Next-Gen CASB Patrick Koh Bitglass pkoh@bitglass.com www.cloudsec.com
WW Cloud Service Adoption https://www.gartner.com/newsroom/id/3815165 "As of 2016, approximately 17 percent of the total market revenue for infrastructure, middleware, application and business process services had shifted to cloud," said Mr. Nag. "Through 2021, this will increase to approximately 28 percent."
APAC Cloud Service Adoption https://www.gartner.com/n ewsroom/id/3591417 By 2019, total public cloud services spending rise to $13.6 billion The highest growth (SaaS) with a 28.5 percent increase in 2017 indicators that migration of application and workloads from on premises data centers to the cloud, as well as development of cloud ready and cloud native applications, are fueling growth in the cloud space," said Sid Nagresearch director at Gartner. "Software vendors will continue to shift investments from on-premises license-based software to cloud-based offerings."
Problem Cloud and mobile are beyond the firewall... Unmanaged apps Managed apps Legacy Tech Firewall Web Proxy IPS / IDS DLP CASB Data & Threat Protection MDM Unmanaged devices...leaving legacy security technologies obsolete. Managed devices
Problem enterprises can t rely solely on native app security end-user devices visibility & analytics data protection identity & access control application storage servers network enterprise (CASB)
CASB a better approach to cloud security shadow IT APIbased approac h In-line Unknown cloud apps usage Protect Data-atrest Real time protectio n
Solutions Managed Applications Long-tail SaaS Unmanaged Applications Unmanaged Devices
Managed Apps: Control any SaaS or Custom App Major SaaS Long-tail SaaS Internal Apps Proxy + API Contextual access control DLP w/ adv. remediation Field and file encryption Data Protection Threat Protection Known & Zero-day malware protection Account hijack protection Zero-Day Core TM Integrated Single Sign-On (SSO) Step-up multi-factor auth Session management Identity Visibility UEBA Policy-based remediation Agent/Agentless Proxy Agentless Proxy Managed Devices Unmanaged Devices
Managed App Example: O365 Identity Data Protection Visibility Threat Protection Step-up MFA for risky behavior/logins Control access to O365 from unmanaged devices Session management Identification and selective encryption of PII Control external sharing via OneDrive, Sharepoint Block OneDrive sync client on select devices Comprehensive visibility and forensics across cloud footprint Data-at-rest and datain-transit visibility Stop known and zero-day threats before upload to OneDrive Block email attachments containing malware Scan and quarantine malware at-rest in OneDrive
Unmanaged Apps: Expanding Cloud Footprint First-Gen CASB Head: ~10 apps Long tail: 20,000 apps Next-Gen CASB
Unmanaged Apps: Zero-Day Shadow IT visibility and protection 95% of apps in use are not sanctioned by IT EFSS, content apps, social media Discover Shadow IT Automated Index of over 400K apps Sources of app reputation & risk Reports on app risk, compliance, etc Protect Shadow IT Automated Zero-Day identification of upload paths Machine-learning tech inspects all upload traffic Data-paths with natural language payloads identified Enforce DLP policy on data paths across all users No signatures required Risk Report s Proxy or Firewall Automated Index Log Feeds Zero-Day upload DLP Agent/DNS
Unmanaged Apps Unmanaged-Controlled Unmanaged-Blocked Control, Block, Coach Make any SaaS app read-only Zero-day data leakage path learning Data Protection Threat Protection Known & Zero-day malware protection Zero-Day Core TM Identity Visibility Identification Management Shadow IT visibility & risk analysis Single click app sanctioning Managed /Un-Managed Devices
Secure BYOD Unmanaged Device Protection Demand for byod continues to rise Mobile security cannot be overlooked IT must enable secure access to cloud apps from any device BYOD poses a threat to data security due to a lack of visibility and control after download
Unmanaged Devices Protect Corporate Data on Any Device Selective wipe Device level PIN, encryption Control flow of data to device via DLP and remediation actions Data Protection Zero-Day Core TM Threat Protection Agentless Deployment Avoid user privacy concerns Eliminate deployment complexity Device agnostic Identity Visibility
Our Solution IaaS SaaS Private Cloud/Premises Unsanctioned Apps Any App APIs + Proxies Data Protection Threat Protection Zero-Day Core TM Identity Visibility Managed Devices Agentless Proxies Any Device Unmanaged Devices
Trusted in Every Industry Financial Services, Healthcare, Manufacturing, Distribution and Many More
Summary Zero-day security, any app or workload Agentless deployment, any device Real-time data protection, anywhere
THANK YOU Patrick Koh Bitglass pkoh@bitglass.com www.cloudsec.com