Contenu connexe


Similaire à Securing IaaS Applications(20)


Securing IaaS Applications

  1. webinar march 22 2016 CASBs for IaaS
  2. STORYBOAR enterprise end-user devices visibility & analytics data protection identity & access control application storage servers network the data blind spot cloud app vendors don’t control cloud usage app vendor
  3. STORYBOAR key security challenges IaaS apps introduce new risks ■ IaaS management consoles and VMs ■ Connected cloud applications (e.g. data visualization tools) ■ Access to connected apps ■ Data-at-rest in the cloud
  4. STORYBOAR security must evolve to protect data in the cloud ungoverned access to corporate data in the cloud data-at-rest in the cloud sensitive cloud data on unmanaged devices
  5. STORYBOAR cloud security must strike the balance between agility and security data protection for all user devices – managed and unmanaged fast and flexible agentless deployments user privacy and mobility
  6. poll: what are your biggest challenges in protecting IaaS apps?
  7. STORYBOAR challenge 1: protecting management consoles ■ AWS, Azure, and Google Cloud management consoles are a gateway ■ Spinning up VMs, killing existing instances, and more ■ Limited native access controls
  8. STORYBOAR challenge 2: secure data at rest ■ Data stores like S3 contain sensitive data ■ PII, PHI, PCI subject to strict regulatory mandates ○ Visibility and control necessary for compliance ■ Enterprises must encrypt or at minimum
  9. STORYBOAR challenge 3: secure access to connected apps ■ Connected data crunching and visualization apps have full access to data stores ■ Typical use case is ■ Protecting connected apps requires access controls, DLP, more
  10. poll: what capabilities are you looking to leverage to protect data?
  11. STORYBOAR critical capabilities for IaaS security identity tokenization access control audit + visibility
  12. STORYBOAR cloud tokenization protect data-at-rest while retaining app functionality ■ Useful for PII and PCI, subject to stringent regulatory mandates ■ Tokenize just those fields that are most sensitive ■ Protects PII as it moves from data stores to connected apps (e.g. S3 to RDS to Tableau)
  13. STORYBOAR audit and visibility ■ User behavior analytics & alerting - identify suspicious behavior ■ Detailed logs required to prove appropriate controls are in place ○ Access control policies ○ Sensitive data at rest
  14. STORYBOAR data-centric protection access controls and real-time cloud dlp ■ Outright blocking forces users to work around IT ■ Granular context-based controls extend access while applying appropriate protections ■ DLP protects data at access and after download
  15. STORYBOAR identity ■ Cloud app identity management should maintain the best practices of on-prem identity ■ Cross-app visibility over suspicious logins can help to prevent a breach
  16. STORYBOAR casb security a data-centric approach a new security architecture for the new data reality ■ tokenize data as it moves between IaaS apps ■ apply granular access controls ■ protect data at download with cloud DLP
  17. our mission total data protection outside the firewall 17 #1 CASB real-time data protection founded 2013 tier 1 funding award-winning tech leader 3 patents, 3 pending
  18. resources: more info about cloud security ■ technical overview: bitglass for aws ■ solution brief: bitglass cloud security
  19. STORYBOAR @bitglass

Notes de l'éditeur

  1. As a CASB, Bitglass uniquely strikes the balance between cloud agility and security. Our architecture enables fast and flexible deployments -- at the speed of your SaaS roll out. Data protection on both managed and unmanaged devices. And finally, security that’s future proof. Our technology is rapidly able to adapt to protect new applications, so as your enterprise’s portfolio of SaaS purchases grows, Bitglass will rapidly be able to protect those.
  2. data-at-rest security unauthorized access known connected apps unknown connected apps
  3. DLP encryption/tokenization access controls API-based visibility
  4. we think CASBs provide a better approach to cloud security. It starts with discovery.
  5. MIKE
  6. in: CA, NY, MA, IL, N Bitglass’ mission is total data protection outside the firewall - from cloud to device, and anywhere on the internet. Our award winning company was founded in January 2013, is backed by Tier 1 VCs, including NEA and Norwest Venture Partners, and we have more than 250 enterprise customers. #1 casb for inline data protection 250+ customers 100-200k user range, 20k average 98.4% renewal rate