End-to-End Data Protection
In Part 1, we saw the need for security systems to evolve in order to meet an ever growing trend of work and data going mobile and moving outside the corporate network. Between the emerging cloud application space and employees’ desire to use their own devices, a traditional firewall isn’t enough to ensure data security or data compliance anymore. Many Cloud Access Security Brokers (CASBs) tackle this through the use of APIs to handle data-at-rest in the cloud or installed agents on devices to manage and protect the device.
However these methods often fall short, creating holes in security as APIs are reactionary and cannot act in real-time. Similarly, many employees will refuse to adhere to any type of agent solution on their personal devices which either hinders the employee from completing their work efficiently or creates a blindspot in security. Instead, they will continue to use their personal device for work, without it being managed or protected. Bitglass separates itself by offering a complete solution that uniquely offers the ability to provide real-time in-line data protection on any device anywhere.
Bitglass accomplishes this by a simple, yet effective idea: focus on protecting the data as opposed to focusing on protecting devices and applications. While other vendors focus on protecting the application and managing the device, they create security gaps once the data has left their sphere of protection. By focusing on data protection, Bitglass can be implemented easily into any current environment and cloud application deployment while providing full protection to your data no matter how it’s accessed.
Through our Omni protocol proxies, Bitglass is able to provide an agentless solution that is simple in implementation, but completely secure in real-time. Our robust reverse proxy architecture is flexible and does not rely on manual changes when an application or web browser is updated. This guarantees complete uptime with the flexibility to provide security across any device without the need for installed agents.
We take it one step further allowing companies to distinguish between managed and unmanaged devices by providing a forward proxy that can identify a managed device through the use of a discrete agent, through client certificates, or even SAML attribute matching.
Finally, we provide an Activesync proxy to provide total protection over unmanaged mobile devices while allowing for Selective Wipe, leaving other data (including personal data) untouched. Companies can rest easy knowing they can maintain compliance while employees are safe in knowledge their personal data and activity remains untouched.
Our unique Omni protocol proxy architecture sets us apart from other CASBs and allows us to not only provide complete data protection now, but also be scalable and future proof. With our complete CASB solution, we can provide that evolution of security needed to provide end-to-end data protection that an evolving workforce requires. Join us for Part 3 where I will go into more detail on what organizations are able to do with our product.