Securing IaaS Applications

  • View

  • Download

Embed Size (px)

Text of Securing IaaS Applications

PowerPoint Presentation

webinarmarch 222016

CASBs for IaaS

enterpriseend-user devicesvisibility & analyticsdata protectionidentity & access controlapplicationstorageserversnetwork

the data blind spotcloud app vendors dont control cloud usageapp vendor


key security challengesIaaS apps introduce new risks

IaaS management consoles and VMs Connected cloud applications (e.g. data visualization tools)Access to connected appsData-at-rest in the cloud


security must evolve to protect data in the cloudungoverned access to corporate data in the clouddata-at-rest in the cloudsensitive cloud data on unmanaged devices


cloud security must strike the balance between agility and securitydata protection for all user devices managed and unmanaged fast and flexible agentless deployments

user privacy and mobility

STORYBOARDSAs a CASB, Bitglass uniquely strikes the balance between cloud agility and security.

Our architecture enables fast and flexible deployments -- at the speed of your SaaS roll out.

Data protection on both managed and unmanaged devices.

And finally, security thats future proof. Our technology is rapidly able to adapt to protect new applications, so as your enterprises portfolio of SaaS purchases grows, Bitglass will rapidly be able to protect those.

poll:what are your biggest challenges in protecting IaaS apps?

data-at-rest securityunauthorized accessknown connected appsunknown connected apps

challenge 1: protecting management consoles

AWS, Azure, and Google Cloud management consoles are a gatewaySpinning up VMs, killing existing instances, and moreLimited native access controls


challenge 2: secure data at rest

Data stores like S3 contain sensitive dataPII, PHI, PCI subject to strict regulatory mandatesVisibility and control necessary for complianceEnterprises must encrypt or at minimum tokenize sensitive fields


challenge 3: secure access to connected apps

Connected data crunching and visualization apps have full access to data storesTypical use case isProtecting connected apps requires access controls, DLP, more


poll:what capabilities are you looking to leverage to protect data?

DLPencryption/tokenizationaccess controlsAPI-based visibility

critical capabilities for IaaS security


access control

audit + visibility

STORYBOARDSwe think CASBs provide a better approach to cloud security.

It starts with discovery.

cloud tokenizationprotect data-at-rest while retaining app functionality

Useful for PII and PCI, subject to stringent regulatory mandatesTokenize just those fields that are most sensitiveProtects PII as it moves from data stores to connected apps (e.g. S3 to RDS to Tableau)


audit and visibility

User behavior analytics & alerting - identify suspicious behaviorDetailed logs required to prove appropriate controls are in placeAccess control policiesSensitive data at rest Risky external shares


data-centric protectionaccess controls and real-time cloud dlpOutright blocking forces users to work around ITGranular context-based controls extend access while applying appropriate protectionsDLP protects data at access and after download


identityCloud app identity management should maintain the best practices of on-prem identityCross-app visibility over suspicious logins can help to prevent a breach


casb securitya data-centric approach a new security architecture for the new data realitytokenize data as it moves between IaaS appsapply granular access controlsprotect data at download with cloud DLPdetailed logging for compliance


our missiontotal data protectionoutside the firewall17#1 CASB real-time data protection

founded 2013 tier 1 funding


tech leader

3 patents,3 pending

in: CA, NY, MA, IL, NBitglass mission is total data protection outside the firewall - from cloud to device, and anywhere on the internet.

Our award winning company was founded in January 2013, is backed by Tier 1 VCs, including NEA and Norwest Venture Partners, and we have more than 250 enterprise customers.

#1 casb for inline data protection250+ customers100-200k user range, 20k average98.4% renewal rate

resources:more info about cloud security

technical overview: bitglass for awssolution brief: bitglass cloud security