX FIX FIX MATKA GURU INDIA MATKA KALYAN CHART MATKA GUESSING KALYAN FIX OPEN FINAL 3 ANK SATTAMATKA143 GUESSING SATTA BATTA MATKA FIX NUMBER TODAY WAPKA FIX AAPKA FIX FIX FIX FIX SATTA GURU NUMBER SATTA MATKA MATKA143 SATTA SATTA SATTA MATKA SATTAMATKA1438 FIX MATKA MATKA BOSS SATTA LIVE 3MATKA 143 FIX FIX FIX KALYAN JODI MATKA KALYAN FIX FIX WAP MATKA BOSS440 SATTA MATKA FIX FIX MATKA NUMBER SATTA MATKA FIXMATKANUMBER FIX MATKA MATKA RESULT FIX MATKA NUMBER FREE DAILY FIX MATKA NUMBER FIX FIX MATKA JODI SATTA MATKA FIX ANK MATKA ANK FIX KALYAN MUMBAI MATKA NUMBER FIXMATKANUMBER SATTA NUMBER FAST MATKA RESULT SATTA BATTA INDIAN SATTA SATTA RESULT MADHUR SATTA PRABHAT SATTA FIX FIX FIX SATTA NUMBER SATTAKING143 GUESSING SATTA CHART KALYAN PENAL CHART MATKA420 SATTA GUESSING NUMBER KALYAN NIGHT CHART SATTA FIX FIX FIX SATTA NUMBER FIX FIX FIX OPEN FIX FIX WAPKA MATKA DPBOSS FIX FIX 3ANK MATKA KALYAN CHART MATKA GUESSING TARA MATKA FIX FIXMATKANUMBER FINAL ANK MATKABOSS DUBAI SATTA MATKA GOLDEN MATKA WAPKA.FIX FIX FIX
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Satta Matta Matka KALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA.COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
KALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA.COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka GuessingKALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA.COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
A Brief Introduction About Hanying Chen_Hanying Chen
Vancouver-based artist Hanying Chen boasts extensive skills in writing, directing, producing, and singing, reflecting her diverse talents in the performing arts. As she looks ahead, Hanying is driven to craft a fulfilling career path that harmonizes with her deep passion for artistic expression. In the coming years, she envisions cultivating a balanced life, blending her professional aspirations with her desire to foster meaningful connections in her vibrant urban community.
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
KALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA.COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
➒➌➍➑➊➑➏➍➋➒ Satta Matka Satta result marka result
Satta Matka Satta result marka result Dpboss sattamatka341 satta143 Satta Matka Sattamatka New Mumbai Ratan Satta Matka Fast Matka Milan Market Kalyan Matka Results Satta Game Matka Game Satta Matka Kalyan Satta Matka Mumbai Main Online Matka Results Satta Matka Tips Milan Chart Satta Matka Boss
New Star Day Satta King Live Satta Matka Results Satta Matka Company Indian Matka Satta Matka Kalyan Night Matka
➒➌➍➑➊➑➏➍➋➒ Satta Matka Satta result marka result
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA | MATKA RESULT | KALYAN MATKA TIPS | SATTA MATKA | MATKA.COM | MATKA PANA JODI TODAY | BATTA SATKA | MATKA PATTI JODI NUMBER | MATKA RESULTS | MATKA CHART | MATKA JODI | SATTA COM | FULL RATE GAME | MATKA GAME | MATKA WAPKA | ALL MATKA RESULT LIVE ONLINE | MATKA RESULT | KALYAN MATKA RESULT | DPBOSS MATKA 143 | MAIN MATKA
2. 2
As people and organizations adopt cloud services, Cloud Access Security Brokers
(CASBs) have become a must-have for any information security team. CASBs provide
critical capabilities such as governing access and activities in sanctioned and
unsanctioned cloud services, securing sensitive data and preventing its loss, and
protecting against internal and external threats. In short, CASBs enable organizations
to extend their information protection policies and programs from their on-premises
infrastructure and applications to the cloud. For organizations that are considering
deploying CASB, it’s useful to consider the specific use cases they’re likely to
address within these broad topic areas as they inform functional and architectural
requirements.
Here’s a list of the 20 most common CASB use cases.
