Contextual Access Control ensures that appropriate access to Workday is provisioned based on the context by which the user is accessing the application. Policies can be defined based on access method (browser or native app), device (managed vs unmanaged), location (by country or IP address range), group, and more. Typically, users on secure, managed devices will be allowed full access, while users on unmanaged devices are restricted to browser access. This is particularly important for Workday, where HR and finance professionals need full access at the office, whilst all employees need controlled access from home computers to plan benefits, vacations etc with their families. Only Bitglass agentless AJAX-VM technology delivers proxied access on any browser without the need for agents.
Human Capital Management
Workday delivers SaaS applications for financial management, human capital management (HCM), payroll, and analytics. While Workday goes to great lengths to secure its application and infrastructure against intrusions and attacks, it is your responsibility as the Enterprise Customer to enforce Data Protection & DLP policies on the data being loaded into and shared on Workday. It is also your responsibility to ensure that external parties you are interacting with do not spread malware into your application. Data & Threat Protection for Workday requires a Cloud Access Security Broker (CASB).
Contextual Access Control
Intelligent Native DLP
Bitglass’ integrated, high-performance DLP engine is compatible with the leading network and endpoint-based DLP systems. Paired with a comprehensive catalog of pre-built identifiers for a wide range of data types, you’ll have the flexibility to build policies from scratch, pull from the Bitglass catalog, import policies from premises-based DLP solutions, or integrate via ICAP. Most organizations choose to sync policies directly from premises-based DLP systems, avoiding severe performance penalties while ensuring consistent policy enforcement anywhere.
DLP policies can be enforced in real-time on the proxy for uploads and downloads, of particular value during access from unmanaged devices.
The Bitglass DLP engine is paired with a wide range of remediation actions, built to allow you to safely extend access to sensitive data, even in risky contexts. Actions include alerts, dynamic application of encryption or rights management (DRM), redaction of sensitive content, watermarking and tracking, quarantine, and blocking.
Data & Threat Protection on any Device
Cloud applications are attractive vehicles for malware. Bitglass’ Advanced Threat Protection (ATP) powered by CrowdStrike, Cylance and Bitdefender, blocks the spread of unknown and zero day attacks, ensuring that your Workday deployment never becomes a proliferation point for the spread of malware across your managed or BYOD.
ATP protection policies can be enforced in real-time on the proxy for uploads and downloads, without the need for software agents. This is particularly important during access from unmanaged devices, which can be an entry point for malware.