SlideShare une entreprise Scribd logo

Cloud Access Security Brokers: Closing the SaaS Security Gap

Sirius
Sirius

As more organizations move sensitive data to the cloud and “cloudify” traditionally internal applications, the need to fully secure data in the cloud has become critical. Widespread use of Software as a service (SaaS) applications has led to concern over the security gaps they present. Cloud access security brokers (CASBs) help bridge these gaps by providing a central control point for cloud service visibility, security, and compliance. Learn about: • How CASBs can help you leverage SaaS while maintaining security and compliance • The four central areas of CASB functionality • The most popular ways CASB solutions are being used to accomplish security goals • The pros and cons of different CASB deployment options • How to evaluate solutions to find the best match for your organization

Technologie
1  sur  26
CLOUD ACCESS SECURITY BROKERS CLOSING THE SAAS SECURITY GAP
www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
Ask yourself: a) Yes b) No c) Not sure CAN YOUR ORGANIZATION DETECT UNUSUAL OR FRAUDULENT ACTIVITIES ASSOCIATED WITH DATA IN THE CLOUD?
*2017 Thales/451 Research Data Threat Report of respondents will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year believe their organizations are deploying these technologies ahead of having appropriate data security solutions in place 93% 63%
MANY ORGANIZATIONS LACK VISIBILITY INTO THE CLOUD SERVICES THEY CONSUME AND THE RISKS THEY PRESENT Cannot detect compromised credentials or unmanaged devices accessing cloud services Struggle to verify compliance and secure handling of data across different services
Ask yourself: a) Less than 300 b) More than 500 c) Not sure HOW MANY CLOUD APPLICATIONS DOES YOUR ORGANIZATION USE?
*Source: Symantec 2H 2016 Shadow Data Report Symantec’s Shadow Data Report for 2H 2016 found that the average enterprise has 928 cloud apps in use Organizations use 20 times more cloud apps than they think 928 20X
ORGANIZATIONS THAT WANT TO LEVERAGE SAAS WHILE MAINTAINING SECURITY AND COMPLIANCE NEED TOOLS THAT FOCUS ON SECURING DATA IN THE CLOUD
THE ROLE OF CASBs Definition CASBs are policy enforcement points that sit between an organization's on- premises infrastructure and a cloud provider's infrastructure. They act as gatekeepers, interposing enterprise security policies as cloud-based resources are accessed. Use CASBs examine a network's traffic and determine if sensitive data is being sent to the cloud. CASB solutions then apply policies and other security controls to ensure that sensitive data is protected. They enable organizations to manage and enforce policies across disparate SaaS applications, providing a single point of control for multiple applications and services.
Source: Gartner (March 2017) $151M $713M 2015 2020 CASB MARKET FORECAST OVERVIEW
CASB FUNCTIONALITY AREAS Visibility Answers the question, “Who’s doing what in the cloud?” through shadow IT discovery and sanctioned application control. Offers comprehensive view of cloud service usage, and the users accessing data from any device or location Compliance Helps fill the regulatory compliance capability gaps introduced by many SaaS providers. Assists with data residency issues and controlling access to regulated data, provides logs for audits, and identifies cloud usage and the risks of specific cloud services Data Security Enforces data-centric security policies to prevent unwanted activity based on classification, discovery and user activity monitoring of data access. Policies applied through controls such as audit, alert, block, quarantine, delete and encrypt/tokenize Threat Protection Provides protection against threats not typically handled by SaaS providers (e.g., user behavior and use of corporate data). Prevents unwanted devices, users and versions of applications from accessing cloud services
POPULAR USE CASES
CASBs can identify the SaaS apps being used and specify how safe they are for the organization ONE SHADOW IT DISCOVERY
CASBs can identify users’ access to SaaS applications by leveraging existing single sign-on providers or corporate Active Directory services TWO ACCESS CONTROL ENFORCEMENT
CASBs provide a common point of encryption for cloud services THREE ENCRYPTION
CASBs can verify content within the public cloud applications being used by the organization, encrypting, password protecting, watermarking, or blocking FOUR DATA LOSS PREVENTION
CASBs provide comprehensive activity logs and other reports that are useful for auditing and forensics FIVE REPORTING
CASBs can establish user behavior and service baselines, so that anomalous behavior that indicates threats can be detected, and alerts can be generated SIX BEHAVIOR ANALYTICS
DEPLOYMENT OPTIONS
API-Based SolutionGateway (Reverse Proxy)Gateway (Forward Proxy) Inline deployment between the endpoint and cloud service in which the device or network routes traffic to the CASB proxy. Inline deployment between the endpoint and cloud service in which the cloud service or identity provider routes traffic to the CASB proxy. Direct integration of the CASB and cloud service. Depending on cloud provider APIs, the CASB can view activity, content, and take enforcement action.
API-Based SolutionGateway (Reverse Proxy)Gateway (Forward Proxy) Pros • Ability to leverage current on- premises perimeter solutions • Architecture enables handling of transport-layer encryption • Facilitates Shadow IT discovery Cons • Doesn’t work for unmanaged off-premises devices • All traffic from managed endpoints traverses the CASB; potential privacy/compliance concern • Users must either VPN or proxy through the solution Pros • Leverages existing IDP/SSO solutions • Transport-layer security can require certificate rewriting • Proactive DLP enforcement Cons • Rewriting URLs can cause issues if SaaS provider has frequent URL updates • Requires an existing IDP/SSO solution to be in place • SSL encryption can impact deployment Pros • No configuration changes to endpoints or the network • Visibility into sanctioned apps • Reliable insight into what data is in the cloud, and activity logs/user behavior associated with that data Cons • No real-time prevention • API dependency is limited to the application's API offering • Hybrid approach (API + gateway) may be needed to enable features such as encryption and tokenization for some applications
Ask yourself: a) Whichever ranks highest in the Gartner Magic Quadrant b) Ask a trusted peer in the industry c) Makes no difference; they’re essentially the same d) Conduct an evaluation HOW CAN YOU DETERMINE WHICH CASB IS RIGHT FOR YOUR ORGANIZATION?
http://focus.forsythe.com/articles/530/Cloud-Access- Security-Brokers-Closing-the-SaaS-Security-Gap CHECK OUT THE ORIGINAL ARTICLE:
http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
Authors: Matthew Sickles Director, Forsythe Security Solutions Sriram Puthucode VP of Systems Engineering, Cloud Security, Symantec www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses.
Cloud Access Security Brokers: Closing the SaaS Security Gap

