2. Introduction
2
Michael Payne
Cyber Security Solutions Architect
BlueCross BlueShield of Tennessee, Inc.,
An independent Licensee of Blue Cross Blue Shield Association
https://www.linkedin.com/in/michael-payne-01805519/
∗∗The viewpoints expressed are solely those of the author(s) and do not reflect those of the company or Association.
∗∗ Bitglass is independent of BlueCross BlueShield and the services provided are through the Bitglass Product.
3. Problem
3
● BCBS TN uses WorkDay as finance automation
backbone for HR, ERP, procurement
● Users access Workday from managed and
unmanaged devices
● Finance and accounting professionals need full
access on managed devices
● Downloading and uploading of files into the
WorkDay environment, e.g. home PC, Hotel Kiosk,
etc.
● Compliance and security concerns!
4. BCBS of Tennessee CASB Requirements
4
● Transparent to user
● Enforcement of access control rules driven by AD
● Full access for privileged uses on managed devices
● Controlled access with real-time DLP on unmanaged devices
● DLP for PCI & HIPAA Compliance
● Encryption of sensitive data on upload/download
● Extensibility to Tableau, AgileOne, custom apps, more
5. Selection Process
5
Points of interest
● Evaluated several CASB vendors
● Lots of marketing noise
● Can a vendor POC marketing claims?
● Vendor selection hinged on ability to demonstrate
claims on our requirements
5
vendors
6. Technology
6
Vendors scored based on technology and use cases
● Only one vendor at the time of POC was able to
satisfy the critical use case of unmanaged devices,
i.e. home PC, Hotel Kiosk 1
vendor
7. Why Bitglass Won
7
Winning Components
● Reverse proxy (Elimination of agent installs/Redirection)
● Active Directory enforcement
● Integration with existing 2-factor solution
● Encryption on Download
● Real-time inspection on Upload from any device
● Capability for Cloud Encryption
● Managed and Unmanaged devices
● Low complexity, unified interface
● Elimination of upgrades with a cloud-based solution
● Reporting and Behavioral Analytics
● End User Experience
9. The Only Next-Gen CASB
Zero-day data & threat protection
for any app, any device, anywhere
9
Solution
10. Agentless deployment,
any device
Real-time data protection,
anywhere
Zero-day security,
any app or workload
Only Bitglass
10
Global enterprise success via
sustained innovation and scale
11. Unmanaged DevicesManaged Devices
Zero-Day Control of any SaaS or Custom App
Major SaaS Long-tail SaaS Internal Apps →
11
Threat
Protection
Data
Protection
VisibilityIdentity
Zero-Day CoreTM
● Contextual access control
● DLP w/ adv. remediation
● Field and file encryption
● Known & Zero-day malware
protection
● Account hijack protection
● Integrated Single Sign-On (SSO)
● Step-up multi-factor auth
● Session management
● UEBA
● Policy-based remediation
Proxy + API
Agentless ProxyAgent/Agentless Proxy
12. Elastic
● Hosted globally on AWS
● Or your private cloud
High performance
● Auto-scaling and replication
● Global load balancing
Reliable
● Fully redundant architecture
● 24x7x365 global support
Bitglass Global Infrastructure
12