Upload
bitglass
View
68
Download
0
Embed Size (px)
Citation preview
webinarsept 28
2016
bridging the o365
security gap
STORYBOARDS
office 365 is the leading SaaS productivity suite:market share has tripled year over year
2014 2015
google apps office 365
other
16.3%
7.7%
76%
22.8%
25.2%52%
poll:what are your
office 365 migration
plans?
STORYBOARDS
the traditional approach to
security is inadequate
STORYBOARDS
the data blind spot:enterprises can’t rely solely on native app security
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
5
STORYBOARDS
a security balancing act:empower users, maintain control
■ Visibility and control over corporate data in Office 365
■ Prevent unauthorized access■ Limit external sharing■ Restrict access on unmanaged devices
○ Managing OneDrive sync, access in risky contexts, more
STORYBOARDS
components of o365 security
identity
cloud
access
mobile
STORYBOARDS
cloud:protect data-at-rest in o365
■ External sharing opens the door to unintended leaks○ API-based controls can restrict
sharing of sensitive data■ User behavior analytics, logging
○ Little in-app visibility, no cross-app visibility
○ Third-party solutions are built with compliance in mind
STORYBOARDS
access:native security provides limited visibility
■ More access, greater risk of data leakage
○ Granular access controls can limit risky access
■ DLP is critical to securing sensitive data in risky contexts○ Complete security solutions should
be content-aware, apply DLP at access
STORYBOARDS
mobile:distinguish between managed and unmanaged devices
■ Employees have rejected MDM and MAM
■ IT must securely enable access to frequently used apps
■ Allow different levels of mobile access based on device type, user, etc.
STORYBOARDS
identity:centralized identity management is key to securing data■ Cloud app identity management
should maintain the best practices of on-prem identity
■ O365 can identify some but not all high-risk logins
■ Prevent use of compromised credentials with cross-app IAM, step-up MFA
STORYBOARDS
■ BYOD blindspot - O365 DLP is not geared toward protecting data on BYOD
■ High operational overhead - Complex to configure and maintain
■ Difficult deployment - Sharepoint/OneDrive DLP integration requires Office 2016 on PCs
■ High cost - Must have top of the line license
■ Point solution - Support focused on Office 365, what about other cloud apps?
office 365 native dlp:complex, costly, and doesn’t work across apps
poll:what cloud
security functions are
most important?
STORYBOARDS
casb security:a data-centric approach
o365 requires a new security architecture■ Cross-device, cross-application
agentless data security■ Real-time data protection■ Limit high-risk activities like external
file sharing, unmanaged access
■ User behavior analytics
STORYBOARDS
managed devices
application access mode data protection
unmanaged devices &
mobiles
in the cloud
● profile-agent● VPN+IP-restriction
● DLP/DRM/encryption ● Device controls, e.g PIN● Agentless Selective wipe● Client apps: allow/block ● OneDrive
● Sharepoint ● API● Quarantine DLP● Block external shares● Alert on DLP events
office 365 use case:real-time inline data protection on any device
Legacy Auth Apps e.g Office 2010
● Full access
Modern Auth Apps e.g Office 2013+
● profile agent● VPN+IP-restriction● certificates
● Full access
● Browser● ActiveSync Mail● Client apps
● Reverse-proxy + AJAX-VM● ActiveSync Proxy
15
STORYBOARDS
client■ 180,000 employees■ Among the largest US healthcare orgs
challenge■ HIPAA Compliant cloud and mobile■ Controlled access to Office 365 from
managed & unmanaged devices■ Control external sharing■ Real-time inline data protection
solution■ Real-time inline protection on any
device■ Contextual access control on managed &
unmanaged devices (Omni)■ Real-time DLP on any device■ API control in the cloud■ Agentless BYOD with selective wipe■ Enterprise-wide for all SaaS apps
secure office 365 + byod
majorhealthcare firm
STORYBOARDS
secure salesforce
+ office 365
17
client■ 20,000 employees■ Global presence■ $6T in assets under management
challenge■ Needed complete CASB for enterprise-wide
migration to SaaS■ Security for Office 365■ Encryption of data-at-rest in Salesforce
solution■ Searchable true encryption of data in
Salesforce■ Real-time inline DLP on any device
(Citadel)■ Contextual access control on managed &
unmanaged devices (Omni)■ API control in the cloud■ Discover breach & Shadow IT
financial services client
STORYBOARDS
our mission
total data
protection est. jan
2013
200+ custome
rs
tier 1 VCs
resources:more info about office 365 security
■ whitepaper: definitive guide to casbs
■ case study: fortune 100 healthcare firm secures o365
■ video: securing office 365
STORYBOARDS
bitglass.com@bitglass