Recommandé

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusSirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business TransformationSirius
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetSirius
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITSirius
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 

Recommandé

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusSirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business TransformationSirius
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetSirius
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITSirius
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data managementSirius
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindSirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionSirius
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should HaveSirius
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric SecuritySirius
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider ThreatsSirius
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills GapSirius
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with ITSirius
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentSirius
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecuritySirius
 
The Cost Savings of High-Density Data Center Environments
The Cost Savings of High-Density Data Center EnvironmentsThe Cost Savings of High-Density Data Center Environments
The Cost Savings of High-Density Data Center EnvironmentsSirius
 
Seven Key Elements of a Successful Encryption Strategy
Seven Key Elements of a Successful Encryption StrategySeven Key Elements of a Successful Encryption Strategy
Seven Key Elements of a Successful Encryption StrategySirius
 
Transform Your Business Through Communication and Collaboration
Transform Your Business Through Communication and CollaborationTransform Your Business Through Communication and Collaboration
Transform Your Business Through Communication and CollaborationSirius
 
Security News You Need: Current Updates and Threats on Security
Security News You Need: Current Updates and Threats on SecuritySecurity News You Need: Current Updates and Threats on Security
Security News You Need: Current Updates and Threats on SecuritySirius
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Contenu connexe

