Fortune 100 Pharma Giant Secures Office 365 with Next-Gen CASB

Case Study

Based in the USA, this Fortune 100 pharmaceutical firm has about 80,000 employees across the globe delivering innovative health solutions through its prescription medicines, vaccines, biologic therapies, and animal health products. The firm was looking to fully transition its global employees to a SaaS productivity suite. The firm’s IT team chose Office 365, but the CISO blocked deployment until independent security controls were delivered by a CASB platform. The firm’s existing security architecture is a heterogenous mix of equipment, including next-gen firewall appliances, secure web gateways from Bluecoat and Symantec two-factor authentication. This network-level security architecture was inadequate for protecting data n the cloud and allowing for access on any device.  

With the firm’s Office 365 productivity suite initiative set to rollout rapidly throughout the company, its enterprise security architecture team evaluated Cloud Access Security Broker solutions to enable secure cloud usage. Of particular concern was protecting corporate data and acess from any device, laptop or mobile. Specifically, the security team wanted to permit synchronization apps, like OneDrive and Outlook, only on company owned devices, while restricting access on unmanaged devices.  The firm also wanted to encourage BYO devices, without the management overhead of MDM. The native Office 365 security controls did not provide an adequate level of data protection, especially in the case of data access by unmanaged devices.  The firm was also concerned with the transmission of user passwords from mobile devices in the clear to the Office365 via the ActiveSync protocol.

In its search for a solution, the firm conducted trials of Bitglass and two other major CASB vendors. In these trials, the IT security team ran the CASB solutions through a gamut of use cases – access control, discovery, API, and managed/unmanaged device access and mobile security.

The firm ultimately chose Bitglass thanks to its unique ability to provide Zero-Day protection on any device, and for the unique ActiveSync SSO capability. The firm’s security architecture team concluded that API-only approaches were not sufficient for complete Office 365 data protection. The team favored the agentless, Zero-Day, inline data security enabled by Bitglass’ hybrid architecture to the agent-based alternatives. The ability of Bitglass’ unique technologies – reverse proxy and AJAX-VM as well as ActiveSync proxy – to secure sensitive data on unmanaged devices and BYOD was key. Additionally, Bitglass' native DLP engine handled all languages with ease, including those with double-byte characters, offering a clear system performance advantage over the external DLP via ICAP required by competing CASBs.

Zero-Day CASB security.  No software required.

“In comparing the leading CASB solutions, we found that only Bitglass delivers a complete  security solution. Its AJAX-VM uniquely enables the secure use of unmanaged devices. And the ActiveSync SSO is truly innovative.”

– CISO, F100 Pharma Giant