STORYBOARD S Securi ng Salim Hafid Product Marketing shafid@bitglass .com Rich Campagna VP, Products [email protected] om
STORYBOARDS120k Enterprises - 2015 Bitglass Cloud Adoption Report
Office 365 The Leading SaaS Suite
STORYBOARDS
Users want access
Starbucks
Managed Device
Any Device...
Anywhere...
Unmanaged Device
CorporateNetwork
STORYBOARDS
Enterprise wants security and control
Visibility and audit
Restrict data on unmanaged devices
Prevent hacked accounts
Prevent data leakage & control access
STORYBOARDS
First Attempt – Infrastructure “Lockdown”
Firewall DLP
Web Proxy
VPN
HQ & Branch Office
Starbucks
ApartmentVPN
MDM
STORYBOARDS
Components
Usage/Consumption
Data
Application
Services
Servers & Storage
Network
Area
Data
Application
Infrastructure
Owner
Enterprise
Second Attempt - Rely on O365
STORYBOARDS
Solution?
Cloud Access Security Brokers (CASBs)
STORYBOARDS
Office 365 Security Critical Capabilities
Protect sensitive data at rest via encryption, external sharing controls
Cloud Identity Mobile
Unified identity and contextual multi-factor authentication
Protect sensitive cloud data sync’d/downloaded to managed and unmanaged devices
Access
Contextual access control, data leakage prevention, visibility
STORYBOARDS
Cloud
VisibilityData-at-rest discovery
Sharing, DLP
ControlSharing
permissions, Track, DRM, Redact
EncryptionData-at-rest in OneDrive,
DLP Matched
+many more...
STORYBOARDS
Access + Mobile
VisibilityAlerts, Reporting
Audit Logs
DLPPre-defined,
Keywords, Regex
Track/Watermark
Encrypt
Redact
Block
DRM
Access Control
Device, Role, Geo, etcManaged vs unmanaged
Selective Wipe
Full Wipe
STORYBOARDS
+many more...
Identity
Unified identity for all cloud apps (via
AD)
Contextual multi-factor authentication
Identity compromise detection
STORYBOARDS
Microsoft DLP Limitations
Data Egress PolicyData, Sender, Recipient
Inbound PolicyData, User, Device,
LocationAny Cloud
App
Email, Files
Outbound PolicySharing, Sending, etc
Email, Files
STORYBOARDS
Typical CASB Policy
Managed Devices
Application Access Access Control Data Protection
BYOD Mobile & Laptops
In the Cloud
Forward ProxyActiveSync Proxy
Device Profile: Pass● Email● Browser● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VMActiveSync Proxy
● DLP/DRM/encryption ● Device controls● Selective wipe enabled
API Control External Sharing Blocked
● Block external shares● Alert on DLP events
Device Profile: Fail● Mobile Email● BrowserContextual Multi-factor Auth
STORYBOARDS
● Unmanaged device access○ Reverse Proxy and
ActiveSync● Managed device access
○ Forward Proxy● Secure Data-at-Rest
○ API control
How it worksComprehensive CASB Architecture
STORYBOARDS
Who is Bitglass?
STORYBOARDS
The Bitglass MissionTotal data protection outside the firewall
$35M investment Est. Jan. 2013 CA, NY, MA, IL, NC
STORYBOARDS
Helpful Resources
1. Glass Class - Securing O365 with a CASB
2. Case Study - Ad Agency Secures Office 365
3. Definitive Guide to O365 Security