webinar
march 22
2016
CASBs for IaaS

STORYBOAR
enterprise
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
the data blind spot
cloud app vendors don’t control cloud usage
app vendor

STORYBOAR
key security challenges
IaaS apps introduce new risks
■ IaaS management consoles and VMs
■ Connected cloud applications (e.g. data
visualization tools)
■ Access to connected apps
■ Data-at-rest in the cloud

STORYBOAR
security must
evolve to protect
data in the cloud
ungoverned
access to
corporate data in
the cloud
data-at-rest
in the cloud
sensitive cloud
data on
unmanaged
devices

STORYBOAR
cloud security
must strike the
balance between
agility and security
data protection
for all user
devices –
managed and
unmanaged
fast and
flexible
agentless
deployments
user
privacy and
mobility

poll:
what are your
biggest challenges
in protecting IaaS
apps?

STORYBOAR
challenge 1: protecting management consoles
■ AWS, Azure, and Google Cloud management
consoles are a gateway
■ Spinning up VMs, killing existing instances, and
more
■ Limited native access controls

STORYBOAR
challenge 2: secure data at rest
■ Data stores like S3 contain sensitive data
■ PII, PHI, PCI subject to strict regulatory
mandates
○ Visibility and control necessary for
compliance
■ Enterprises must encrypt or at minimum

STORYBOAR
challenge 3: secure access to connected apps
■ Connected data crunching and visualization
apps have full access to data stores
■ Typical use case is
■ Protecting connected apps requires access
controls, DLP, more

poll:
what capabilities
are you looking to
leverage to protect
data?

STORYBOAR
critical
capabilities for
IaaS security
identity
tokenization
access control
audit + visibility

STORYBOAR
cloud tokenization
protect data-at-rest while retaining app functionality
■ Useful for PII and PCI, subject to stringent
regulatory mandates
■ Tokenize just those fields that are most
sensitive
■ Protects PII as it moves from data stores to
connected apps (e.g. S3 to RDS to Tableau)

STORYBOAR
audit and visibility
■ User behavior analytics & alerting -
identify suspicious behavior
■ Detailed logs required to prove
appropriate controls are in place
○ Access control policies
○ Sensitive data at rest

STORYBOAR
data-centric protection
access controls and real-time cloud dlp
■ Outright blocking forces users to work around IT
■ Granular context-based controls extend access
while applying appropriate protections
■ DLP protects data at access and after download

STORYBOAR
identity
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ Cross-app visibility over suspicious logins
can help to prevent a breach

STORYBOAR
casb security
a data-centric approach
a new security architecture for the
new data reality
■ tokenize data as it moves between
IaaS apps
■ apply granular access controls
■ protect data at download with
cloud DLP

our
mission
total
data
protection
outside the firewall
17
#1 CASB real-time
data protection
founded 2013
tier 1 funding
award-winning
tech leader
3 patents,
3 pending

resources:
more info about cloud security
■ technical overview: bitglass for aws
■ solution brief: bitglass cloud security

STORYBOAR
bitglass.com
@bitglass