4. 1: Stop Unauthorized Access with MFA and SSO
● Extend premises identity best practices to the cloud
● Track logins for compliance and audit
● Multifactor authentication is now table stakes
● Passwords have become ineffective – often leaked in
dark web data dumps
● Phone, email, or physical tokens greatly reduce
likelihood of unauthorized access
5. 2: Secure BYO Devices
● Sync/download to BYOD is biggest cloud security
challenge
● Must protect:
○ Flow of data to device
○ Data on device
● Must balance employee privacy and data security
6. 3: Stop Malware and Insider Threats
● Most cloud apps don’t have built-in malware protection
○ Signature-based malware no longer effective for new
threats
○ Cloud apps a convenient malware distribution
mechanism
● Unwanted user activity must be detected and stopped
○ Intra- and inter-cloud important
○ Proactive response (Step-up MFA, reauthenticate,
block access)
7. 4: Discover Unknown Cloud Apps
● Discover known and unknown applications
○ 95% of apps in use are not sanctioned by IT
○ New apps appear on a daily basis - signature-based
discovery no longer effective
● Take appropriate control
○ Sanction, Coach, Block, Read-only, Alert/Notify
8. 5: Plan for the Future
● Enterprises start with one/few cloud applications
○ Typically major SaaS (O365, Box, Salesforce,
AWS)
● Cloud footprint expands rapidly
○ Build security for current AND future needs
○ Keep in mind long-tail SaaS,
custom/packaged apps moving to IaaS
10. Unmanaged DevicesManaged Devices
How CASBs Work
Major SaaS Long-tail SaaS Internal Apps →
Threat
Protection
Data
Protection
VisibilityIdentity
Zero-Day CoreTM
● Contextual access control
● DLP w/ adv. remediation
● Field and file encryption
● Known & Zero-day malware
protection
● Account hijack protection
● Integrated Single Sign-On (SSO)
● Step-up multi-factor auth
● Session management
● UEBA
● Policy-based remediation
Proxy + API
Agentless ProxyAgent/Agentless Proxy
10
11. Over 900 physicians; leading Bay Area non-profit
Challenges
■ Inadequate native O365 security
■ PHI leakage from unmanaged devices
■ Agent-based CASB competitors and AirWatch failed to
deploy
Solution
■ Distinguish between managed and unmanaged devices
■ Limit PHI access from risky unmanaged assets
■ Real-time DLP prevents data leakage on download
■ Readily deployable to all mobile devices, managed and
unmanaged
12. Over 20,000 students and 3,000 faculty members
Challenges
■ Cloud deployment met with security concerns around
intellectual property, research, and health data
■ Unmanaged device access controls
■ Compliance requirements including HIPAA and FERPA
Solution
■ Granular DLP policies to identify and secure PHI
■ Regular scans for zero-day malware in the cloud
■ Distinguish between managed and unmanaged devices
■ Technical safeguards for HIPAA compliance at
Feinberg School of Medicine
13. Agentless deployment,
any device
Real-time data protection,
anywhere
Zero-day security,
any app or workload
Only Bitglass
13
Global enterprise success via
sustained innovation and scale
We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.
Already adopted
Budgeted for 2018
Planned for beyond 2018
What’s a CASB?
Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500.
Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices.
After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices
Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business.
Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500.
Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices.
After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices
Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business.
Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
Bitglass is uniquely capable of protecting any application and any workload – from SaaS and IaaS to premises apps like Microsoft Exchange.
Unlike cumbersome deployments for some security solutions, Bitglass is easy to deploy on any device – managed or unmanaged. With no agents to install, Bitglass protects BYO devices, managed assets, and everything in between with ease.
Real-time data protection works everywhere, whether you’re in the office, out at a Starbucks, or at home. The same visibility, controls, and protections apply.
We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.