Benefits of Implementing a SaaS Cybersecurity Solution Andras Cser, VP Principal Analyst September 27, 2018
About Andras Cser Vice President, Principal Analyst Serves Security & Risk Professionals Leading expert on identity management, access management, user account provisioning, entitlement management, federation, privileged identity management, and role design and management Andras Cser VP, Principal Analyst 2
About Ian Felder Product Marketing for SaaS and Managed Security Program (MSP) Over 16 Years of Marketing Experience Digital & Social Media Marketing, Competitive Analysis, and Product Marketing Previously at Hologic, Inc. and Signiant Ian Felder Sr. Manager, Product Marketing 3
We work with business and technology leaders to develop customer-obsessed strategies that drive growth. 2016 Forrester Research, Inc. Reproduction Prohibited 5
Benefits of Implementing a SaaS Cybersecurity Solution Andras Cser, VP Principal Analyst September 27, 2018
Assess the impact of cyberattacks You don t want to be on CNN headline news Security has shifted from a Director/VP/CISO/CIO IT problem to a CEO problem Data protection is a key concern Mobile and IoT present new challenges BYOD/user owned devices are here to stay 2018 Forrester Research, Inc. Reproduction Prohibited 7
The Perimeter Is Gone Network segmentation only goes so far in the era of Cloud Firewalling is cumbersome and insecure (too many rules) Data proliferation is only accelerating Email Cloud storage Unstructured 2018 Forrester Research, Inc. Reproduction Prohibited 8
Finding Threats Is Like Finding a Needle In A Haystack Too many infrastructure components (on-prem, managed, IaaS, PaaS, SaaS, hybrid clouds, etc.) Too much data Too many configuration points Too many places your users can place data Too many network paths in most instances BUT if you don t know what you have, you can t monitor it 2018 Forrester Research, Inc. Reproduction Prohibited 9
Why DLP Needs To Evolve DLP needs to evolve from just DLP to include other data controls for a data centric security model Standalone DLP is siloed and can only protect data in specific apps or network perimeters DLP admin access must be protected from malicious tampering and account takeover Traditional DLP may require significant investment to use and tune all its capabilities Limited DLP solutions can cause end user (workforce \ member) friction if used only to stop data flows 2018 Forrester Research, Inc. Reproduction Prohibited 10
Enter Zero Trust Xtended (ZTX) 11
Zero Trust Extended 2018 Forrester Research, Inc. Reproduction Prohibited 12
Zero Trust: How Identity and Information Life Cycles Need to Correlate Source: June 27, 2011, Your Data Protection Strategy Will Fail Without Strong Identity Context Forrester report 2018 Forrester Research, Inc. Reproduction Prohibited 13
Risk Based Access Controls The Only Way To comply, you need to be able to cover the riskiest apps and data, otherwise you drown in costs One size fits all is not an option You have to discover the riskiest apps You have to discover the riskiest users You have to discover the riskiest and largest volume data movements 2018 Forrester Research, Inc. Reproduction Prohibited 14
Context Matters Device type (managed vs. unmanaged) Device age GPS location IP geolocation Activity (Upload, download) Data Volume and Type Any other attribute 2018 Forrester Research, Inc. Reproduction Prohibited 15
Centralization of Identity Is The Only Way To Go Discovery Visibility Auditing Interception 2018 Forrester Research, Inc. Reproduction Prohibited 16
SaaS based approaches in data protection to the rescue Lower cost of operation (labor, hardware, etc.) Policy templates for compliance Fix one, fix all: the network effect Create risk scores using statistical models, machine learning and rules Prioritize risky activities across multiple channels Minimal user friction for accessing data or workloads from a static desktop in a secured building at 9:28am on Tuesday Maximal security (2FA, biometrics, device registration, etc.) for accessing data or workloads from a brand new ipad in a rogue country at 1:32am on Sunday You can also fast track known good users for easier access 2018 Forrester Research, Inc. Reproduction Prohibited 17
Recommendations Understand the mapping between identities and data Don t rely on network perimeters Enforce data access policies centrally B2E, B2B, B2C all require mobile first Cover structured and unstructured data Authorization must be built in 2018 Forrester Research, Inc. Reproduction Prohibited 18
Recommendations Start with a handful of apps Carefully track the user experience (metrics, surveys, etc.) Surface reasons for human-led investigation Integrate with web SSO for web applications (one time, centralized integration 2018 Forrester Research, Inc. Reproduction Prohibited 19
Forrester s Predictions Contextual DLP Cloud DLP Extension of canned models to non-web (phone, in-person, etc.) channels Behavioral biometrics integration with device ID, IP geolocation, etc. Consortium based data use increases Blockchain based RBA drawing information from other lines of businesses or peer companies 2018 Forrester Research, Inc. Reproduction Prohibited 20
Security Is Not Black And White: Anomaly and Automatic Risk Detection For User Behavior For Data Access Will Continue to Improve 2018 Forrester Research, Inc. Reproduction Prohibited 21
Thank you Andras Cser +1-617-613-6365 acser@forrester.com forrester.com
Digital Guardian SaaS Data Protection Reduce overhead, complexity and cost with cloud-based data protection
Cloud-Delivered Threat Aware Data Protection Analytics Workspaces Management Console Applications DG Big Data Cloud Backend Digital Guardian Agent Digital Guardian Appliance 24
Applications Data Loss Prevention Cloud Data Loss Prevention Data Discovery User & Entity Behavior Analytics Data Classification Endpoint Detection & Response 25
Delivering Cloud Based Data Protection FIRST and ONLY Solution to Unify Endpoint Detection & Response Data Loss Prevention User & Entity Behavior Analytics 26
Why Digital Guardian Delivers More Digital Guardian Software as a Service (SaaS) Hosts and Manages a Big Data Security Architecture Delivers Immediate Time to Value Simplifies Maintenance Provides Compute Power to Detect Threats Scalability Threat Intelligence 27
How Digital Guardian Delivers Even More Digital Guardian Managed Security Program Solves Your Security Talent Gap Enables Quick Wins & Long Term Success Allows for Efficient Use of Your Resources Taking Advantage of Best Practices 28
Summary DLP needs to evolve to include other data controls Zero Trust Extended SaaS to the rescue Digital Guardian s Data Protection Platform leverages SaaS to provide data protection that results in Superior Security Better Economics Reduced Overhead 29
See your data 30
Protect your data Data Protection Platform 31
Q&A 32