the bitglass blog

As has been widely reported, Verizon is the latest enterprise to be hit with a large-scale data breach. Over 14 million customer records were left exposed due to a misconfiguration in Verizon’s Amazon Web Services (AWS) instance. Among the leaked information were logs containing customer names, cell phone numbers, and account PINs. Had this data fallen into the hands of hackers, even the most security conscious users – those with two-step authentication enabled – could have been bypassed, allowing hackers to hijack a customer's account and phone number.

Many Cloud Access Security Brokers and even cloud vendors themselves provide their own form of data encryption. But in today’s connected world, it is not enough to just secure the data.  How do you encrypt the data? Are you using industry standards? Do you maintain application functionality? Who maintains the keys? These are all questions that you should be thinking about when you wish to secure your data in the cloud.

That headline sounds too good to be true, but I assure you that it is possible. Ask any IT Security professional for their list of cloud security concerns, and external sharing is likely to be high up on that list (second only to sync/download to unmanaged devices in a recent Bitglass survey).

If you share this concern, you can be well on your way to controlling external sharing with the Bitglass CASB with just a few quick steps. Let's take Google Apps as an example, though these steps are similar for pretty much any cloud app. 

1. Add Google Apps to your Bitglass config
   Log into Bitglass as an admin (Apps/Policies), and add Google Apps.
   Time Est: 1 minute
   
   
2. API Access
   Log into Google Apps as an admin (Security/Advanced Controls), and authorize Bitglass access to the API. 
   Time Est: 1 minute

There are several vendors offering encryption for SaaS applications such as Salesforce.com.  But most have "gotchas!"