Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
•Download as PPTX, PDF•
1 like•666 views
This document discusses securing cloud applications and data outside the traditional corporate firewall. It introduces Cloud Access Security Brokers (CASBs) as a better approach to cloud security compared to relying on native security features. CASBs provide identity management, discovery of cloud application usage, data-centric security, and mobile security. The document also shares examples of how CASBs help secure Office 365, Google Apps, and enable secure BYOD usage.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (6)
Similar to Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Similar to Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA) (20)
Recently uploaded
Recently uploaded (20)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
- 1. webinar apr 26 2016 beyond the firewall: securing the cloud with a CASB
- 2. cloud and mobile are inseparable... saas driving corporate data outside the firewall.
- 3. security must evolve to protect data outside the firewall ungoverned access to corporate data in the cloud hidden Shadow IT threats sensitive data on unmanaged devices
- 4. the traditional approach to security is inadequate
- 5. native security features can’t be relied upon the data blind spot components usage/consumption data application services servers & storage network layer data application infrastructure owner enterprise
- 6. CASB: a better approach to cloud security identity discovery data-centric security mobile
- 7. poll what are your casb deployment plans?
- 8. casb discovery gain visibility into your org’s cloud usage ■ analyze outbound data flows to learn what SaaS apps your organization is using ■ understand risk profiles of different apps ■ essential in process of enabling secure cloud app usage
- 9. casb security a data-centric approach the new data reality requires a new security architecture ■ cross-device, cross-platform agentless data protection ■ granular DLP for data at rest and in motion ■ contextual access control ■ detailed logging for compliance and audit
- 10. mobile security cannot be overlooked protect data across all devices, managed and unmanaged ■ demand for byod continues to rise ■ employees have rejected mdm and mam ■ IT must securely enable access to frequently used apps
- 11. casb identity centralized identity management is key in securing data ■ cloud app identity management should maintain the best practices of on-prem identity ■ limit potential breaches with contextual multi-factor auth for high risk logins
- 12. managed devices application access access control data protection unmanaged devices / byod in the cloud Forward Proxy ActiveSync Proxy Device Profile: Pass ● Email ● Browser ● OneDrive Sync ● Full Access Reverse Proxy + AJAX VM ActiveSync Proxy ● DLP/DRM/encryption ● Device controls API Control External Sharing Blocked ● Block external shares ● Alert on DLP events Device Profile: Fail ● Mobile Email ● Browser ● Contextual multi-factor auth typical use case only CASB with real-time data protection on any device
- 13. poll what are your top cloud security needs?
- 15. secure office 365 + byod client ■ 35,000 employees globally challenge ■ Inadequate native O365 security ■ Controlled access from any device ■ Limit external sharing ■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS solution ■ Real-time data visibility and control ■ DLP policy enforcement at upload or download ■ Quarantine externally-shared sensitive files in cloud ■ Controlled unmanaged device access fortune 50 healthcare firm
- 16. client ■ 15,000 employees in 190+ locations globally challenge ■ Mitigate risks of Google Apps adoption ■ Prevent sensitive data from being stored in the cloud ■ Limit data access based on device risk level ■ Govern external sharing solution ■ Inline data protection for unmanaged devices/BYOD ■ Bidirectional DLP ■ Real-time sharing control secure google apps + byod business data giant
- 17. client ■ 8000 employees ■ s&p 500 challenge ■ Lack of adherence to BYOD security measures ■ Failed MobileIron and SAP Afaria deployments solution ■ Bitglass Agentless – device / OS independent ■ Fast deployment ■ Logging for compliance with internal data security policies ■ Seamless integration with ActiveDirectory fortune 500 beverage co. byod security
- 19. resources more info about cloud security ■ definitive guide to casbs ■ case study: fortune 100 healthcare firm secures o365 ■ glass class: cloud security priorities for 2016
- 20. download the gartner market guide to casbs with predictions and recommendations, the market guide is an essential resource for formulating your CASB strategy download the report
Editor's Notes
- but in building out our product, we realized that mobile security is also cloud security.
- The old approach to the problem is to secure the infrastructure. Historically this has been where the spend for large organizations has been. Secure your network, put agents on every trusted device to manage the device etc. Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday. Malware Mondays! Issues with this approach - cumbersome. expensive to administer since you have to manage every device and network. And usability is poor too, especially when it comes to mdm One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
- When talking to potential customers, sometimes this comes up. Aren’t cloud vendors already protecting their apps with native security features? Very simple framework for thinking about this. WSJ test.
- we think CASBs provide a better approach to cloud security. It starts with discovery.
- CASB deployment plans? Already deployed Plan to deploy in 2016 Plan to deploy beyond 2016 No plans to deploy What is a CASB?
- MIKE
- MIKE
- MIKE “By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner Inseparable
- MIKE
- MIKE
- What are your top cloud security needs? Discover unknown cloud apps and exfiltration Control access Enable secure BYOD Prevent hacked user accounts
- we have three data protection solutions, cloud, mobile, and discovery
- MIKE Competition: Skyhigh, Netskope, Adallom
- MIKE Competition: Skyhigh, Netskope, Cloudlock, Elastica/Bluecoat
- MIKE Competition: AirWatch/VMWare
- in: CA, NY, MA, IL, N MIKE Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms