In Part 1 of this series, we explored how cloud security has evolved to encompass cloud apps and unmanaged device access. In Part 2, we learned how Bitglass is the only Cloud Access Security Broker that can provide total data protection in-line and in real-time end-to-end (from the cloud application to any device). So what features does Bitglass provide? How do we actually protect data in the cloud?
A key component of the Bitglass CASB solution is our Citadel data protection engine, which combines our context-aware Data Loss Prevention engine with granular access controls to provide extensive in-line protection on any device anywhere. You can configure DLP policies based on a number of criteria: user, geo, access method, and more. From there the Bitglass DLP engine will automatically apply actions to data that matches preset patterns. Organizations in all sectors need to secure sensitive data such as personally identifiable information (PII). Bitglass DLP can encrypt, block, redact, and even apply DRM to that sensitive data as we explored in an earlier blog post.
Identity is the second critical component of the Bitglass CASB solution. Bitglass is flexible and can integrate with any external IdP or IAM system. If you don’t have an identity solution in place, Bitglass can act as your identity management provider to secure logins across cloud apps via single sign-on (SSO). Having an identity solution in place is table stakes for complete cloud security and makes for a seamless CASB deployment, with easy user provisioning and management.
Identity and account management are becoming bigger points of emphasis as more breaches occur due to compromised credentials. Fortunately, you can rely on a CASB for user entity and behavioral analytics (UEBA) to identify suspicious or malicious activity in the cloud.
Finally, Bitglass provides full strength Federal Information Processing Standard (FIPS) compliant 256 AES encryption with 256-bit initialization vectors. What really makes Bitglass Harbor encryption the go-to solutions for some of the most security conscious companies in the world is our ability to maintain full application functionality without compromising encryption strength. While other CASB vendors claim they can encrypt data at rest, most don’t adhere to standards, instead weakening their algorithms to maintain application functionality.
Join us for Part 4, where we’ll discuss our Discovery solution and the importance of scalability.
___