Keeping Your Boat Afloat with a Cloud Access Security Broker

By Prasidh Srikanth, Senior Product Manager, Bitglass

boat on an Alpine lakeIf you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating to the cloud, looking for increased productivity, collaboration, and cost savings. In this new ocean, organizations must decide how to prioritize security concerns so that they can prevent data leakage.

There are two schools of thought on how organizations should accomplish the above. The first entails beginning by securing your most-used SaaS apps (Office 365BoxG SuiteSlack, et cetera). This is ideally done through a multimode cloud access security broker (CASB) that secures data access in real time via proxy, and secures data at rest in the cloud through API integrations. As these major apps are the primary locations to which your data is flowing, they are your first responsibility to address.

From there, a shadow IT discovery tool can be used to identify the other, less frequently used SaaS apps that employees are accessing. When these uncommon, less widely known apps are discovered, you may then choose to perform policy-based remediations; for example, coaching users to sanctioned alternatives, making shadow IT apps read only, or blocking access altogether. In this way, the larger security gaps are addressed before the smaller ones, meaning that your boat is successfully patched and gets to sail onward.

The other approach to cloud security says that organizations should perform shadow IT discovery before they begin to secure major SaaS applications and enforce data protection policies. In other words, you have to identify everything before you can begin securing anything. With this approach, you start by hunting down every minuscule security gap before beginning to address the apps that represent the largest data leakage threats, meaning that your boat is allowed to take on water.

Gaining insight into SaaS app usage is helpful for the enterprise; however, there’s a handful of apps that act as the gateway to your cloud journey. Addressing these commonly used applications first is the right way to secure your cloud migration. Once you have your bases covered in this way, you can further strengthen your security posture by performing shadow IT discovery and securing the other apps that represent the metaphorical small holes in your boat. With this measured and methodical security approach, you can confidently continue to transform your business and sail into the cloud.

How to Do the Impossible and Secure BYOD

By Will Houcheime, Product Marketing Manager, Bitglass

Mission Impossible: Securing BYOD report coverThe use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to share information and complete tasks. However, BYOD also makes it more difficult for businesses to oversee and protect the flow of corporate data. In light of this, Bitglass surveyed IT experts to learn about what organizations are doing to secure BYOD.

According to the report, 85 percent of organizations enable BYOD, making those that do not grant personal device access the minority. Additionally, BYOD is no longer limited to employees’ personal devices – data is also being accessed by contractors, partners, customers, and suppliers on their own private endpoints. As such, adopting a security solution built for BYOD (like an agentless cloud access security broker) is imperative for any organization seeking comprehensive data and threat protection. While companies are quick to enable BYOD because of its numerous benefits, failing to do so securely will inevitably leave the enterprise exposed to a variety of threats.

Despite the fact that there are many reasons to adopt BYOD, a handful of companies still refuse to do so. Our survey shows that the primary reason for this is an uncertainty over the ability to protect data flowing to personal devices. Employees typically reject the agent-based security tools (MDM, MAM, etc.) that organizations try to install on their personal devices when they want to secure BYOD. This is because agents can invade their privacy and harm their user experience. Our advice: Look for an agentless CASB that gives organizations comprehensive visibility and control over their data – even when it is being accessed by personal devices

In Mission Impossible: Securing BYOD, learn why companies are adopting BYOD, how they are securing it, and much more.