CASBs: Real-world use cases
-
Upload
bitglass -
Category
Technology
-
view
294 -
download
1
Transcript of CASBs: Real-world use cases
![Page 1: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/1.jpg)
STORYBOARDS
Cloud Access Security BrokersReal-World Use Cases
Rich CampagnaVP, ProductsBitglass
Salim HafidMarketing ManagerBitglass
![Page 2: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/2.jpg)
STORYBOARDS
Enterprise Needs
Visibility and audit
Restrict data on unmanaged devices
Prevent hacked accounts
Prevent data leakage & control access
![Page 3: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/3.jpg)
STORYBOARDS
First Attempt - Infrastructure “Lockdown”
Firewall DLP
Web Proxy
VPN
HQ & Branch Office
Starbucks
ApartmentVPN
MDM
+many more...
![Page 4: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/4.jpg)
STORYBOARDS
Components
Usage/Consumption
Data
Application
Services
Servers & Storage
Network
Area
Data
Application
Infrastructure
Owner
Enterprise
Second Attempt - Rely on Cloud App Vendors
![Page 5: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/5.jpg)
STORYBOARDS
Solution?
Cloud Access Security Brokers (CASBs)
![Page 6: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/6.jpg)
STORYBOARDS
Use Cases
1. Discover unknown cloud apps and exfiltration 2. Visibility and user behavior analytics 3. Contextual access control4. Data leakage prevention5. Mobile data protection
![Page 7: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/7.jpg)
STORYBOARDS
CASB Architecture Options
1. Managed Devices Forward Proxy ActiveSync Proxy Device ProfilerSAML Proxy
+ SSO
2. Unmanaged Devices Reverse Proxy + AJAX VM ActiveSync Proxy No agents/No cert install Any device
Rev. Proxy
Fwd. Proxy
3. Data at Rest API Visibility & Control
+many more...
![Page 8: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/8.jpg)
STORYBOARDS
Total Data ProtectionCl
oud
On-
Prem
ise
Managed BYOD
Cloud
Network
Access
Device
![Page 9: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/9.jpg)
STORYBOARDS
Typical CASB Policy
Managed device
Application Access Access Control Data Protection
BYOD
In the Cloud
Forward ProxyActiveSync Proxy
Device Profile: Pass● Email● Browser● Thick clients
● Full Access
Reverse Proxy + AJAX VMActiveSync Proxy
● DLP/DRM/encryption ● Device controls
API Control External Sharing Blocked ● Block external shares● Alert on DLP events
Device Profile: Fail● Mobile Email● Browser
![Page 10: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/10.jpg)
STORYBOARDS
Bay Cove Human Services - Google Apps + HIPAA
2500 Employees
HIPAA Compliance with GApps and BYOD● Google cost effective for non-profits, enhances productivity
● Challenges: Protect PHI, remain HIPAA compliant, keep costs low
● Key features: Data leakage prevention, visibility, integrated identity management, mobile data protection
![Page 11: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/11.jpg)
STORYBOARDS
UNC Charlotte - Dropbox
Controlling External Sharing● Moved to Dropbox to centralize Faculty file storage/sharing,
including sensitive research data
● Challenges: External sharing, Unmanaged device access
● Key features: Contextual access control, encryption, watermarking, DRM
26,000 Students3,000 Employees
![Page 12: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/12.jpg)
STORYBOARDS
Ad Agency - O365 OneDrive
Protect unreleased creative files in OneDrive● Global clients demanded protection
● Challenges: Prevent data leakage
● Key features: External file sharing visibility/control, restricted access from unmanaged devices, Integrated identity/SSO
200 EmployeesGlobal clients
![Page 13: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/13.jpg)
STORYBOARDS
Financial Services - Salesforce Encryption
Full strength encryption of PII● First-gen cloud encryption gateway weakened encryption; brittle
proxy technology
● Challenges: Maintain Salesforce functionality, encrypt data, extend risk-appropriate access
● Key features: Encryption with KMS Integration, visibility, access control
100k+ Employees
![Page 14: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/14.jpg)
STORYBOARDS
The Bitglass Mission:Total data protection outside the firewall
$35M investment Est. Jan. 2013 CA, NY, MA, IL, NC
![Page 15: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/15.jpg)
STORYBOARDS
Bitglass: The Only Complete CASB Solution
Data Exfiltration
Integrated Identity & SSO
Mobile SecurityActiveSync Proxy
Access Control: Data-at-restAPI integration
Data Protection Watermarking, Encryption,
DLP, DRM
Access ControlForward Proxy
Reverse Proxy + AJAX-VM
Cloud Encryption
ShadowIT
Access Control SAML Proxy
Out-of-Band
Inband
![Page 16: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/16.jpg)
STORYBOARDS
Helpful Resources
1. Definitive Guide to CASBs - http://pages.bitglass.com/definitive-guide-to-cloud-access-security-brokers.html
2. Bitglass Case Studies - http://www.bitglass.com/resources#case_studies=1
3. Definitive Guide to O365 Security - http://pages.bitglass.com/definitive-guide-o365.html
![Page 17: CASBs: Real-world use cases](https://reader034.fdocuments.in/reader034/viewer/2022042906/58a810d71a28ab3d6e8b682d/html5/thumbnails/17.jpg)
STORYBOARDS
Total Data ProtectionBeyond the Firewall
Rich CampagnaVP ProductsBitglass
[email protected]@RichCampagna
Salim HafidMarketing ManagerBitglass
[email protected]@SalimHafid