CASBs for IaaS
enterpriseend-user devicesvisibility & analyticsdata protectionidentity & access controlapplicationstorageserversnetwork
the data blind spotcloud app vendors dont control cloud usageapp vendor
key security challengesIaaS apps introduce new risks
IaaS management consoles and VMs Connected cloud applications (e.g. data visualization tools)Access to connected appsData-at-rest in the cloud
security must evolve to protect data in the cloudungoverned access to corporate data in the clouddata-at-rest in the cloudsensitive cloud data on unmanaged devices
cloud security must strike the balance between agility and securitydata protection for all user devices managed and unmanaged fast and flexible agentless deployments
user privacy and mobility
STORYBOARDSAs a CASB, Bitglass uniquely strikes the balance between cloud agility and security.
Our architecture enables fast and flexible deployments -- at the speed of your SaaS roll out.
Data protection on both managed and unmanaged devices.
And finally, security thats future proof. Our technology is rapidly able to adapt to protect new applications, so as your enterprises portfolio of SaaS purchases grows, Bitglass will rapidly be able to protect those.
poll:what are your biggest challenges in protecting IaaS apps?
data-at-rest securityunauthorized accessknown connected appsunknown connected apps
challenge 1: protecting management consoles
AWS, Azure, and Google Cloud management consoles are a gatewaySpinning up VMs, killing existing instances, and moreLimited native access controls
challenge 2: secure data at rest
Data stores like S3 contain sensitive dataPII, PHI, PCI subject to strict regulatory mandatesVisibility and control necessary for complianceEnterprises must encrypt or at minimum tokenize sensitive fields
challenge 3: secure access to connected apps
Connected data crunching and visualization apps have full access to data storesTypical use case isProtecting connected apps requires access controls, DLP, more
poll:what capabilities are you looking to leverage to protect data?
DLPencryption/tokenizationaccess controlsAPI-based visibility
critical capabilities for IaaS security
audit + visibility
STORYBOARDSwe think CASBs provide a better approach to cloud security.
It starts with discovery.
cloud tokenizationprotect data-at-rest while retaining app functionality
Useful for PII and PCI, subject to stringent regulatory mandatesTokenize just those fields that are most sensitiveProtects PII as it moves from data stores to connected apps (e.g. S3 to RDS to Tableau)
audit and visibility
User behavior analytics & alerting - identify suspicious behaviorDetailed logs required to prove appropriate controls are in placeAccess control policiesSensitive data at rest Risky external shares
data-centric protectionaccess controls and real-time cloud dlpOutright blocking forces users to work around ITGranular context-based controls extend access while applying appropriate protectionsDLP protects data at access and after download
identityCloud app identity management should maintain the best practices of on-prem identityCross-app visibility over suspicious logins can help to prevent a breach
casb securitya data-centric approach a new security architecture for the new data realitytokenize data as it moves between IaaS appsapply granular access controlsprotect data at download with cloud DLPdetailed logging for compliance
our missiontotal data protectionoutside the firewall17#1 CASB real-time data protection
founded 2013 tier 1 funding
3 patents,3 pending
in: CA, NY, MA, IL, NBitglass mission is total data protection outside the firewall - from cloud to device, and anywhere on the internet.
Our award winning company was founded in January 2013, is backed by Tier 1 VCs, including NEA and Norwest Venture Partners, and we have more than 250 enterprise customers.
#1 casb for inline data protection250+ customers100-200k user range, 20k average98.4% renewal rate
resources:more info about cloud security
technical overview: bitglass for awssolution brief: bitglass cloud security