www.cloudsec.com | #cloudsec

Next-Gen CASB

Patrick Koh | Bitglass pkoh@bitglass.com

#cloudsec

https://www.gartner.com/newsroom/id/3815165

"As of 2016, approximately 17 percent of the total market revenue for infrastructure, middleware, application and business process services had shifted to cloud," said Mr. Nag. "Through 2021, this will increase to approximately 28 percent."

WW Cloud Service Adoption

#cloudsec

APAC Cloud Service Adoption

https://www.gartner.com/newsroom/id/3591417

By 2019, total public cloud services spending rise to $13.6 billion

The highest growth (SaaS) with a 28.5 percent increase in 2017

”… indicators that migration of application and workloads from on premises data centers to the cloud, as well as development of cloud ready and cloud native applications, are fueling growth in the cloud space," said Sid Nagresearch director at Gartner.

"Software vendors will continue to shift investments from on-premises license-based software to cloud-based offerings."

#cloudsec

Problem

Cloud and mobile are beyond the firewall...

Legacy Tech

Firewall

Web Proxy

IPS / IDS

DLP

MDM

...leaving legacy security technologies obsolete.

Managed apps Unmanaged apps

Managed devices Unmanaged devices

CASB Data & Threat Protection

#cloudsec

Problem

enterprises can’t rely solely on native app security

enterprise (CASB)

end-user devices

visibility & analytics

data protection

identity & access control

application

storage

servers

network

#cloudsec

CASB a better approach to cloud security

shadow IT

API-based approach

In-line

Unknown cloud apps usage

Protect Data-at-rest

Real time protection

#cloudsec

Solutions

Unmanaged Applications

Unmanaged Devices

Managed Applications

Long-tail SaaS

#cloudsec

Managed Apps: Control any SaaS or Custom App

Unmanaged Devices Managed Devices

Major SaaS Long-tail SaaS Internal Apps →

Threat Protection

Data Protection

Visibility Identity

Zero-Day CoreTM

● Contextual access control ● DLP w/ adv. remediation ● Field and file encryption

● Known & Zero-day malware protection

● Account hijack protection

● Integrated Single Sign-On (SSO) ● Step-up multi-factor auth ● Session management

● UEBA ● Policy-based remediation

Proxy + API

Agentless Proxy Agent/Agentless Proxy

#cloudsec

Managed App Example: O365

Threat Protection

Stop known and zero-day

threats before upload to

OneDrive

Block email attachments

containing malware

Scan and quarantine

malware at-rest in

OneDrive

Visibility

Comprehensive visibility

and forensics across

cloud footprint

Data-at-rest and data-

in-transit visibility

Data Protection

Identification and

selective encryption of

PII

Control external sharing

via OneDrive, Sharepoint

Block OneDrive sync

client on select devices

Identity

Step-up MFA for risky

behavior/logins

Control access to O365

from unmanaged devices

Session management

#cloudsec

Unmanaged Apps: Expanding Cloud Footprint

First-Gen CASB

Next-Gen CASB

Head: ~10 apps

Long tail: 20,000 apps

#cloudsec

Unmanaged Apps: Zero-Day Shadow IT visibility and protection

95% of apps in use are not sanctioned by IT

EFSS, content apps, social media Discover Shadow IT

Automated Index of over 400K apps Sources of app reputation & risk Reports on app risk, compliance, etc Protect Shadow IT

Automated Zero-Day identification of upload paths Machine-learning tech inspects all upload traffic Data-paths with natural language payloads identified Enforce DLP policy on data paths across all users No signatures required

Proxy or

Firewall

Log Feeds

Automated Index Risk

Reports

Agent/DNS

Zero-Day upload DLP

#cloudsec

Unmanaged

Apps

Managed /Un-Managed Devices

Threat Protection

Data Protection

Visibility Identity

Zero-Day CoreTM

● Control, Block, Coach ● Make any SaaS app read-only ● Zero-day data leakage path learning

● Known & Zero-day malware protection

● Identification Management ● Shadow IT visibility & risk analysis ● Single click app sanctioning

Unmanaged-Controlled Unmanaged-Blocked

#cloudsec

Secure BYOD Unmanaged Device Protection

Demand for byod continues to rise Mobile security cannot be overlooked IT must enable secure access to cloud apps from any device

BYOD poses a threat to data security due to a lack of visibility and control after download

#cloudsec

Unmanaged Devices

Protect Corporate Data on Any Device Selective wipe Device level PIN, encryption

Control flow of data to device via DLP

and remediation actions

Agentless Deployment Avoid user privacy concerns Eliminate deployment complexity Device agnostic

Threat Protection

Data Protection

Visibility Identity

Zero-Day CoreTM

#cloudsec

Our

Solution

Any Device

Agentless Proxies

Unmanaged Devices Managed Devices

Any App

IaaS SaaS Private Cloud/Premises Unsanctioned Apps

APIs + Proxies

Threat Protection

Data Protection

Identity Visibility

Zero-Day CoreTM

#cloudsec

Trusted in Every Industry Financial Services, Healthcare, Manufacturing, Distribution and Many More

#cloudsec

Summary

Agentless deployment, any device

Real-time data protection, anywhere

Zero-day security, any app or workload

www.cloudsec.com | #cloudsec

THANK YOU

Patrick Koh | Bitglass pkoh@bitglass.com