The evolution of cloud and mobile security
In this podcast recorded at RSA Conference 2017, Salim Hafid, Product Marketing Manager at Bitglass, talks about how organizations are dealing with BYOD, cloud security, and mobile security, and how these trends are affecting their businesses in a real fundamental way.
Here’s a transcript of the podcast for your convenience.
My name is Salim Hafid. I’m a Product Marketing Manager at Bitglass. We are a cloud security company based in Silicon Valley and today we’re talking about the evolution of cloud security, the evolution of mobile security and how small and large enterprises are evolving to deal with some of these new demands. The demand for cloud and flexibility with the cloud, demand for mobile, demand for BYOD and ways that organizations are sort of changing to deal with these sorts of new trends that are affecting their businesses in a real fundamental way.
We also have several new products, things like Infrastructure as a Service, security is a big focus for us, Software as a Service security, building new apps and growing to reach new industries. We’re big of course in the healthcare virtual and the financial services vertical and many more in the future.
In terms of specifics of what we do, in terms of cloud and mobile security, really there are two – really these two big trends: adoption of BYOD and the other being adoption of cloud. On the BYOD side, it’s really about individuals, right? Employees bringing their personal mobile devices into the organization and wanting to access corporate data with those personal mobile devices.
The traditional way the organizations would secure those devices would be to install some sort of device management software, application management software, right? An MDM or MAM solution and what we’ve seen and what a lot of organizations and IT leaders have seen is that those solutions just aren’t effective. They see relatively limited adoption because of primarily privacy concerns, because they are cumbersome to install, cumbersome to use, cumbersome to manage. If the end-user wants to, for example, update their version of iOS on an iPhone, and you have an MDM solution installed on that device, that can introduce some issues.
Our real focus on the mobile side has been to create a solution that protects data on mobile devices, on these unmanaged mobile devices without actually installing anything on the end point. And that’s been a big focus for us. In all industries this BYOD trend is taking hold and so the need to secure those devices and that data without impeding on user privacy and really driving user adoption has become really key.
The second trend is of course adoption of cloud, and so apps like Office 365, G-suite, Salesforce. These are fundamentally changing sort of workflows for employees. And so on the cloud side, there are a number of new threats, new risks introduced that can result in data leakage which is, you know, really the goal is to limit data leakage, prevent data leakage and you know take on actions that you deem risky in some way.
On the cloud side, our big focus has been on mitigating these threats in different ways. One of these big threats is of course unauthorized access, so you have for example a user coming in from a Starbuck’s outside the corporate network and you deem that a risky access for some reason. Perhaps you have protected health information in the cloud or you have social security numbers in the cloud or some sort of information that you want to protect that you don’t want that sort of unmitigated access to.
In our focus on the cloud side is mitigating those sorts of threats. How do you apply protections to data at access? How do you limit access from unmanaged devices? How do you limit access in contexts that you deem risky? And how do you do that across applications? For IT it’s not just about protecting the data, it’s about protecting the data in a way that’s scalable and it’s easy to match.
That means two things: knowing what’s going on in our cloud application, you know, what users are accessing your data. Who’s downloading that data, when it’s being downloaded, where it’s being downloaded to. And having that information across all apps so that you can identify those sorts of risky transactions, and then having some controls over that data as well.
In our case, it’s really about data leakage prevention, and DLP in the cloud is really key for us. How do you identify those sensitive files and in some way, limit that risky access and how do you protect that data once it moves outside of your application? The way we do that is at Bitglass we’re an in-line, real time solution. And so, in the cloud access security brokers which is the market that we’re in, you know, is growing rapidly and a lot of organizations are putting in place solutions that have some sort of data protection. But we’re unique in that we are a real-time solution that doesn’t install anything on the endpoint.
In the case of these cloudy apps where you have that sensitive data stored in the application and that data is being accessed by an end-user, from, say, an unmanaged device, you want to be able to say, encrypt that data and access. You want to be able to apply DRM to redact some of the sensitive content in that file. And the way that we do that is we sit in line. We sit between the end-point and the cloud application. We proxy without actually installing anything on the endpoint, so you have that balance of flexibility for the end user and privacy for the end user as well as that security for that data.
The traditional approach, we talked a little bit about the traditional approach to mobile – the traditional approach for cloud and some of these data security mechanisms was really firewalls. Your traditional firewall for Paolo Alto or Cisco or what have you, and you would protect data on the network perimeter. But as it moves into these cloud applications, as it moves beyond the network perimeter, as you look to enable these new use case, these new device accesses, as you look to sort of accommodate this shift, it becomes really critical to protect that data in a way that doesn’t impede on the end user’s ability to get their work done. But to do that in a secure way. And so that’s really the balance that we’re striking and we’re really excited about the future as a company at Bitglass and about the market, the CASB market because cloud-access security brokers are really the way that organizations are now looking to protect their data across all applications.
Gartner has said that the market will grow from about 5% to 80% of all organizations using a CASB in the next couple of years. It’s a really exciting time to be a CASB and we’re exited to of course talk to organizations of all sorts about their needs and how we can sort of fit into their overall security strategy.
