CASBs: Critical Capabilities - in partnership with ISC(2)
•Download as PPTX, PDF•
1 like•608 views
This document discusses cloud access security brokers (CASBs) and their capabilities. It notes that traditional security approaches are inadequate for protecting data outside the firewall. CASBs take a data-centric approach, gaining visibility into cloud usage and providing granular data loss prevention, access control, and mobile security across devices. The document promotes a specific CASB vendor, highlighting their solutions for discovery, data protection, and access control in cloud applications and on mobile devices. It claims this vendor is the only CASB that can provide real-time inline data protection on any device.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (16)
Similar to CASBs: Critical Capabilities - in partnership with ISC(2)
Similar to CASBs: Critical Capabilities - in partnership with ISC(2) (20)
More from Bitglass
More from Bitglass (12)
Recently uploaded
Recently uploaded (20)
CASBs: Critical Capabilities - in partnership with ISC(2)
- 1. webinar mar 10 2016 cloud access security brokers: critical capabilities
- 2. ■ challenges ■ what is a casb ■ about us
- 3. STORYBOAR the traditional approach to security is inadequate
- 4. STORYBOAR native security features can’t be relied upon: the data blind spot components usage/consumption data application services servers & storage network layer data application infrastructure owner enterprise
- 5. STORYBOAR security must evolve to protect data outside the firewall cloud: attack on SaaS vendor risks sensitive data access: uncontrolled access from any device network: data breach - exfiltration & Shadow IT mobile: lost device with sensitive data 5
- 6. ■ challenges ■ what is a casb ■ about us
- 7. STORYBOAR CASB: a better approach to cloud security identity discovery data-centric security mobile
- 8. STORYBOAR casb discovery: gain visibility into your org’s cloud usage ■ analyze outbound data flows to learn what SaaS apps your organization is using ■ understand risk profiles of different apps ■ essential in process of enabling secure cloud app usage
- 9. STORYBOAR casb security: a data-centric approach the new data reality requires a new security architecture ■ cross-device, cross-platform agentless data protection ■ granular DLP for data at rest and in motion ■ contextual access control ■ detailed logging for compliance and audit
- 10. STORYBOAR mobile security cannot be overlooked: protect data across all devices, managed and unmanaged ■ demand for byod continues to rise ■ employees have rejected mdm and mam ■ IT must securely enable access to frequently used apps
- 11. STORYBOAR casb identity: centralized identity management is key in securing data ■ cloud app identity management should maintain the best practices of on-prem identity ■ limit potential breaches with contextual multi-factor auth for high risk logins
- 12. STORYBOAR managed devices application access access control data protection unmanaged devices / byod in the cloud Forward Proxy ActiveSync Proxy Device Profile: Pass ● Email ● Browser ● OneDrive Sync ● Full Access Reverse Proxy + AJAX VM ActiveSync Proxy ● DLP/DRM/encryption ● Device controls API Control External Sharing Blocked ● Block external shares ● Alert on DLP events Device Profile: Fail ● Mobile Email ● Browser ● Contextual multi-factor auth typical use case: only CASB with real-time data protection on any device
- 13. STORYBOAR fortune 50 conglomerate use case: ■ office 365 access control why bitglass: ■ controlled access from any device (ajax-vm) ■ transparent deployment ■ 30,000 employees ■ 100s of locations globally
- 14. ■ challenges ■ what is a casb ■ about us
- 17. STORYBOAR Data Exfiltration (Malware hosts, TOR, Phishing…) Integrated Identity & SSO Mobile Security ActiveSync Proxy Visibility & Control: Data-at-rest API integration Data Protection Watermarking, Encryption, DLP, DRM Access Control Forward Proxy Reverse Proxy + AJAX-VM Cloud Encryption ShadowIT Access Control SAML Proxy the only casb with real-time inline data protection on any device out of band in band
- 19. resources: more info about cloud security ■ definitive guide to casbs ■ bitglass report: project cumulus ■ glass class: cloud security priorities for 2016
- 20. download the gartner market guide to casbs with predictions and recommendations, the market guide is an essential resource for formulating your CASB strategy download the report
Editor's Notes
- The old approach to the problem is to secure the infrastructure. Historically this has been where the spend for large organizations has been. Secure your network, put agents on every trusted device to manage the device etc. Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday. Malware Mondays! Issues with this approach - cumbersome. expensive to administer since you have to manage every device and network. And usability is poor too, especially when it comes to mdm One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot
- When talking to potential customers, sometimes this comes up. Aren’t cloud vendors already protecting their apps with native security features? Very simple framework for thinking about this. WSJ test.
- we think CASBs provide a better approach to cloud security. It starts with discovery.
- “By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner Inseparable
- in: CA, NY, MA, IL, N Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms
- we have three data protection solutions, cloud, mobile, and discovery
- Global Manufacturer - Secure collaboration via cloud apps Why Bitglass? Ease of use Document tracking, DLP Pharmaceutical Company - Secure intellectual property in the cloud, at access and on device Why Bitglass? Visibility and protection, data tracking Low deployment overhead Large Healthcare Organization - HIPAA compliant mobile email Why Bitglass? DLP on BYOD, no S/W agents Bitglass team responsiveness Financial Services - Compliance & Security for customer data on Salesforce.com Why Bitglass? Full-strength data-at-rest encryption Robust to app updates