3. 3
Govern access to Office 365
and other cloud services by
device ownership class
Monitor privileged accounts
and prevent unauthorized
activity in IaaS instances
Monitor or control users’
activities within Collaboration
or Social Media without
blocking those services
Monitor or control advanced
or cross-service activities in
real time
Protect against password
email abuse
Monitor or control users’
activities even when they are
accessing cloud services from
a mobile or desktop app or
sync client
Prevent data exfiltration from an
IT-led to any cloud service
Enforce different policies
for personal and corporate
instances of the same cloud
service
Monitor sensitive data in
Amazon S3 buckets
Enforce an activity- or data-
level policy across a category of
cloud services
Enforce conditional activity-
level policies
Enforce layered policies
that include a “base” and
“exception” policy
Apply encryption based on
conditional factors
Find and protect sensitive data
embedded in images
Block or remediate malware
in IT-led and en route to/from
business-led cloud services
Detect and alert on user login
anomalies
Detect anomalies such as
excessive downloads, uploads,
or sharing within both IT-led and
business-led services
Block and quarantine zero-day
malware in the cloud
Recover from cloud-based
ransomware infections
Prevent data infiltration involving
new employees
GOVERN USAGE
..........................7 ................6
............................................15
....................4
.......................9 ....................................................5
...............................8
.........................16
.....................................10
........................................12
................................13
..............................14
...........................18
..........................19
......................20
...................................21
.......................11
................................................17
.........................................22
..........................................23
SECURE DATA PROTECT AGAINST
THREATS
4. 4
SECURE DATA
Prevent data
exfiltration from
an IT-led to any
cloud service
For example, prevent the download
of confidential content from a
corporate-IT-led service such as
Salesforce, Box, or even AWS S3
to a personal Dropbox or other file
sharing service
Functional Requirements
▸
▸ See and control usage in both IT-led and business-led
services
▸
▸ Detect sensitive data, e.g., “confidential”
▸
▸ Identify all unique content in motion and track its
movement
▸
▸ Be aware of context, e.g., activities such as “upload”
and “download”
▸
▸ Correlate users’ identities (e.g., bob@netskope.com =
bob123@yahoo.com = bobaran@gmail.com)
▸
▸ Differentiate between internal and external domains
▸
▸ Know corporate vs. personal accounts
▸
▸ Recognize and enforce differing policies between
service instances, e.g., corporate and personal
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
▸
▸ Surface data exfiltration activities in a user interface
that is easy to understand
Deployment Requirements
▸
▸ Forward proxy (monitor and control)
1
5. 5
SECURE DATA
Enforce different
policies for
personal and
corporate
instances of
the same cloud
service
For example, prevent the upload of
regulated information (such as that
beholden to FISMA, NERC, or PCI) to any
Dropbox EXCEPT for the corporate- IT-
led instance of Dropbox
Functional Requirements
▸
▸ Detect sensitive data, e.g., data beholden to
FISMA, NERC, or PCI
▸
▸ Be aware of context, e.g., activities such as
“upload” and “download”
▸
▸ Know corporate vs. personal accounts
▸
▸ Recognize and enforce differing policies
between service instances, e.g., corporate and
personal
▸
▸ See and control usage in both IT-led and
business-led services
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy (monitor and control)
2
6. 6
PROTECT AGAINST THREATS
Block or
remediate
malware in IT-led
and en route to/
from business-led
cloud services
For example, detect, quarantine, and
block malware being downloaded from
any cloud service in real time
Functional Requirements
▸
▸ Inspect, detect, block, and remediate malware
in IT-led cloud services
▸
▸ Inspect, detect, block, and remediate malware
en route to/from business-led cloud services
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
3
7. 7
GOVERN USAGE
Functional Requirements
▸
▸ Understand different authentication protocols
and federated identity across Office 365 and
other cloud services
▸
▸ Enforce access and activity policies based on
device attributes, including classification of
“managed” and “unmanaged”
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction (for forward proxy)
Deployment Requirements
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Govern access
to Office 365
and other cloud
services by device
ownership class
For example, offer web-based email
access only to a BYOD device but full
suite access to a corporate one
4
8. 8
SECURE DATA
Monitor sensitive
data in Amazon
S3 buckets
For example, alert when PCI data is
discovered in AWS S3 buckets
Functional Requirements
▸
▸ Cloud DLP that can scan S3 buckets
▸
▸ Specify all or individual S3 buckets
▸
▸ Incident management workflow
Deployment Requirements
▸
▸ API (IT-led only)
5
9. 9
GOVERN USAGE
Monitor
privileged
accounts
and prevent
unauthorized
activity in IaaS
instances
For example, disallow creation,
edit, or delete of cloud instances,
“buckets,” or “clusters”
Functional Requirements
▸
▸ Be aware of context, e.g., activities such
as “create” and “edit” and objects such as
“instances” and “buckets”
▸
▸ Determine identity and control usage by user,
group, and other enterprise directory attributes
▸
▸ See and control usage in both IT-led and
business-led services
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Forward proxy
6
10. 10
SECURE DATA
Functional Requirements
▸
▸ Be aware of context, e.g., activities such as
“upload” and “download”
▸
▸ Correlate users’ identities (e.g., bob@netskope.
