Uploaded byBitglass
Bitglass Webinar - Top 6 CASB Use Cases
This document discusses the top 6 use cases for cloud access security broker (CASB) technology: 1) Prevent data loss with data loss prevention policies; 2) Control access from unmanaged devices; 3) Stop cloud malware and ransomware; 4) Limit risky external sharing; 5) Securely authenticate users; and 6) Control unsanctioned app usage. It provides examples of how CASBs can address these use cases for two organizations - a large university and a non-profit healthcare organization - by distinguishing managed and unmanaged devices, limiting access to protected health information from risky devices, and regularly scanning cloud apps for malware.
More Related Content
Similar to Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use Cases
- 1. 6 Top CASB UseCases Webinar April 12
- 2. Cloud and mobileare beyond the firewall... Legacy Tech Firewall Premises DLP MDM SSL VPN Web Proxy Problem Data leakage & threat risk ...leaving legacy security technologies obsolete. Managed appsUnmanaged apps Managed devicesUnmanaged devices 2
- 3. Enterprise (CASB) End-user devices Visibility &analytics Data protection Identity & access control Application Storage Servers Network App vendor CASBs secure data across any cloud app
- 4. Poll: Which of the followingare you prioritizing in 2018?
- 5. 1: Prevent DataLoss with DLP ● Data-at-rest ○ Often high-risk or regulated information ● Data-in-transit ○ Control access with granular policies ○ Redact, encrypt, block, watermark, more
- 6. 2: Control Accessfrom Unmanaged Devices ● Sync/download to BYOD is biggest cloud security challenge ● Must protect: ○ Flow of data to device ○ Data on device ● Must balance employee privacy and data security
- 7. 3: Stop CloudMalware and Ransomware ● Most cloud apps don’t have built-in malware protection ○ Signature-based malware no longer effective for new threats ○ Cloud apps a convenient malware distribution mechanism ● Unwanted user activity must be detected and stopped ○ Intra- and inter-cloud important ○ Proactive response (Step-up MFA, reauthenticate, block access)
- 8. 4: Limit RiskyExternal Sharing ● Cloud apps enable and encourage sharing ● One-click shares outside the organization must be controlled ○ Visibility into who has access ○ Control over what data is shared
- 9. 5: Securely AuthenticateUsers ● Extend premises identity best practices to the cloud ● Track logins for compliance and audit ● Multifactor authentication is now table stakes ● Passwords have become ineffective – often leaked in dark web data dumps ● Phone, email, or physical tokens greatly reduce likelihood of unauthorized access
- 10. 6: Control UnsanctionedApp Usage ● Discover known and unknown applications ○ 95% of apps in use are not sanctioned by IT ○ New apps appear on a daily basis - signature- based discovery no longer effective ● Take appropriate control ○ Sanction, Coach, Block, Read-only, Alert/Notify
- 11. Poll: What are your CASBadoption plans?
- 12. Unmanaged DevicesManaged Devices HowCASBs Work Major SaaS Long-tail SaaS Internal Apps → Threat Protection Data Protection VisibilityIdentity Proxy + API Agentless ProxyAgent/Agentless Proxy 12
- 13. Reverse Proxy ● Unmanageddevice controls without agents Forward Proxy ● Managed device controls ActiveSync Proxy ● Secure email, calendar, etc on any mobile device ● Device-level security - wipe, encryption, PIN, etc API Controls ● Control external sharing, scan data-at-rest, and more How CASBs Work
- 14. Over 20,000 studentsand 3,000 faculty members Challenges ■ Cloud deployment met with security concerns around intellectual property, research, and health data ■ Unmanaged device access controls ■ Compliance requirements including HIPAA and FERPA Solution ■ Granular DLP policies to identify and secure PHI ■ Regular scans for zero-day malware in the cloud ■ Distinguish between managed and unmanaged devices ■ Technical safeguards for HIPAA compliance at Feinberg School of Medicine
- 15. Over 900 physicians;leading Bay Area non-profit Challenges ■ Inadequate native O365 security ■ PHI leakage from unmanaged devices ■ Agent-based CASB competitors and AirWatch failed to deploy Solution ■ Distinguish between managed and unmanaged devices ■ Limit PHI access from risky unmanaged assets ■ Real-time DLP prevents data leakage on download ■ Readily deployable to all mobile devices, managed and unmanaged
- 16. Agentless deployment, any device Real-timedata protection, anywhere Zero-day security, any app or workload Only Bitglass 16 Global enterprise success via sustained innovation and scale
- 17.
Editor's Notes
- #2 We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.
- #5 Identity management BYOD access controls Malware protection Improved cloud visibility
- #12 Already adopted Budgeted for 2018 Planned for beyond 2018 What’s a CASB?
- #15 Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500. Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices. After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business. Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
- #16 Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500. Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices. After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business. Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
- #17 Bitglass is uniquely capable of protecting any application and any workload – from SaaS and IaaS to premises apps like Microsoft Exchange. Unlike cumbersome deployments for some security solutions, Bitglass is easy to deploy on any device – managed or unmanaged. With no agents to install, Bitglass protects BYO devices, managed assets, and everything in between with ease. Real-time data protection works everywhere, whether you’re in the office, out at a Starbucks, or at home. The same visibility, controls, and protections apply.
- #18 We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.