8 questions to ask when evaluating a Cloud Access Security Broker
-
Upload
bitglass -
Category
Technology
-
view
211 -
download
2
Transcript of 8 questions to ask when evaluating a Cloud Access Security Broker
![Page 1: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/1.jpg)
webinarjune 92016
8 questions to ask when
evaluating a cloud access
security broker
![Page 2: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/2.jpg)
STORYBOARDS
the traditional approach to
security is inadequate
![Page 3: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/3.jpg)
STORYBOARDS
security must evolve
to protect data outside the firewall
cloud:attack on
SaaS vendor risks
sensitive data
access:uncontrolled access from any device
network:data breach - exfiltration &
Shadow IT
mobile:lost device
with sensitive data
3
![Page 4: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/4.jpg)
STORYBOARDS
CASB: a better approach to cloud security
identity
discovery
data-centric security
mobile
![Page 5: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/5.jpg)
STORYBOARDS
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
1.how does the solution differ from security built into cloud apps?
app vendor
![Page 6: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/6.jpg)
STORYBOARDS
2. does the solution protect cloud data end-to-end?
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility and control over data in the cloud
■ Solution must also protect data on end-user devices
■ Leverage contextual access controls
![Page 7: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/7.jpg)
STORYBOARDS
3. can the solution control access from both managed & unmanaged devices?
reverse proxy■ unmanaged devices - any device, anywhere■ no software to install/configure
forward proxy■ managed devices - inline control for installed
apps■ agent and certificate based approaches
activesync proxy■ secure email, calendar, etc on any mobile
device■ no software to install/configure■ device level security - wipe, encryption, PIN
etc
![Page 8: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/8.jpg)
STORYBOARDS
4. does the solution provide real-time visibility and control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users, managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove share, etc) required to mitigate overall risk
![Page 9: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/9.jpg)
STORYBOARDS
5. can the solution encrypt data at upload?
■ Encryption must preserve app functionality
■ Encryption must be at full strength, using industry standard encryption (AES-256, etc)
■ Customer managed keys required
![Page 10: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/10.jpg)
STORYBOARDS
6. does the solution protect against unauthorized access?
■ Cloud app identity management should maintain the best practices of on-prem identity
■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication
![Page 11: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/11.jpg)
STORYBOARDS
7. can the solution help me discover risky traffic on my network, such as shadow IT and malware?
■ Analyze outbound data flows to learn what unsanctioned SaaS apps are in use
■ Understand risk profiles of different apps
![Page 12: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/12.jpg)
STORYBOARDS
8. will the solution introduce scale or performance issues?
■ Hosted on high-performance, global cloud infrastructure to introduce minimal latency
■ Security should not get in the way of user experience/productivity
![Page 13: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/13.jpg)
STORYBOARDS
about bitglass
total data
protection est. jan
2013
100+ custome
rs
tier 1 VCs
![Page 14: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/14.jpg)
STORYBOARDS
bitglass solutions
cloud mobile breach
14
![Page 15: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/15.jpg)
STORYBOARDS
secure office 365 + byod
client:■ 35,000 employees globally
challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFSsolution:
■ Real-time data visibility and control ■ DLP policy enforcement at upload
or download■ Quarantine externally-shared
sensitive files in cloud ■ Controlled unmanaged device
access■ Shadow IT & Breach discovery
fortune 50 healthcar
efirm
![Page 16: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/16.jpg)
STORYBOARDS
client:■ 15,000 employees in 190+
locations globallychallenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored in the cloud
■ Limit data access based on device risk level
■ Govern external sharingsolution:
■ Inline data protection for unmanaged devices/BYOD
■ Bidirectional DLP■ Real-time sharing control
secure google apps +
byod
business data
giant
![Page 17: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/17.jpg)
resources:more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure O365
![Page 18: 8 questions to ask when evaluating a Cloud Access Security Broker](https://reader035.fdocuments.in/reader035/viewer/2022070522/58edf9fa1a28ab5c5c8b4661/html5/thumbnails/18.jpg)
STORYBOARDS
bitglass.com@bitglass