webinarsept 28

2016

bridging the o365

security gap

STORYBOARDS

office 365 is the leading SaaS productivity suite:market share has tripled year over year

2014 2015

google apps office 365

other

16.3%

7.7%

76%

22.8%

25.2%52%

poll:what are your

office 365 migration

plans?

STORYBOARDS

the traditional approach to

security is inadequate

STORYBOARDS

the data blind spot:enterprises can’t rely solely on native app security

enterprise(CASB)

end-user devicesvisibility & analytics

data protectionidentity & access control

applicationstorageserversnetwork

5

STORYBOARDS

a security balancing act:empower users, maintain control

■ Visibility and control over corporate data in Office 365

■ Prevent unauthorized access■ Limit external sharing■ Restrict access on unmanaged devices

○ Managing OneDrive sync, access in risky contexts, more

STORYBOARDS

components of o365 security

identity

cloud

access

mobile

STORYBOARDS

cloud:protect data-at-rest in o365

■ External sharing opens the door to unintended leaks○ API-based controls can restrict

sharing of sensitive data■ User behavior analytics, logging

○ Little in-app visibility, no cross-app visibility

○ Third-party solutions are built with compliance in mind

STORYBOARDS

access:native security provides limited visibility

■ More access, greater risk of data leakage

○ Granular access controls can limit risky access

■ DLP is critical to securing sensitive data in risky contexts○ Complete security solutions should

be content-aware, apply DLP at access

STORYBOARDS

mobile:distinguish between managed and unmanaged devices

■ Employees have rejected MDM and MAM

■ IT must securely enable access to frequently used apps

■ Allow different levels of mobile access based on device type, user, etc.

STORYBOARDS

identity:centralized identity management is key to securing data■ Cloud app identity management

should maintain the best practices of on-prem identity

■ O365 can identify some but not all high-risk logins

■ Prevent use of compromised credentials with cross-app IAM, step-up MFA

STORYBOARDS

■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD

■ High operational overhead - Complex to configure and maintain

■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs

■ High cost - Must have top of the line license

■ Point solution - Support focused on Office 365, what about other cloud apps?

office 365 native dlp:complex, costly, and doesn’t work across apps

poll:what cloud

security functions are

most important?

STORYBOARDS

casb security:a data-centric approach

o365 requires a new security architecture■ Cross-device, cross-application

agentless data security■ Real-time data protection■ Limit high-risk activities like external

file sharing, unmanaged access

■ User behavior analytics

STORYBOARDS

managed devices

application access mode data protection

unmanaged devices &

mobiles

in the cloud

● profile-agent● VPN+IP-restriction

● DLP/DRM/encryption ● Device controls, e.g PIN● Agentless Selective wipe● Client apps: allow/block ● OneDrive

● Sharepoint ● API● Quarantine DLP● Block external shares● Alert on DLP events

office 365 use case:real-time inline data protection on any device

Legacy Auth Apps e.g Office 2010

● Full access

Modern Auth Apps e.g Office 2013+

● profile agent● VPN+IP-restriction● certificates

● Full access

● Browser● ActiveSync Mail● Client apps

● Reverse-proxy + AJAX-VM● ActiveSync Proxy

15

STORYBOARDS

client■ 180,000 employees■ Among the largest US healthcare orgs

challenge■ HIPAA Compliant cloud and mobile■ Controlled access to Office 365 from

managed & unmanaged devices■ Control external sharing■ Real-time inline data protection

solution■ Real-time inline protection on any

device■ Contextual access control on managed &

unmanaged devices (Omni)■ Real-time DLP on any device■ API control in the cloud■ Agentless BYOD with selective wipe■ Enterprise-wide for all SaaS apps

secure office 365 + byod

majorhealthcare firm

STORYBOARDS

secure salesforce

+ office 365

17

client■ 20,000 employees■ Global presence■ $6T in assets under management

challenge■ Needed complete CASB for enterprise-wide

migration to SaaS■ Security for Office 365■ Encryption of data-at-rest in Salesforce

solution■ Searchable true encryption of data in

Salesforce■ Real-time inline DLP on any device

(Citadel)■ Contextual access control on managed &

unmanaged devices (Omni)■ API control in the cloud■ Discover breach & Shadow IT

financial services client

STORYBOARDS

our mission

total data

protection est. jan

2013

200+ custome

rs

tier 1 VCs

resources:more info about office 365 security

■ whitepaper: definitive guide to casbs

■ case study: fortune 100 healthcare firm secures o365

■ video: securing office 365

STORYBOARDS

bitglass.com@bitglass