com = bob123@yahoo.com = bobaran@gmail.
com)
▸
▸ See and control usage in both IT-led and business-
led services
▸
▸ Integrate with enterprise directory to enforce
policies at a group or organizational unit level
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy
Enforce an
activity- or
data-level
policy across
a category of
cloud services
For example, block the download of
personally-identifiable information
(PII) from ANY HR service if the user
is outside of the HR team
7
11. 11
GOVERN USAGE
Functional Requirements
▸
▸ Integrate CASB with directory services to focus
policy on a specific group, e.g., Investment
Banking
▸
▸ Be aware of context, e.g., activities such as
“view,” “post,” and “create”
▸
▸ See and control usage in both IT-led and
business-led services
▸
▸ Detect data violations using advanced DLP
features including regular expressions, custom
keyword dictionaries, and Boolean operators to
focus on specific risky activities (e.g., for FINRA)
or to set policies for a specific group (e.g.,
Finance)
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy (monitor and control)
Monitor or
control users’
activities within
Collaboration
or Social Media
without blocking
those services
For example, block any financial employee
from posting “guarantee” or “recommend”
alongside a stock ticker or company name
on any Collaboration or Social Media
service like Slack or Twitter to comply
with FINRA and other regulations
8
12. 12
SECURE DATA
Functional Requirements
▸
▸ Be aware of context, e.g., activities such as “share”
▸
▸ See and control usage in both IT-led and business-
led services
▸
▸ Differentiate between internal and external domains
▸
▸ Enforce “set-it-once” policies across categories of
services
▸
▸ Detect and enforce policies by IP address, network
location, or geolocation
▸
▸ Integrate with enterprise directory to enforce
policies at a group or organizational unit level
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Enforce
conditional
activity-level
policies
For example, block the sharing
of content by a corporate
‘insider’ with anyone outside
of the organization from ANY
Cloud Storage service if it is the
organization’s financial reporting
quiet period
9
13. 13
SECURE DATA
Functional Requirements
▸
▸ Support for policies with “allow” and “block”
actions
▸
▸ Support for category-level policies
▸
▸ Differentiate between instances of cloud
services
Deployment Requirements
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Enforce layered
policies that
include a “base”
and “exception”
policy
For example, prevent the upload
of confidential data to ANY Cloud
Storage service except corporate IT-
led Google Drive
10
14. 14
SECURE DATA
Functional Requirements
▸
▸ Be aware of context, e.g., activities such as “upload”
▸
▸ See and control usage in both IT-led and business-
led services
▸
▸ Apply strong encryption to sensitive content with
enterprise key management
▸
▸ Integrate with KMIP-compliant, on-premises key
manager
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Apply
encryption
based on
conditional
factors
For example, apply strong
encryption with enterprise key
management to confidential
intellectual property such as next-
generation product designs
11
15. 15
PROTECT AGAINST THREATS
Functional Requirements
▸
▸ Correlate users’ identities (e.g., bob@netskope.com
= bob123@yahoo.com = bobaran@gmail.com)
▸
▸ See usage in both IT-led and business-led services
▸
▸ Use machine learning to detect cloud behavior
anomalies
▸
▸ Detect IP addresses, network location, or geo-
location
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Reverse proxy (IT-led only, browser only)
▸
▸ Forward proxy
Detect and
alert on
user login
anomalies
For example, detect users logging
into a cloud service from two
different locations with the
same credentials, indicating a
potentially compromised account
12
16. 16
PROTECT AGAINST THREATS
Functional Requirements
▸
▸ Be aware of context, e.g., activities such as
“download” and “share”
▸
▸ See and control usage in both IT-led and business-
led services
▸
▸ Use machine learning and rules to detect anomalies
that could signal risky behavior, non-compliance,
data exposure, or even malware
