A look at the challenges faced by BCBST as they migrated to cloud and solving those challenges with the Bitglass CASB.

1. CASB Journey to
Secure the Cloud
Webinar
Mar 14, 2018

2. Introduction
2
Michael Payne
Cyber Security Solutions Architect
BlueCross BlueShield of Tennessee, Inc.,
An independent Licensee of Blue Cross Blue Shield Association
https://www.linkedin.com/in/michael-payne-01805519/
∗∗The viewpoints expressed are solely those of the author(s) and do not reflect those of the company or Association.
∗∗ Bitglass is independent of BlueCross BlueShield and the services provided are through the Bitglass Product.

3. Problem
3
● BCBS TN uses WorkDay as finance automation
backbone for HR, ERP, procurement
● Users access Workday from managed and
unmanaged devices
● Finance and accounting professionals need full
access on managed devices
● Downloading and uploading of files into the
WorkDay environment, e.g. home PC, Hotel Kiosk,
etc.
● Compliance and security concerns!

4. BCBS of Tennessee CASB Requirements
4
● Transparent to user
● Enforcement of access control rules driven by AD
● Full access for privileged uses on managed devices
● Controlled access with real-time DLP on unmanaged devices
● DLP for PCI & HIPAA Compliance
● Encryption of sensitive data on upload/download
● Extensibility to Tableau, AgileOne, custom apps, more

5. Selection Process
5
Points of interest
● Evaluated several CASB vendors
● Lots of marketing noise
● Can a vendor POC marketing claims?
● Vendor selection hinged on ability to demonstrate
claims on our requirements
5
vendors

6. Technology
6
Vendors scored based on technology and use cases
● Only one vendor at the time of POC was able to
satisfy the critical use case of unmanaged devices,
i.e. home PC, Hotel Kiosk 1
vendor

7. Why Bitglass Won
7
Winning Components
● Reverse proxy (Elimination of agent installs/Redirection)
● Active Directory enforcement
● Integration with existing 2-factor solution
● Encryption on Download
● Real-time inspection on Upload from any device
● Capability for Cloud Encryption
● Managed and Unmanaged devices
● Low complexity, unified interface
● Elimination of upgrades with a cloud-based solution
● Reporting and Behavioral Analytics
● End User Experience

8. Poll:
Which of the
following is the
biggest blind
spot for your
org today?

9. The Only Next-Gen CASB
Zero-day data & threat protection
for any app, any device, anywhere
9
Solution

10. Agentless deployment,
any device
Real-time data protection,
anywhere
Zero-day security,
any app or workload
Only Bitglass
10
Global enterprise success via
sustained innovation and scale

11. Unmanaged DevicesManaged Devices
Zero-Day Control of any SaaS or Custom App
Major SaaS Long-tail SaaS Internal Apps →
11
Threat
Protection
Data
Protection
VisibilityIdentity
Zero-Day CoreTM
● Contextual access control
● DLP w/ adv. remediation
● Field and file encryption
● Known & Zero-day malware
protection
● Account hijack protection
● Integrated Single Sign-On (SSO)
● Step-up multi-factor auth
● Session management
● UEBA
● Policy-based remediation
Proxy + API
Agentless ProxyAgent/Agentless Proxy

12. Elastic
● Hosted globally on AWS
● Or your private cloud
High performance
● Auto-scaling and replication
● Global load balancing
Reliable
● Fully redundant architecture
● 24x7x365 global support
Bitglass Global Infrastructure
12

13. Total Data
Protection
13