Visibility and Control for Sanctioned & Unsanctioned Cloud Apps

© 2015 Imperva, Inc. All rights reserved.

Visibility and Control for

Sanctioned & Unsanctioned

Cloud Apps

Walter Doria – Technical Director Exclusive Networks

Gabriele Buratti – Principal SE Imperva


Today’s Agenda

• Introductions & Discussion

• Market Overview, Trends, Risks & Gaps

• Understanding Imperva Skyfence Use Cases

• Deployment Considerations

• Live Demo

• Q & A

Confidential2


Gartner WAF MQ: Imperva is alone as the “Leader”

What do we do?

Enable organizations safe and productive use of corporate

SaaS applications

Why is it relevant?

The cloud app trend has created a visibility and control blind

spot for IT that cannot be addressed by traditional controls

Part of Imperva (NYSE: IMPV)

Acquired in February 2014 for $60M

Imperva Background

Founded in 2002

650+ employees

Customers in 75+ countries

4000+ Enterprise Customers

Highest returning IPO of 2011

Who is Skyfence?

33Confidential


Market Overview

Cloud Access Security Brokers

• CASB named #1 in top 10 technologies for IT Security in 2014

• By 2017, those making a strategic decision to invest in cloud apps for

mission-critical workloads will consider CASB essential

• The CASB market will reach $500 million by year-end 2017

• Most of the market in 2014, enterprise customers, all verticals

• Offline deployment

• 3rd party logs, API, or web-accessRisk Assessment

• Rapidly catching-up, expected 100% penetration by 2017

• Inline deployment

• Forward / reverse proxies, SWG integrations, endpoint agents

Monitoring & Enforcement

Two primary use cases for IT:

Confidential4


Customer-facing Applications

Moving to IaaS or PaaS providersEmployee-facing Applications

are SaaS and Cloud Apps

Data Proliferation to the Cloud

Traditional Data Center

55Confidential


No visibility into who is using what apps

No way to assess cloud apps risks and prioritize

Unable to monitor and analyze all activity

No endpoint control capabilities for cloud apps

Cloud apps are a prime target for hackers and malicious insiders – data exfiltration

Corporate

Employees, Mobile

Workers and

Hackers

Cloud

Applications

Challenges of Cloud Apps and “Shadow IT”

66Confidential


Visibility and Control for Cloud Applications

Cloud Discovery & Governance (Offline) Cloud Audit & Protection (Inline)

Cloud Security Suite

Monitor Activity of Users & Admins – Push to SIEM

Endpoint & Data Access Controls with Risk-based MFA

Detect Anomalies & Prevent Account Takeover Attacks

Discover “Shadow IT” Apps & Assess Risk

Review User Entitlements to Find Dormant &

Orphaned Accounts

Centrally Assess Security & Configuration Settings

of Cloud Apps

7Confidential

Corporate

Employees, Mobile

Workers and

Hackers

Cloud

Applications


User Entitlements Review

• Dormant Users – cost reduction opportunity

• Orphaned Accounts – risk of ex-employees’ access

• External User – partners, suppliers with access

Application Configuration Review

• Benchmark current configuration with best practices

• Mitigate risks associated with configuration issues

Integrated Remediation Workflow

• Assign tasks to resolve user & application issues

Skyfence Risk Governance – Understand Your Specific Risks

9Confidential


Common Skyfence Use Cases for the Cloud

Secure Office 365 Users

• Endpoint access control

• Monitor & control uploads and downloads

• Prevent account takeover

Control Collaboration and File Sharing

• Visibility over sharing of unstructured data

• Data security

Manage AWS Console Users

• Discovery of AWS console users

• Risk-based strong authentication

• Blocking/controlling high-risk actions

• Prevent account takeover

Discover Line of Business Apps

• Sanctioned and unsanctioned

• Over 5,000 apps supported (Salesforce, NetSuite, etc.)

10Confidential


Metro Bank Uses Skyfence to Secure Office 365 Apps

Background

• Fast-growing, UK-based bank

• 1400 users

• Office 365 apps: Email, SharePoint, Yammer, and OneDrive

Challenges

• Employees require remote access to Office 365 apps

• Microsoft “IP fencing” was ineffective at controlling BYOD access

• Required non-intrusive approach – no impact to end users

• Integrate with AirWatch MDM deployment

Solution Benefits

• Global enforcement of access controls

• Consistent, detailed, and clear visibility into all cloud app activity

• PCI DSS compliance for cloud access outside of the organization

11Confidential


Cloud Access Security Delivered with Incapsula CDN

Solves Key Customer Issues

• Security

• Performance

• Scalability

Single Architecture for all Apps

• Customer-facing Production Apps

• Employee-facing SaaS Apps (Salesforce, Office 365, etc.)

13Confidential


See What You Are Missing – Illuminate Shadow IT

Free Download for Cloud App Discovery

• Windows and Mac versions

• Scans Web Proxy, SIEM, and Firewall logs

• Quantify apps, users, activities, & risk

• Includes free online support & Knowledge Base

• www.skyfence.com/cloud-discovery-free

Scan1Review Results2

Corporate Network

Discovered Apps

Cloud Discovery Tool

LOG FilesFirewall / Web Proxy

Corporate Network

16Confidential

http://www.skyfence.com/cloud-discovery-free


Pros ProsCons Cons

Requires SSO

Limited desktop /

mobile apps support*

BYOD

No endpoint agents

No endpoint config

Doesn’t require SSO

Full desktop /

mobile apps support

No BYOD

Endpoint agents

Endpoint config

* Supported features include limited User Access Control, full support requires agent installation

SAML Redirect SWG Integration / Endpoint clients

Forward ProxyReverse Proxy

Corporate / Managed Corporate / ManagedBYOD BYOD

Flexible Enterprise Deployment Options

17Confidential


Skyfence Cloud Gateway

Live Demo

Confidential18

Documents

Visibility and Control for Sanctioned & Unsanctioned Cloud Apps