Embed Size (px)
Citation preview
Securing Cover Your SaaS
Rich CampagnaVP, ProductsBitglassChris HinesProduct Marketing MgrBitglass
© 2015 Bitglass
Office 365 Taking Off
Suite Currently Deployed
Planned Deployment
16% 29%16% 13%
© 2015 Bitglass
Is Cloud Living up to the Hype?
Yes! On availability, cost, flexibility
No! On security, compliance
Metric % AgreeAvailability 38%
Cost savings 37%
Flexibility 36%
...
Security 15%Compliance 8%
What is your biggest security concern about moving to O365? Visibility into user behavior/activitiesUser account/credential theftControlling access from different devices, geographies, etcEncrypting data-at-rest in One DriveOther
Polling Question
© 2015 Bitglass
Enterprise Concerns
Visibility and Audit
Hacked Accounts and Passwords
Access Control & Data Leakage
Clear Text Data-at-Rest is VulnerableAcross:
SaaS Security = Joint Responsibility
Components
Usage/ConsumptionData
Application
Services
Servers & Storage
Network
Area
Data
Application
Infrastructure
Owner
Enterprise
© 2015 Bitglass
Single sign on
Audit/Visibility
Access control , DLP
Mobile data protection
What Tools Do Enterprises Need?
P
© 2015 Bitglass
Traditional Infrastructure Security
HQ & Branch OfficeOn-premises
ApartmentRemote
StarbucksBYOD
MDMVPN
VPNWeb Proxy
DLPFirewall
● Complex to deploy
● Poor user experience
● Data-sync proliferation
● BYOD blindspot
© 2015 Bitglass
So what is the solution?
Cloud Access Security Brokers
(CASBs)
CASB Coverage Areas
Mobile
Clou
d
In the Cloud At Access
On the DeviceOn the Network
© 2015 Bitglass
In the Cloud
Enterprise Key Mgmt
Resilience to application changes
Fast. easy deployment, no user experience change, no SW install
Full strength AES-256 bit encryption that preserves operation
© 2015 Bitglass
Data Tracking & Watermarking
File Encryption Redaction
Blocking
Access ControlUser/Group
ApplicationDevice (Mgd v Unmgd)
Location/Geo
DLPData Classification
KeywordsRegex
At Access
VisibilityAnomaly Detection
AlertsDashboard
Audit
© 2015 Bitglass – Confidential: Do Not Distribute
How it Works
Privacy
Security & ComplianceContextual access control
DLP: Mask, Encrypt, Block (PHI, PCI, PII)
Alerts & AuditSelective Wipe & Restore
UsabilityAny device, anywhereNo Software AgentsTransparent to UsersRespect User Privacy
Premises Apps
© 2015 Bitglass
Example Office 365 Policy
Scenario Contextual Access Control Application Access Data Protection
Managed deviceCorporate HQ
Device Profile: Pass● Device type: Windows 8.1 ● AV updated● Firewall installed● Registry match
● Email● Browser● One Drive sync client
● Full access
Unmanaged deviceOff-campus
Device Profile: Fail● Device type: Mac OS X● No AV● NO Firewall
● Browser-based email only
● Container/encryption for all downloads
● Sensitive data redaction
Managed mobileOff-campus
Device Profile: Pass● Device type: Apple iOS● MDM profile installed
● Native mail● Browser● One Drive App
● Full access
Unmanaged BYODOff-campus
Device Profile: Fail● Device type: Apple iOS● No MDM profile installed
● Native mail● Browser
● Container/encryption for all downloads
● Sensitive data redaction
© 2015 Bitglass
Bitglass for Office365
In the Cloud At Access
On the DeviceProtect cloud data on all devices● Selectively wipe Email and PIM data● Control data in Sync Clients● Revoke DRM controlled documents
Mobile
Clou
d
Patented strong encryption for OneDrive data-at-rest● AES 256-bit keys 256-bit Init.
vectors
Data-centric visibility and control● All access methods: OneDrive
Sync, ActiveSync, Web● Mgd vs Unmanaged Device
Control● Document controls:
Watermarking, DRM, DLP
On-
prem
ise
On-premise
On the Network
© 2015 Bitglass
Questions?
Chris Hines [email protected]
@cchines
Rich Campagna [email protected]
@bitglass
Enjoyed this webinar? Don’t miss the next
one!
© 2015 Bitglass
Total Data ProtectionOutside the Firewall