Plus de Sirius

Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data managementSirius
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindSirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionSirius
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should HaveSirius
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric SecuritySirius
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider ThreatsSirius
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills GapSirius
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with ITSirius
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentSirius
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecuritySirius
 
The Cost Savings of High-Density Data Center Environments
The Cost Savings of High-Density Data Center EnvironmentsThe Cost Savings of High-Density Data Center Environments
The Cost Savings of High-Density Data Center EnvironmentsSirius
 
Seven Key Elements of a Successful Encryption Strategy
Seven Key Elements of a Successful Encryption StrategySeven Key Elements of a Successful Encryption Strategy
Seven Key Elements of a Successful Encryption StrategySirius
 
Transform Your Business Through Communication and Collaboration
Transform Your Business Through Communication and CollaborationTransform Your Business Through Communication and Collaboration
Transform Your Business Through Communication and CollaborationSirius
 
Security News You Need: Current Updates and Threats on Security
Security News You Need: Current Updates and Threats on SecuritySecurity News You Need: Current Updates and Threats on Security
Security News You Need: Current Updates and Threats on SecuritySirius
 

Plus de Sirius (20)

Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data management
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left Behind
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or Revolution
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric Security
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with IT
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability Assessment
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and Security
 
The Cost Savings of High-Density Data Center Environments
The Cost Savings of High-Density Data Center EnvironmentsThe Cost Savings of High-Density Data Center Environments
The Cost Savings of High-Density Data Center Environments
 
Seven Key Elements of a Successful Encryption Strategy
Seven Key Elements of a Successful Encryption StrategySeven Key Elements of a Successful Encryption Strategy
Seven Key Elements of a Successful Encryption Strategy
 
Transform Your Business Through Communication and Collaboration
Transform Your Business Through Communication and CollaborationTransform Your Business Through Communication and Collaboration
Transform Your Business Through Communication and Collaboration
 
Security News You Need: Current Updates and Threats on Security
Security News You Need: Current Updates and Threats on SecuritySecurity News You Need: Current Updates and Threats on Security
Security News You Need: Current Updates and Threats on Security
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Cloud Access Security Brokers: Closing the SaaS Security Gap

