STORYBOARDS

Securing

Salim HafidProduct Marketingshafid@bitglass.com

Rich CampagnaVP, Productsrcampagna@bitglass.com

STORYBOARDS120k Enterprises - 2015 Bitglass Cloud Adoption Report

Office 365 The Leading SaaS Suite

STORYBOARDS

Users want access

Starbucks

Managed Device

Any Device...

Anywhere...

Unmanaged Device

CorporateNetwork

STORYBOARDS

Enterprise wants security and control

Visibility and audit

Restrict data on unmanaged devices

Prevent hacked accounts

Prevent data leakage & control access

STORYBOARDS

First Attempt – Infrastructure “Lockdown”

Firewall DLP

Web Proxy

VPN

HQ & Branch Office

Starbucks

ApartmentVPN

MDM

STORYBOARDS

Components

Usage/Consumption

Data

Application

Services

Servers & Storage

Network

Area

Data

Application

Infrastructure

Owner

Enterprise

Second Attempt - Rely on O365

STORYBOARDS

Solution?

Cloud Access Security Brokers (CASBs)

STORYBOARDS

Office 365 Security Critical Capabilities

Protect sensitive data at rest via encryption, external sharing controls

Cloud Identity Mobile

Unified identity and contextual multi-factor authentication

Protect sensitive cloud data sync’d/downloaded to managed and unmanaged devices

Access

Contextual access control, data leakage prevention, visibility

STORYBOARDS

Cloud

VisibilityData-at-rest discovery

Sharing, DLP

ControlSharing

permissions, Track, DRM, Redact

EncryptionData-at-rest in OneDrive,

DLP Matched

+many more...

STORYBOARDS

Access + Mobile

VisibilityAlerts, Reporting

Audit Logs

DLPPre-defined,

Keywords, Regex

Track/Watermark

Encrypt

Redact

Block

DRM

Access Control

Device, Role, Geo, etcManaged vs unmanaged

Selective Wipe

Full Wipe

STORYBOARDS

+many more...

Identity

Unified identity for all cloud apps (via

AD)

Contextual multi-factor authentication

Identity compromise detection

STORYBOARDS

Microsoft DLP Limitations

Data Egress PolicyData, Sender, Recipient

Email

Inbound PolicyData, User, Device,

LocationAny Cloud

App

Email, Files

Outbound PolicySharing, Sending, etc

Email, Files

STORYBOARDS

Typical CASB Policy

Managed Devices

Application Access Access Control Data Protection

BYOD Mobile & Laptops

In the Cloud

Forward ProxyActiveSync Proxy

Device Profile: Pass● Email● Browser● OneDrive Sync

● Full Access

Reverse Proxy + AJAX VMActiveSync Proxy

● DLP/DRM/encryption ● Device controls● Selective wipe enabled

API Control External Sharing Blocked

● Block external shares● Alert on DLP events

Device Profile: Fail● Mobile Email● BrowserContextual Multi-factor Auth

STORYBOARDS

● Unmanaged device access○ Reverse Proxy and

ActiveSync● Managed device access

○ Forward Proxy● Secure Data-at-Rest

○ API control

How it worksComprehensive CASB Architecture

STORYBOARDS

Who is Bitglass?

STORYBOARDS

The Bitglass MissionTotal data protection outside the firewall

$35M investment Est. Jan. 2013 CA, NY, MA, IL, NC

STORYBOARDS

Helpful Resources

1. Glass Class - Securing O365 with a CASB

2. Case Study - Ad Agency Secures Office 365

3. Definitive Guide to O365 Security

STORYBOARDS

Securing

Salim HafidProduct Marketingshafid@bitglass.com

Rich CampagnaVP, Productsrcampagna@bitglass.com