Downloaded 76 times
Uploaded byBitglass
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
This document discusses securing cloud applications and data outside the traditional corporate firewall. It introduces Cloud Access Security Brokers (CASBs) as a better approach to cloud security compared to relying on native security features. CASBs provide identity management, discovery of cloud application usage, data-centric security, and mobile security. The document also shares examples of how CASBs help secure Office 365, Google Apps, and enable secure BYOD usage.
More Related Content
Similar to Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
- 1. webinar apr 26 2016 beyond the firewall:securing the cloud with a CASB
- 2. cloud and mobileare inseparable... saas driving corporate data outside the firewall.
- 3. security must evolve toprotect data outside the firewall ungoverned access to corporate data in the cloud hidden Shadow IT threats sensitive data on unmanaged devices
- 4. the traditional approach to securityis inadequate
- 5. native security featurescan’t be relied upon the data blind spot components usage/consumption data application services servers & storage network layer data application infrastructure owner enterprise
- 6. CASB: a better approach to cloudsecurity identity discovery data-centric security mobile
- 7. poll what are yourcasb deployment plans?
- 8. casb discovery gain visibilityinto your org’s cloud usage ■ analyze outbound data flows to learn what SaaS apps your organization is using ■ understand risk profiles of different apps ■ essential in process of enabling secure cloud app usage
- 9. casb security a data-centricapproach the new data reality requires a new security architecture ■ cross-device, cross-platform agentless data protection ■ granular DLP for data at rest and in motion ■ contextual access control ■ detailed logging for compliance and audit
- 10. mobile security cannotbe overlooked protect data across all devices, managed and unmanaged ■ demand for byod continues to rise ■ employees have rejected mdm and mam ■ IT must securely enable access to frequently used apps
- 11. casb identity centralized identitymanagement is key in securing data ■ cloud app identity management should maintain the best practices of on-prem identity ■ limit potential breaches with contextual multi-factor auth for high risk logins
- 12. managed devices application access accesscontrol data protection unmanaged devices / byod in the cloud Forward Proxy ActiveSync Proxy Device Profile: Pass ● Email ● Browser ● OneDrive Sync ● Full Access Reverse Proxy + AJAX VM ActiveSync Proxy ● DLP/DRM/encryption ● Device controls API Control External Sharing Blocked ● Block external shares ● Alert on DLP events Device Profile: Fail ● Mobile Email ● Browser ● Contextual multi-factor auth typical use case only CASB with real-time data protection on any device
- 13. poll what are yourtop cloud security needs?
- 14.
- 15. secure office 365 + byod client ■35,000 employees globally challenge ■ Inadequate native O365 security ■ Controlled access from any device ■ Limit external sharing ■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS solution ■ Real-time data visibility and control ■ DLP policy enforcement at upload or download ■ Quarantine externally-shared sensitive files in cloud ■ Controlled unmanaged device access fortune 50 healthcare firm
- 16. client ■ 15,000 employeesin 190+ locations globally challenge ■ Mitigate risks of Google Apps adoption ■ Prevent sensitive data from being stored in the cloud ■ Limit data access based on device risk level ■ Govern external sharing solution ■ Inline data protection for unmanaged devices/BYOD ■ Bidirectional DLP ■ Real-time sharing control secure google apps + byod business data giant
- 17. client ■ 8000 employees ■s&p 500 challenge ■ Lack of adherence to BYOD security measures ■ Failed MobileIron and SAP Afaria deployments solution ■ Bitglass Agentless – device / OS independent ■ Fast deployment ■ Logging for compliance with internal data security policies ■ Seamless integration with ActiveDirectory fortune 500 beverage co. byod security
- 18.
- 19. resources more info aboutcloud security ■ definitive guide to casbs ■ case study: fortune 100 healthcare firm secures o365 ■ glass class: cloud security priorities for 2016
- 20. download the gartnermarket guide to casbs with predictions and recommendations, the market guide is an essential resource for formulating your CASB strategy download the report
- 21.
Editor's Notes
- #3 but in building out our product, we realized that mobile security is also cloud security.
- #5 The old approach to the problem is to secure the infrastructure. Historically this has been where the spend for large organizations has been. Secure your network, put agents on every trusted device to manage the device etc. Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday. Malware Mondays! Issues with this approach - cumbersome. expensive to administer since you have to manage every device and network. And usability is poor too, especially when it comes to mdm One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
- #6 When talking to potential customers, sometimes this comes up. Aren’t cloud vendors already protecting their apps with native security features? Very simple framework for thinking about this. WSJ test.
- #7 we think CASBs provide a better approach to cloud security. It starts with discovery.
- #8 CASB deployment plans? Already deployed Plan to deploy in 2016 Plan to deploy beyond 2016 No plans to deploy What is a CASB?
- #9 MIKE
- #10 MIKE
- #11 MIKE “By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner Inseparable
- #12 MIKE
- #13 MIKE
- #14 What are your top cloud security needs? Discover unknown cloud apps and exfiltration Control access Enable secure BYOD Prevent hacked user accounts
- #15 we have three data protection solutions, cloud, mobile, and discovery
- #16 MIKE Competition: Skyhigh, Netskope, Adallom
- #17 MIKE Competition: Skyhigh, Netskope, Cloudlock, Elastica/Bluecoat
- #18 MIKE Competition: AirWatch/VMWare
- #19 in: CA, NY, MA, IL, N MIKE Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms