Post on 30-May-2020
Benefits of Implementing a SaaS
Cybersecurity Solution
Andras Cser, VP Principal Analyst
September 27, 2018
About Andras Cser
2
Vice President, Principal Analyst
Serves Security & Risk Professionals
Leading expert on identity management, access management, user account provisioning, entitlement management, federation, privileged identity management, and role design and management
Andras CserVP, Principal Analyst
About Ian Felder
3
Product Marketing for SaaS and Managed Security Program (MSP)
Over 16 Years of Marketing Experience• Digital & Social Media Marketing,
Competitive Analysis, and Product Marketing
Previously at Hologic, Inc. and Signiant
Ian FelderSr. Manager, Product Marketing
© 2016 Forrester Research, Inc. Reproduction Prohibited 5
We work with business and technology leaders to develop customer-obsessed strategies that drive growth.
Benefits of Implementing a SaaS
Cybersecurity Solution
Andras Cser, VP Principal Analyst
September 27, 2018
7© 2018 Forrester Research, Inc. Reproduction Prohibited
Assess the impact of cyberattacks
›You don’t want to be on CNN
headline news
›Security has shifted from a
Director/VP/CISO/CIO IT problem to a CEO problem
›Data protection is a key concern
›Mobile and IoT present new challenges
›BYOD/user owned devices are here to stay
8© 2018 Forrester Research, Inc. Reproduction Prohibited
›Network segmentation only goes so far in the era
of Cloud
›Firewalling is cumbersome and insecure (too
many rules)
›Data proliferation is only accelerating
• Cloud storage
• Unstructured
The Perimeter Is Gone
9© 2018 Forrester Research, Inc. Reproduction Prohibited
› Too many infrastructure components (on-prem, managed,
IaaS, PaaS, SaaS, hybrid clouds, etc.)
› Too much data
› Too many configuration points
› Too many places your users can place data
› Too many network paths in most instances
› BUT if you don’t know what you have, you can’t monitor it
Finding Threats Is Like Finding a Needle In A Haystack
10© 2018 Forrester Research, Inc. Reproduction Prohibited
\
› DLP needs to evolve from just DLP to include other data
controls for a data centric security model
› Standalone DLP is siloed and can only protect data in
specific apps or network perimeters
› DLP admin access must be protected from malicious
tampering and account takeover
› Traditional DLP may require significant investment to use
and tune all its capabilities
› Limited DLP solutions can cause end user (workforce
member) friction if used only to stop data flows
Why DLP Needs To Evolve
11
Enter Zero Trust
Xtended (ZTX)
12© 2018 Forrester Research, Inc. Reproduction Prohibited
Zero Trust Extended
13© 2018 Forrester Research, Inc. Reproduction Prohibited
Source: June 27, 2011, “Your Data Protection Strategy Will Fail Without Strong Identity Context” Forrester report
Zero Trust: How Identity and Information Life Cycles Need to Correlate
14© 2018 Forrester Research, Inc. Reproduction Prohibited
› To comply, you need to be able to cover the riskiest apps
and data, otherwise you drown in costs
› One size fits all is not an option
› You have to discover the riskiest apps
› You have to discover the riskiest users
› You have to discover the riskiest and largest volume data
movements
Risk Based Access Controls The Only Way
15© 2018 Forrester Research, Inc. Reproduction Prohibited
›Device type (managed vs. unmanaged)
›Device age
›GPS location
› IP geolocation
›Activity (Upload, download)
›Data Volume and Type
›Any other attribute
Context Matters
16© 2018 Forrester Research, Inc. Reproduction Prohibited
›Discovery
›Visibility
›Auditing
› Interception
Centralization of Identity Is The Only Way To Go
17© 2018 Forrester Research, Inc. Reproduction Prohibited
• Lower cost of operation (labor, hardware, etc.)
• Policy templates for compliance
• Fix one, fix all: the network effect
• Create risk scores using statistical models, machine learning and rules
• Prioritize risky activities across multiple channels
• Minimal user friction for accessing data or workloads from a static
desktop in a secured building at 9:28am on Tuesday
• Maximal security (2FA, biometrics, device registration, etc.) for
accessing data or workloads from a brand new iPad in a rogue
country at 1:32am on Sunday
› You can also fast track known good users for easier access
SaaS based approaches in data protection to the rescue
18© 2018 Forrester Research, Inc. Reproduction Prohibited
› Understand the mapping between identities
and data
› Don’t rely on network perimeters
› Enforce data access policies centrally
› B2E, B2B, B2C all require mobile first
› Cover structured and unstructured data
› Authorization must be built in
Recommendations
19© 2018 Forrester Research, Inc. Reproduction Prohibited
› Start with a handful of apps
› Carefully track the user experience (metrics, surveys,
etc.)
› Surface reasons for human-led investigation
› Integrate with web SSO for web applications (one time,
centralized integration
Recommendations
20© 2018 Forrester Research, Inc. Reproduction Prohibited
› Contextual DLP
› Cloud DLP
› Extension of canned models to non-web (phone, in-person, etc.)
channels
› Behavioral biometrics integration with device ID, IP geolocation,
etc.
› Consortium based data use increases
› Blockchain based RBA drawing information from other lines of
businesses or peer companies
Forrester’s Predictions
21© 2018 Forrester Research, Inc. Reproduction Prohibited
Security Is Not Black And White: Anomaly and Automatic Risk Detection For User Behavior For Data Access Will Continue to Improve
forrester.com
Thank you
Andras Cser
+1-617-613-6365
acser@forrester.com
Digital Guardian SaaS Data ProtectionReduce overhead, complexity and cost with cloud-based data protection
24
Digital Guardian
Agent
Digital Guardian
Appliance
Cloud-Delivered
Threat Aware Data Protection
WorkspacesManagement
Console ApplicationsAnalytics
DG Big Data Cloud Backend
Applications
25
User & Entity
Behavior Analytics
Cloud Data
Loss Prevention
Endpoint Detection
& Response
Data
Classification
Data
Discovery
Data Loss
Prevention
Delivering Cloud Based Data Protection
26
FIRST and ONLY Solution to Unify
Endpoint Detection &
Response
Data Loss
Prevention
User & Entity
Behavior Analytics
Why Digital Guardian Delivers More
Hosts and Manages a Big Data
Security Architecture
Delivers Immediate Time to
Value
Simplifies Maintenance
Provides
• Compute Power to Detect
Threats
• Scalability
• Threat Intelligence
27
Digital GuardianSoftware as a Service (SaaS)
How Digital Guardian Delivers Even More
Solves Your Security Talent Gap
Enables Quick Wins & Long
Term Success
Allows for
• Efficient Use of Your Resources
• Taking Advantage of Best
Practices
28
Digital GuardianManaged Security Program
Summary
DLP needs to evolve to include
other data controls
Zero Trust Extended
SaaS to the rescue
Digital Guardian’s Data
Protection Platform leverages
SaaS to provide data
protection that results in
• Superior Security
• Better Economics
• Reduced Overhead
29
your data
30
See
your data
31
Protect
Data Protection Platform
Q&A
32