Bitglass Webinar - 5 Cloud Security Best Practices for 2018
•Download as PPTX, PDF•
1 like•424 views
In this webinar, we explore five must-haves for organizations looking to secure their corporate data in a cloud environment.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Similar to Bitglass Webinar - 5 Cloud Security Best Practices for 2018 (20)
More from Bitglass
More from Bitglass (12)
Recently uploaded
Recently uploaded (20)
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
- 2. The Evolving Cloud Landscape First-Gen Security Next-Gen Security Head: ~10 apps Long tail: 20,000 apps
- 3. Poll: Which of the following is your biggest cloud security concern?
- 4. 1: Stop Unauthorized Access with MFA and SSO ● Extend premises identity best practices to the cloud ● Track logins for compliance and audit ● Multifactor authentication is now table stakes ● Passwords have become ineffective – often leaked in dark web data dumps ● Phone, email, or physical tokens greatly reduce likelihood of unauthorized access
- 5. 2: Secure BYO Devices ● Sync/download to BYOD is biggest cloud security challenge ● Must protect: ○ Flow of data to device ○ Data on device ● Must balance employee privacy and data security
- 6. 3: Stop Malware and Insider Threats ● Most cloud apps don’t have built-in malware protection ○ Signature-based malware no longer effective for new threats ○ Cloud apps a convenient malware distribution mechanism ● Unwanted user activity must be detected and stopped ○ Intra- and inter-cloud important ○ Proactive response (Step-up MFA, reauthenticate, block access)
- 7. 4: Discover Unknown Cloud Apps ● Discover known and unknown applications ○ 95% of apps in use are not sanctioned by IT ○ New apps appear on a daily basis - signature-based discovery no longer effective ● Take appropriate control ○ Sanction, Coach, Block, Read-only, Alert/Notify
- 8. 5: Plan for the Future ● Enterprises start with one/few cloud applications ○ Typically major SaaS (O365, Box, Salesforce, AWS) ● Cloud footprint expands rapidly ○ Build security for current AND future needs ○ Keep in mind long-tail SaaS, custom/packaged apps moving to IaaS
- 9. Poll: What are your CASB adoption plans?
- 10. Unmanaged DevicesManaged Devices How CASBs Work Major SaaS Long-tail SaaS Internal Apps → Threat Protection Data Protection VisibilityIdentity Zero-Day CoreTM ● Contextual access control ● DLP w/ adv. remediation ● Field and file encryption ● Known & Zero-day malware protection ● Account hijack protection ● Integrated Single Sign-On (SSO) ● Step-up multi-factor auth ● Session management ● UEBA ● Policy-based remediation Proxy + API Agentless ProxyAgent/Agentless Proxy 10
- 11. Over 900 physicians; leading Bay Area non-profit Challenges ■ Inadequate native O365 security ■ PHI leakage from unmanaged devices ■ Agent-based CASB competitors and AirWatch failed to deploy Solution ■ Distinguish between managed and unmanaged devices ■ Limit PHI access from risky unmanaged assets ■ Real-time DLP prevents data leakage on download ■ Readily deployable to all mobile devices, managed and unmanaged
- 12. Over 20,000 students and 3,000 faculty members Challenges ■ Cloud deployment met with security concerns around intellectual property, research, and health data ■ Unmanaged device access controls ■ Compliance requirements including HIPAA and FERPA Solution ■ Granular DLP policies to identify and secure PHI ■ Regular scans for zero-day malware in the cloud ■ Distinguish between managed and unmanaged devices ■ Technical safeguards for HIPAA compliance at Feinberg School of Medicine
- 13. Agentless deployment, any device Real-time data protection, anywhere Zero-day security, any app or workload Only Bitglass 13 Global enterprise success via sustained innovation and scale
Editor's Notes
- We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.
- Credential compromise BYOD access Malicious insiders External sharing Malware proliferation via cloud
- Already adopted Budgeted for 2018 Planned for beyond 2018 What’s a CASB?
- Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500. Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices. After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business. Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
- Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500. Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices. After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business. Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
- Bitglass is uniquely capable of protecting any application and any workload – from SaaS and IaaS to premises apps like Microsoft Exchange. Unlike cumbersome deployments for some security solutions, Bitglass is easy to deploy on any device – managed or unmanaged. With no agents to install, Bitglass protects BYO devices, managed assets, and everything in between with ease. Real-time data protection works everywhere, whether you’re in the office, out at a Starbucks, or at home. The same visibility, controls, and protections apply.
- We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.