Security "Bits"

Zero-Day Read-Only Cloud App Protection

By Anoop Bhattacharjya | November 19, 2017 at 12:27 PM

Not long ago, visited with the CTO of a large financial services firm.  The firm had another CASB installed, only to find that a large amount of highly sensitive information had leaked.  Could Bitglass help?

A common problem in financial services is that clients frequently wish to interact with business users via unmanaged consumer applications such Box, Dropbox etc. For example, customers might submit loan documents via their personal Dropbox.   At the same time, security demands that internal documents not be uploaded to these applications.   In the case of the firm in question, they had deployed a CASB that had reverse-engineered a few specific applications to block known upload paths.  Hence, users on the internal network could consume content from these apps, but not upload to them.  Except when they could.

Cloud apps evolve constantly, and upload paths change all the time.  Reverse-engineered upload path signatures just cant keep up, as the financial services firm found out when they were alerted to a large amount of sensitive data that surfaced in a public folder on a file-sharing service.  The situation is similar to signature-based Anti-Virus systems that now miss over 90% of attacks.  Without Zero-Day malware protection, hackers would feast everyday. 

Likewise, what is required is Zero-Day protection that can make any unmanaged cloud app "read-only."  View or download content on any app, but not upload.  No agents, software or signatures required.   Works for any app, Dropbox, Facebook, Twitter, etc.

Learn more about Next-Gen CASBs and Zero-Day protection in our upcoming webinar.



see all