The document discusses the role and capabilities of Cloud Access Security Brokers (CASB) in securing data across various cloud applications and devices. It outlines the importance of data-centric security, identity management, and visibility into cloud usage, along with real-world use cases demonstrating how organizations implement CASBs to manage risks associated with cloud services and BYOD policies. Additionally, it highlights solutions provided by Bitglass, including data protection, controlled access, and integration with existing infrastructure.

1. webinar
august 10
2016
what is a CASB?

2. STORYBOARDS
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
CASBs secure data across any cloud app
app vendor

3. STORYBOARDS
CASB
capabilities
identity
discovery
data-centric
security
mobile

4. STORYBOARDS
casb security
a data-centric approach
■ Cloud data doesn’t exist only “in the cloud”
■ IT must protect data at access and on any
device
○ Granular DLP
○ Context-aware to distinguish between
users, device type, more
○ Device controls on mobile

5. STORYBOARDS
mobile security
cloud and mobile are inseparable
■ IT must enable secure access to cloud
apps from any device
■ BYOD poses a threat to data security due
to a lack of visibility and control after
download
■ CASBs accommodate user BYOD

6. STORYBOARD
how casb security works
reverse proxy
■ unmanaged device controls without agents
forward proxy
■ managed devices controls
activesync proxy
■ secure email, calendar, etc on any mobile device
■ device level security - wipe, encryption, PIN etc

7. STORYBOARDS
casb identity
centralized identity management is key in securing data
■ CASBs offer integrated identity
management across apps
■ Limit potential breaches with step-up
multifactor auth for high risk logins

8. STORYBOARDS
casb discovery
gain visibility into your org’s cloud usage
■ Identify unsanctioned apps in
use in your organization
○ Understand risk profiles of
these frequently used apps
■ Intelligent, time-saving alerts out
of the box

9. STORYBOARDS
managed
devices
application access access control data protection
unmanaged
devices / byod
in the cloud
Forward Proxy
ActiveSync Proxy
Device Profile: Pass
● Email
● Browser
● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VM
ActiveSync Proxy
● DLP/DRM/encryption
● Device controls
API Control External Sharing Blocked
● Block external shares
● Alert on DLP events
Device Profile: Fail
● Mobile Email
● Browser
● Contextual multi-factor auth
typical use case
hybrid CASBs provide real-time protection on any device

10. STORYBOARDS
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm

11. STORYBOARDS
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored
in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure
google
apps +
byod
business
data giant

12. STORYBOARDS
about
bitglass
total
data
protection est. jan
2013
100+
customer
s
tier 1
VCs

13. resources:
more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure O365

14. STORYBOARDS
bitglass.com
@bitglass