CASBs:
A New
Hope
A long time ago
in a CISOs old
security
strategy

STORYBOARDS
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
CASBs secure data across any cloud app
app vendor

STORYBOARDS
shadow
IT
The clone wars:
In the beginning before the republic was sabotaged by the empire:
Translation - Shadow IT was all we knew

STORYBOARDS
shadow IT
gain visibility into your org’s cloud usage
■ Identify unsanctioned apps in
use in your organization
○ Understand risk profiles
of these frequently used
apps
■ Intelligent, time-saving alerts
out of the box

STORYBOARDS
shadow
IT
API-
based
approach
Revenge of the Sith:
The empire began growing powerful with their management of security approach
Translation - Orgs. are limited with limited API security

STORYBOARDS
data-at-rest in the cloud
api control
visibility and control of cloud data
● DLP scans & quarantine
● modify sharing permissions
● watermark, DRM, redact, encrypt
● proxy-accelerated API-scans
6

STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office
2016 on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:
complex, costly, and doesn’t work across apps

STORYBOARDS
shadow
IT
API-based
approach
API + in-
line
A New Hope:
The Rebels emerged with a new way to secure SAAS applications with an
agentless in-line approach. The old republic (empire) methods were still
used to maintain balance with the force.

STORYBOARD
how casb security works
reverse proxy
■ unmanaged device controls without agents
forward proxy
■ managed devices controls
activesync proxy
■ secure email, calendar, etc on any mobile
device
■ device level security - wipe, encryption, PIN
etc

STORYBOARDS
casb security
a data-centric approach
■ Cloud data doesn’t exist only “in the
cloud”
■ IT must protect data at access and on
any device
○ Granular DLP
○ Context-aware to distinguish between
users, device type, more

STORYBOARDS
3
top MDM vendors
do not use their
own product
Bitglass BYOD Security Survey 2015
MDM is
obsolete
67%
would participate
in BYOD if IT
couldn’t access
personal data &
apps
38%
of IT professionals
don’t participate
in their own BYOD
security programs

STORYBOARDS
mobile security
cloud and mobile are inseparable
■ IT must enable secure access to cloud
apps from any device
■ BYOD poses a threat to data security
due to a lack of visibility and control
after download
■ CASBs accommodate user BYOD

STORYBOARDS
casb identity
centralized identity management is key in securing data
■ CASBs offer integrated identity
management across apps
■ Limit potential breaches with step-up
multifactor auth for high risk logins

STORYBOARDS
secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing
infrastructure, e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared
sensitive files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm

STORYBOARDS
■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps
adoption
■ Prevent sensitive data from being
stored in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
secure
google
apps +
byod
business
data giant

STORYBOARDS
about
bitglass
total
data
protection est. jan
2013
100+
customer
s
tier 1
VCs

resources:
more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cloud adoption by industry
■ case study: fortune 100 healthcare firm secure
O365

STORYBOARDS
bitglass.com
@bitglass