Securing IaaS Applications

webinarmarch 22

2016

CASBs for IaaS

STORYBOARDS

enterprise

end-user devicesvisibility & analytics

data protectionidentity & access control

applicationstorageserversnetwork

the data blind spotcloud app vendors don’t control cloud usage

app vendor

STORYBOARDS

key security challengesIaaS apps introduce new risks

■ IaaS management consoles and VMs

■ Connected cloud applications (e.g. data visualization tools)

■ Access to connected apps

■ Data-at-rest in the cloud

STORYBOARDS

security must evolve to

protect data in the cloud

ungoverned access to

corporate data in the cloud

data-at-rest in the cloud

sensitive cloud data on

unmanaged devices

STORYBOARDS

cloud security must strike the balance between agility and security

data protection for all user devices – managed and unmanaged

fast and flexible agentless deployments

user privacy and mobility

poll:what are your

biggest challenges in

protecting IaaS apps?

STORYBOARDS

challenge 1: protecting management consoles

■ AWS, Azure, and Google Cloud management consoles are a gateway

■ Spinning up VMs, killing existing instances, and more

■ Limited native access controls

STORYBOARDS

challenge 2: secure data at rest

■ Data stores like S3 contain sensitive data

■ PII, PHI, PCI subject to strict regulatory mandates

○ Visibility and control necessary for compliance

■ Enterprises must encrypt or at minimum tokenize sensitive fields

STORYBOARDS

challenge 3: secure access to connected apps

■ Connected data crunching and visualization apps have full access to data stores

■ Typical use case is

■ Protecting connected apps requires access controls, DLP, more

poll:what capabilities

are you looking to leverage to protect data?

STORYBOARDS

critical capabilities for IaaS security

identity

tokenization

access control

audit + visibility

STORYBOARDS

cloud tokenizationprotect data-at-rest while retaining app functionality

■ Useful for PII and PCI, subject to stringent regulatory mandates

■ Tokenize just those fields that are most sensitive

■ Protects PII as it moves from data stores to connected apps (e.g. S3 to RDS to Tableau)

STORYBOARDS

audit and visibility

■ User behavior analytics & alerting - identify suspicious behavior

■ Detailed logs required to prove appropriate controls are in place

○ Access control policies

○ Sensitive data at rest

○ Risky external shares

STORYBOARDS

data-centric protectionaccess controls and real-time cloud dlp

■ Outright blocking forces users to work around IT

■ Granular context-based controls extend access while applying appropriate protections

■ DLP protects data at access and after download

STORYBOARDS

identity

■ Cloud app identity management should maintain the best practices of on-prem identity

■ Cross-app visibility over suspicious logins can help to prevent a breach

STORYBOARDS

casb securitya data-centric approach

a new security architecture for the new data reality

■ tokenize data as it moves between IaaS apps

■ apply granular access controls

■ protect data at download with cloud DLP

■ detailed logging for compliance

our mission

total data

protectionoutside the

firewall

17

#1 CASB real-time data protection

founded 2013 tier 1 funding

award-winning

tech leader3 patents,3 pending

resources:more info about cloud security

■ technical overview: bitglass for aws

■ solution brief: bitglass cloud security

STORYBOARDS

bitglass.com@bitglass