Glass Class - The Journey to Office 365
Hi, this is Mike from Bitglass. I want to tell you about a journey that many people are going through these days with O365. It starts out when you have different types of services running in your own data center. You might have Exchange. You might have SharePoint. Then you have different people connecting into this. I have PCs over here, and you try to control what they can do. They connect up, and they gain access.
What's going on is that Microsoft is pushing really hard for you to move from Exchange and SharePoint to O365. And you might have different types of technologies that are protecting the accesses, currently, to these servers in your data center. So you have things like load balancers, you have things like firewalls, you have things like secure web gateways, that are providing security for access to these applications, as well as applications that might exist in the cloud, like Office 365. When you do that, one of the main problems is that Microsoft is not going to allow you to put these security technologies, secure web gateways, firewalls, and whatnot, into their servers in Office 365.
So, some of the protection that you got disappears. It also happens when you have mobility. So say this user takes his PC and they go out to their own house, or they go out to Starbucks – they're a traveling user. All of a sudden, they're not behind the firewalls, they're not behind the load balancers, they may be behind the secure web gateway, depending on how you have it deployed, but they're no longer coming back in and trying to connect back into the Exchange server. So they can go straight up into O365 without any of that security technology.
So sometimes people want to investigate replacing the technologies there with accesses from cloud access security brokers. And a CASB is basically something that can help you provide security and restore some of that (that you've lost during the initial rollout) and move to O365. One of the other things, though, is there's a big problem with this. When I move to 0365, all of a sudden, this PC, that's a managed PC that's from the corporation, is good and I can control it, and I can install secure web gateway on it and whatnot. But then there's this other issue with unmanaged devices. So all of a sudden I have a BYO device over here, and since it's a cloud app, and there's no security controls like you had over at the data center, it can connect up to here, too. So you may want differentiation there and controls over that.
So the main, key thing when you start looking at solutions for how to restore this visibility and restore this control, is around what you're trying to do. One of the things you might want to do is control things like sync clients, like Outlook and like SharePoint’s sync client, or the OneDrive sync client. The reason you want to do that is because you don't want someone to install Outlook or SharePoint onto a BYO device. All of a sudden, it's syncing down the corporate content on the BYO device – that's a major problem.
When you start looking at the solution, there's a big difference between types of deployments that exist, being forward proxies and reverse proxies, and those are problematic. So if you talk to vendors, and they start talking about ripping out things like secure web gateways that you already have established, changing the way that you're using your identity access management solutions, like a PingFederate or an ADFS, those should be red flags.
So what you should really look at is something that we call Next-Gen CASB. Those solutions don't require you to rip out existing infrastructure. They don't have any problems distinguishing through PCs that are issued by the company, or BYO. And they can allow you to restore the visibility and control over your data and protect you against threats. If you'd like to hear more, please contact Bitglass – we're happy to share with you. Thank you.