Business Data Giant Secures G Suite
with Bitglass

Case Study

This global business data giant with 20,000 employees chose Google's G Suite for SaaS productivity and needed a solution to protect data in the app.

This enterprise handles business and financial data for much of the Global 2000 and security is paramount. The firm's security team already had installed the latest "next-gen firewall" appliances at every location, as well as secure web gateways from Blue Coat. However, G Suite posed a new challenge.

Users expected access from any device, anywhere, rendering the firm's existing network-centric security hardware to be of no help. Within the corporate network, the existing security hardware was not capable of understanding the semantics of G Suite to be able to enforce corporate data security policies.

The enterprise decided to use a cloud access security broker (CASB) to secure G Suite, holding a bake-off with four different CASBs. Three of the four vendors could only support API-based visibility and control of corporate data. The solutions these three vendors put forward were limited to inspecting data at rest in the cloud and identifying data leaks after they had occurred. Their solutions could not control data as it was downloaded to or uploaded from any device. This weak security did not satisfy the requirements of the firm's legal team. Fortunately, the story was different with Bitglass.

The Bitglass CASB provided the firm with exactly what it needed. Beyond API-based visibility and control of corporate data at rest in the cloud, Bitglass offers inline protection of data during any user's interactions with G Suite. Sensitive data was blocked or restricted prior to upload to the cloud and before download to unmanaged devices. Best of all, Bitglass' resilient AJAX-VM technology meant that inline control was achieved without any software on client devices.

The firm also valued the seamless user authentication experience and the enhanced security presented by Bitglass' dual SAML proxy technology. Specifically, users could log in directly to Google and were transparently redirected via single sign-on through the Bitglass multi-protocol proxies. Unlike competing CASBs, users entered their login credentials only into the corporate SSO, thereby limiting phishing risk.

"In comparing the leading CASB solutions, we found that only Bitglass' offering delivers inline data protection during upload and download from any device. Best of all, no software or configuration is required on client devices."

– Chief Risk Officer