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Detect anomalies
such as excessive
downloads,
uploads, or
sharing within
both IT-led and
business-led
services
For example, detect excessive
download of sensitive customer
data from Salesforce
13
17. 17
GOVERN USAGE
Functional Requirements
▸
▸ Be aware of context, e.g., activities such as
“edit,” “sync,” and “save”
▸
▸ See and control usage in both IT-led and
business-led (including ecosystem) apps
▸
▸ Identify and control integration with ecosystem
services
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy (monitor and control)
17
Monitor
or control
advanced or
cross-service
activities in
real time
For example, “Edit in Box,”
“Save to Dropbox” from Slack,
or enforce which services can
integrate and share data with
your G Suite
14
18. 18
PROTECT AGAINST THREATS
Functional Requirements
▸
▸ Cloud DLP with OCR (Optical Character
Recognition) capability
▸
▸ Ability to scan IT-led cloud services with OCR-
supported cloud DLP
▸
▸ Ability to apply OCR to cloud traffic to and from
business-led cloud services
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Find and
protect
sensitive data
embedded in
images
For example, find and stop patient
data embedded in an x-ray image
being uploaded to a personal
cloud servicecloud service
15
19. 19
PROTECT AGAINST THREATS
Functional Requirements
▸
▸ Support for cloud-based inspection with
dynamic analysis using a cloud-based sandbox
▸
▸ Support for multiple threat intelligence
mechanisms including external and internal
▸
▸ Support quarantine workflows that are malware-
centric
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
Block and
quarantine
zero-day
malware in the
cloud
For example, detect and
quarantine new strains of malware
present in IT-led cloud services
and block this type of malware en
route to and from business-led
cloud services
16
20. 20
PROTECT AGAINST THREATS
Functional Requirements
▸
▸ Use 70 different signals to identify unauthorized
encryption
▸
▸ Integration with cloud storage apps like
OneDrive to enable “roll-back” functionality
▸
▸ A streamlined UI to enable an intuitive workflow
for rolling back infected content to pre-infected
state
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸
Recover from
cloud-based
ransomware
infections
For example, alert when a
ransomware infection has taken
place and provide a seamless
workflow to recover from the
infection
17
21. 21
PROTECT AGAINST THREATS
Functional Requirements
▸
▸ Integrate “new employee” policy with enterprise
directory
▸
▸ Use custom keyword dictionary to delineate
sensitive competitor documents
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ API (IT-led only)
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
▸
▸
▸
▸
Prevent data
infiltration
involving new
employees
For example, block new employees
from uploading confidential data
from their previous employer to
their new company’s IT-led cloud
service
18
22. 22
GOVERN USAGE
Functional Requirements
▸
▸ Cloud DLP with custom keyword dictionaries to
incorporate any variation of keyword that may
signal that a password is being shared
▸
▸ Cloud DLP support for business-led webmail
accounts (hundreds)
▸
▸ Support for category-level policies with specific
support for webmail
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction
Deployment Requirements
▸
▸ Forward proxy
▸
▸ Reverse proxy (IT-led only, browser only)
▸
▸
▸
▸
Protect against
password email
abuse
For example, block passwords
being sent via any webmail app
19
23. 23
GOVERN USAGE
Functional Requirements
▸
▸ Inspect and control cloud traffic even when it
originates from a mobile or desktop app or sync
client
▸
▸ See and control usage in both IT-led and
business-led services
▸
▸ Enforce policy action such as block, coach, or
justify in real time
▸
▸ Decrypt SSL and decode the unpublished API to
understand the transaction (for forward proxy)
Deployment Requirements
▸
▸ Forward proxy (monitor and control)
▸
▸
▸
▸
Monitor or
control users’
activities
(even when they
are accessing cloud
services from a mobile
or desktop app or sync
client)
For any of the real-time use cases
that require a forward proxy,
support should be extended to
mobile apps, desktop apps, and
sync clients
20