#cloudsec
https://www.gartner.com/newsroom/id/3815165
"As of 2016, approximately 17 percent of the total market revenue for infrastructure, middleware, application and business process services had shifted to cloud," said Mr. Nag. "Through 2021, this will increase to approximately 28 percent."
WW Cloud Service Adoption
#cloudsec
APAC Cloud Service Adoption
https://www.gartner.com/newsroom/id/3591417
By 2019, total public cloud services spending rise to $13.6 billion
The highest growth (SaaS) with a 28.5 percent increase in 2017
”… indicators that migration of application and workloads from on premises data centers to the cloud, as well as development of cloud ready and cloud native applications, are fueling growth in the cloud space," said Sid Nagresearch director at Gartner.
"Software vendors will continue to shift investments from on-premises license-based software to cloud-based offerings."
#cloudsec
Problem
Cloud and mobile are beyond the firewall...
Legacy Tech
Firewall
Web Proxy
IPS / IDS
DLP
MDM
...leaving legacy security technologies obsolete.
Managed apps Unmanaged apps
Managed devices Unmanaged devices
CASB Data & Threat Protection
#cloudsec
Problem
enterprises can’t rely solely on native app security
enterprise (CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
#cloudsec
CASB a better approach to cloud security
shadow IT
API-based approach
In-line
Unknown cloud apps usage
Protect Data-at-rest
Real time protection
#cloudsec
Solutions
Unmanaged Applications
Unmanaged Devices
Managed Applications
Long-tail SaaS
#cloudsec
Managed Apps: Control any SaaS or Custom App
Unmanaged Devices Managed Devices
Major SaaS Long-tail SaaS Internal Apps →
Threat Protection
Data Protection
Visibility Identity
Zero-Day CoreTM
● Contextual access control ● DLP w/ adv. remediation ● Field and file encryption
● Known & Zero-day malware protection
● Account hijack protection
● Integrated Single Sign-On (SSO) ● Step-up multi-factor auth ● Session management
● UEBA ● Policy-based remediation
Proxy + API
Agentless Proxy Agent/Agentless Proxy
#cloudsec
Managed App Example: O365
Threat Protection
Stop known and zero-day
threats before upload to
OneDrive
Block email attachments
containing malware
Scan and quarantine
malware at-rest in
OneDrive
Visibility
Comprehensive visibility
and forensics across
cloud footprint
Data-at-rest and data-
in-transit visibility
Data Protection
Identification and
selective encryption of
PII
Control external sharing
via OneDrive, Sharepoint
Block OneDrive sync
client on select devices
Identity
Step-up MFA for risky
behavior/logins
Control access to O365
from unmanaged devices
Session management
#cloudsec
Unmanaged Apps: Expanding Cloud Footprint
First-Gen CASB
Next-Gen CASB
Head: ~10 apps
Long tail: 20,000 apps
#cloudsec
Unmanaged Apps: Zero-Day Shadow IT visibility and protection
95% of apps in use are not sanctioned by IT
EFSS, content apps, social media Discover Shadow IT
Automated Index of over 400K apps Sources of app reputation & risk Reports on app risk, compliance, etc Protect Shadow IT
Automated Zero-Day identification of upload paths Machine-learning tech inspects all upload traffic Data-paths with natural language payloads identified Enforce DLP policy on data paths across all users No signatures required
Proxy or
Firewall
Log Feeds
Automated Index Risk
Reports
Agent/DNS
Zero-Day upload DLP
#cloudsec
Unmanaged
Apps
Managed /Un-Managed Devices
Threat Protection
Data Protection
Visibility Identity
Zero-Day CoreTM
● Control, Block, Coach ● Make any SaaS app read-only ● Zero-day data leakage path learning
● Known & Zero-day malware protection
● Identification Management ● Shadow IT visibility & risk analysis ● Single click app sanctioning
Unmanaged-Controlled Unmanaged-Blocked
#cloudsec
Secure BYOD Unmanaged Device Protection
Demand for byod continues to rise Mobile security cannot be overlooked IT must enable secure access to cloud apps from any device
BYOD poses a threat to data security due to a lack of visibility and control after download
#cloudsec
Unmanaged Devices
Protect Corporate Data on Any Device Selective wipe Device level PIN, encryption
Control flow of data to device via DLP
and remediation actions
Agentless Deployment Avoid user privacy concerns Eliminate deployment complexity Device agnostic
Threat Protection
Data Protection
Visibility Identity
Zero-Day CoreTM
#cloudsec
Our
Solution
Any Device
Agentless Proxies
Unmanaged Devices Managed Devices
Any App
IaaS SaaS Private Cloud/Premises Unsanctioned Apps
APIs + Proxies
Threat Protection
Data Protection
Identity Visibility
Zero-Day CoreTM
#cloudsec
Trusted in Every Industry Financial Services, Healthcare, Manufacturing, Distribution and Many More
#cloudsec
Summary
Agentless deployment, any device
Real-time data protection, anywhere
Zero-day security, any app or workload