At Bitglass, customers and prospects are constantly asking us questions about secure access service edge and how our SASE platform can address their modern security use cases. In particular, we are commonly asked how organizations should go about deploying a complete SASE platform like ours. Bitglass’ offering is comprehensive, and there is no shortage of functionality that customers can use to secure interactions between any devices, apps, web destinations, on-premises resources, and infrastructure. So for many organizations, the question is, “Where do we start and how do we move towards deploying the whole platform?”
For organizations that would prefer to pace themselves and take a slower, more methodical approach to SASE adoption, we recommend a strategy of “Crawl, walk, run.” That is, start off by addressing simple use cases through table-stakes technologies that will give you quick, easy wins. From there, move on to address increasingly complex use cases through more advanced technologies; see below.
Organizations should begin with basic, out-of-band CASB protections for data at rest--these are simpler to deploy because they are not inline or real time. This is accomplished through API integrations with applications like Office 365, Box, G Suite, Salesforce, and others. In this way, organizations can scan for sensitive data patterns already existing in their cloud resources, find out if they are shared publicly, and identify documents at rest infected with malware. At the same time, organizations should consider implementing discovery functionality for identifying unmanaged applications in use, as well as cloud security posture management (CSPM) for locating and remediating misconfigurations in IaaS platforms.
The benefit of this approach is that it delivers visibility over sensitive data in the cloud as well as unknown SaaS application usage, helping to form a more robust cloud security program and helping to shape policy with executive management.
With the above out-of-band protections in place, companies can begin to roll out more advanced inline technologies. Specifically, they can utilize our CASB’s specialized proxy deployment modes. By proxying traffic, companies can solve more complex (and arguably more important) use cases; for example, scanning files at upload and download for real-time data and threat protection as users access cloud resources. At Bitglass, we can accomplish this agentlessly through our patented reverse proxy, which is incredibly important for securing unmanaged devices (contractor endpoints, BYOD, and more).
With both out-of-band and inline CASB functionality in place for securing data at access and at rest in the cloud, organizations can proceed to deploying the other components of Bitglass’ SASE platform. They should first roll out our SmartEdge Secure Web Gateway, the world’s only on-device SWG, which provides superior performance, scalability, and security for the web and shadow IT--complete with upload DLP controls for non-corporate SaaS applications. Then they can deploy zero trust network access (ZTNA), which includes real-time data and threat protection for true zero-trust security for on-premises resources.
By moving through the above process, customers can deploy a fully featured SASE platform and secure any interaction. Want to learn more about Bitglass’ SASE offering? Download the SASE with Bitglass brief below.