Adoption of G Suite has increased year over year. Despite this increased adoption, securing data still remains a challenge as employees want access to cloud apps from any device, anywhere.
In this webinar, we will discuss the the security gaps within G Suite and how to give power back to your security team through tools that provide visibility and control of your data across all of your cloud apps.
2. STORYBOAR
G Suite is the fastest growing SaaS productivity suite:
deployed in over a third of organizations
2015
google apps
office 365
other
16.3%
7.7%
76%
22.8%
25.2%
52%
40.7%
24.5%
34.8%
2016
4. STORYBOAR
a security balancing act:
empower users, maintain control
■ Visibility and control over corporate data in G Suite
■ Prevent unauthorized access
■ Limit external sharing
■ Restrict access on unmanaged devices
○ Managing Google Drive sync, access in risky contexts, more
5. STORYBOAR
The real risk vector
■ In an increasing number of security
breaches, findings show that user
"error" is the root cause
7. STORYBOAR
cloud:
protect data-at-rest in g suite
■ External sharing opens the door to
unintended leaks
○ API-based controls can restrict sharing
of sensitive data
■ Encryption, when needed
■ User behavior analytics, logging
8. STORYBOAR
mobile:
protect cloud data synced to any device
■ Employees have rejected MDM and MAM
■ Protect data synced/downloaded to user
devices
■ Allow different levels of mobile access
based on device type, user, etc.
9. STORYBOAR
access:
native security provides limited visibility
■ More access, greater risk of data leakage
○ Granular access controls can limit risky
access
■ DLP is critical to securing sensitive data in
risky contexts
○ Complete security solutions should be
content-aware, apply DLP at access
10. STORYBOAR
identity:
centralized identity management is key to securing data
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ Google can identify some but not all high-
risk logins
■ Prevent use of compromised credentials
with cross-app IAM, step-up MFA
11. STORYBOAR
cloud apps can be secure:
but will they protect everything?
enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
11
13. STORYBOAR
benefits of using a casb
g suite requires a new security
architecture
■ Cross-device, cross-application agentless
data security
■ Real-time data protection
■ Limit high-risk activities like external file
sharing, unmanaged access
■ User behavior analytics
14. STORYBOAR
managed
devices
application access mode data protection
unmanaged
devices &
mobiles
in the cloud
● profile-agent
● VPN+IP-restriction
● DLP/DRM/encryption
● Device controls, e.g PIN
● Agentless Selective wipe
● Client apps: allow/block
● Google Drive
● Gmail
● API
● Quarantine DLP
● Block external shares
● Alert on DLP events
g suite use case:
real-time inline data protection on any device
Google Drive Client
● Full access
● Browser
● ActiveSync Mail
● Client apps
● Reverse-proxy + AJAX-VM
● ActiveSync Proxy
14
15. Fortune 100
Media
Conglomerate
20K users
secure
g suite
+ byod
Challenges
■ Sensitive data stored in G Suite
■ Limited external sharing controls
Solution
■ Policies to protect financial data in real-time,
bidirectionally
■ Quarantining of data policy violations for further
review
■ Real-time inline data protection on any device
what are your g suite adoption plans?
Already deployed
Deployment in progress
Plan to deploy in the next year
No plans to deploy O365
“By 2018, more than half of all bring your own device (BYOD) users that currently have an MDM agent will be managed by an agentless solution” - Gartner
what cloud security functions are most important?
Cross-app identity management
Access controls
Data leakage prevention
Data protection for cloud data sync’d to devices
Cloud encryption