  • 2. www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
  • 3. Ask yourself: a) Yes b) No c) Not sure CAN YOUR ORGANIZATION DETECT UNUSUAL OR FRAUDULENT ACTIVITIES ASSOCIATED WITH DATA IN THE CLOUD?
  • 4. *2017 Thales/451 Research Data Threat Report of respondents will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year believe their organizations are deploying these technologies ahead of having appropriate data security solutions in place 93% 63%
  • 5. MANY ORGANIZATIONS LACK VISIBILITY INTO THE CLOUD SERVICES THEY CONSUME AND THE RISKS THEY PRESENT Cannot detect compromised credentials or unmanaged devices accessing cloud services Struggle to verify compliance and secure handling of data across different services
  • 6. Ask yourself: a) Less than 300 b) More than 500 c) Not sure HOW MANY CLOUD APPLICATIONS DOES YOUR ORGANIZATION USE?
  • 7. *Source: Symantec 2H 2016 Shadow Data Report Symantec’s Shadow Data Report for 2H 2016 found that the average enterprise has 928 cloud apps in use Organizations use 20 times more cloud apps than they think 928 20X
  • 8. ORGANIZATIONS THAT WANT TO LEVERAGE SAAS WHILE MAINTAINING SECURITY AND COMPLIANCE NEED TOOLS THAT FOCUS ON SECURING DATA IN THE CLOUD
  • 9. THE ROLE OF CASBs Definition CASBs are policy enforcement points that sit between an organization's on- premises infrastructure and a cloud provider's infrastructure. They act as gatekeepers, interposing enterprise security policies as cloud-based resources are accessed. Use CASBs examine a network's traffic and determine if sensitive data is being sent to the cloud. CASB solutions then apply policies and other security controls to ensure that sensitive data is protected. They enable organizations to manage and enforce policies across disparate SaaS applications, providing a single point of control for multiple applications and services.
  • 10. Source: Gartner (March 2017) $151M $713M 2015 2020 CASB MARKET FORECAST OVERVIEW
  • 11. CASB FUNCTIONALITY AREAS Visibility Answers the question, “Who’s doing what in the cloud?” through shadow IT discovery and sanctioned application control. Offers comprehensive view of cloud service usage, and the users accessing data from any device or location Compliance Helps fill the regulatory compliance capability gaps introduced by many SaaS providers. Assists with data residency issues and controlling access to regulated data, provides logs for audits, and identifies cloud usage and the risks of specific cloud services Data Security Enforces data-centric security policies to prevent unwanted activity based on classification, discovery and user activity monitoring of data access. Policies applied through controls such as audit, alert, block, quarantine, delete and encrypt/tokenize Threat Protection Provides protection against threats not typically handled by SaaS providers (e.g., user behavior and use of corporate data). Prevents unwanted devices, users and versions of applications from accessing cloud services
  • 13. CASBs can identify the SaaS apps being used and specify how safe they are for the organization ONE SHADOW IT DISCOVERY
  • 14. CASBs can identify users’ access to SaaS applications by leveraging existing single sign-on providers or corporate Active Directory services TWO ACCESS CONTROL ENFORCEMENT
  • 15. CASBs provide a common point of encryption for cloud services THREE ENCRYPTION
  • 16. CASBs can verify content within the public cloud applications being used by the organization, encrypting, password protecting, watermarking, or blocking FOUR DATA LOSS PREVENTION
  • 17. CASBs provide comprehensive activity logs and other reports that are useful for auditing and forensics FIVE REPORTING
  • 18. CASBs can establish user behavior and service baselines, so that anomalous behavior that indicates threats can be detected, and alerts can be generated SIX BEHAVIOR ANALYTICS
  • 20. API-Based SolutionGateway (Reverse Proxy)Gateway (Forward Proxy) Inline deployment between the endpoint and cloud service in which the device or network routes traffic to the CASB proxy. Inline deployment between the endpoint and cloud service in which the cloud service or identity provider routes traffic to the CASB proxy. Direct integration of the CASB and cloud service. Depending on cloud provider APIs, the CASB can view activity, content, and take enforcement action.
  • 21. API-Based SolutionGateway (Reverse Proxy)Gateway (Forward Proxy) Pros • Ability to leverage current on- premises perimeter solutions • Architecture enables handling of transport-layer encryption • Facilitates Shadow IT discovery Cons • Doesn’t work for unmanaged off-premises devices • All traffic from managed endpoints traverses the CASB; potential privacy/compliance concern • Users must either VPN or proxy through the solution Pros • Leverages existing IDP/SSO solutions • Transport-layer security can require certificate rewriting • Proactive DLP enforcement Cons • Rewriting URLs can cause issues if SaaS provider has frequent URL updates • Requires an existing IDP/SSO solution to be in place • SSL encryption can impact deployment Pros • No configuration changes to endpoints or the network • Visibility into sanctioned apps • Reliable insight into what data is in the cloud, and activity logs/user behavior associated with that data Cons • No real-time prevention • API dependency is limited to the application's API offering • Hybrid approach (API + gateway) may be needed to enable features such as encryption and tokenization for some applications
  • 22. Ask yourself: a) Whichever ranks highest in the Gartner Magic Quadrant b) Ask a trusted peer in the industry c) Makes no difference; they’re essentially the same d) Conduct an evaluation HOW CAN YOU DETERMINE WHICH CASB IS RIGHT FOR YOUR ORGANIZATION?
  • 24. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
  • 25. Authors: Matthew Sickles Director, Forsythe Security Solutions Sriram Puthucode VP of Systems Engineering, Cloud Security, Symantec www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses.