5. 1: Prevent Data Loss with DLP
● Data-at-rest
○ Often high-risk or regulated information
● Data-in-transit
○ Control access with granular policies
○ Redact, encrypt, block, watermark, more
6. 2: Control Access from Unmanaged Devices
● Sync/download to BYOD is biggest cloud security
challenge
● Must protect:
○ Flow of data to device
○ Data on device
● Must balance employee privacy and data security
7. 3: Stop Cloud Malware and Ransomware
● Most cloud apps don’t have built-in malware protection
○ Signature-based malware no longer effective for new
threats
○ Cloud apps a convenient malware distribution
mechanism
● Unwanted user activity must be detected and stopped
○ Intra- and inter-cloud important
○ Proactive response (Step-up MFA, reauthenticate,
block access)
8. 4: Limit Risky External Sharing
● Cloud apps enable and encourage sharing
● One-click shares outside the organization must be
controlled
○ Visibility into who has access
○ Control over what data is shared
9. 5: Securely Authenticate Users
● Extend premises identity best practices to the cloud
● Track logins for compliance and audit
● Multifactor authentication is now table stakes
● Passwords have become ineffective – often leaked in
dark web data dumps
● Phone, email, or physical tokens greatly reduce
likelihood of unauthorized access
10. 6: Control Unsanctioned App Usage
● Discover known and unknown applications
○ 95% of apps in use are not sanctioned by IT
○ New apps appear on a daily basis - signature-
based discovery no longer effective
● Take appropriate control
○ Sanction, Coach, Block, Read-only,
Alert/Notify
12. Unmanaged DevicesManaged Devices
How CASBs Work
Major SaaS Long-tail SaaS Internal Apps →
Threat
Protection
Data
Protection
VisibilityIdentity
Proxy + API
Agentless ProxyAgent/Agentless Proxy
12
13. Reverse Proxy
● Unmanaged device controls without agents
Forward Proxy
● Managed device controls
ActiveSync Proxy
● Secure email, calendar, etc on any mobile device
● Device-level security - wipe, encryption, PIN, etc
API Controls
● Control external sharing, scan data-at-rest, and more
How CASBs Work
14. Over 20,000 students and 3,000 faculty members
Challenges
■ Cloud deployment met with security concerns around
intellectual property, research, and health data
■ Unmanaged device access controls
■ Compliance requirements including HIPAA and FERPA
Solution
■ Granular DLP policies to identify and secure PHI
■ Regular scans for zero-day malware in the cloud
■ Distinguish between managed and unmanaged devices
■ Technical safeguards for HIPAA compliance at
Feinberg School of Medicine
15. Over 900 physicians; leading Bay Area non-profit
Challenges
■ Inadequate native O365 security
■ PHI leakage from unmanaged devices
■ Agent-based CASB competitors and AirWatch failed to
deploy
Solution
■ Distinguish between managed and unmanaged devices
■ Limit PHI access from risky unmanaged assets
■ Real-time DLP prevents data leakage on download
■ Readily deployable to all mobile devices, managed and
unmanaged
16. Agentless deployment,
any device
Real-time data protection,
anywhere
Zero-day security,
any app or workload
Only Bitglass
16
Global enterprise success via
sustained innovation and scale
We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.
Already adopted
Budgeted for 2018
Planned for beyond 2018
What’s a CASB?
Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500.
Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices.
After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices
Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business.
Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
Cardinal Health is a global distributor of pharmaceuticals and healthcare products. They have more than 30,000 employees and annual revenue of more than $120B puts them at #21 on the Fortune 500.
Cardinal decided to buy a CASB after evaluating the native Office 365 security and deciding that it was inadequate. Their biggest concern was controlling access from unmanaged devices.
After an evaluation of several CASB vendors, they chose Bitglass, which uniquely allowed real-time, inline DLP on any device, delivered by Bitglass’ agentless proxy technologies and our contextual access control engine which differentiates managed vs unmanaged devices
Cardinal also uses Bitglass’ API integration into O365 to restrict external sharing from OneDrive, which was critical to their ability to enable OneDrive across the business.
Unlike agent-based CASBs, Bitglass is interoperable with any proxy or SWG, including Bluecoat. This architectural advantage ensures fast deployment, with no changes to devices or to the network. In Cardinal’s case, this meant a very fast, 30 day rollout.
Bitglass is uniquely capable of protecting any application and any workload – from SaaS and IaaS to premises apps like Microsoft Exchange.
Unlike cumbersome deployments for some security solutions, Bitglass is easy to deploy on any device – managed or unmanaged. With no agents to install, Bitglass protects BYO devices, managed assets, and everything in between with ease.
Real-time data protection works everywhere, whether you’re in the office, out at a Starbucks, or at home. The same visibility, controls, and protections apply.
We are Bitglass, the total data protection company and a global CASB and agentless mobile security company based in Silicon Valley enabling real-time end-to-end data protection, from the cloud to the device.