Bitglass has done a lot of homework in terms of the tasklist of items needed to migrate to its services, but administration of the BitGlass portal requires above average administrative detail work to achieve the depth that competitor CipherCloud has in terms of encryption and DLP control. After testing, we agreed: non-trivial but definitely do-able.
Bitglass encrypts, and does something further than CipherCloud: it can watermark files in such a way as to trace exfiltration forensically. It geo-locates users and establishes the foundation to monitor weird user data behavior. Logged on from Santa Monica, then an hour later accessed something from London? Yes, Bitglass can sense this and throw a red flag. The geolocation feature can be thwarted, but it takes serious talent and timing to get past such a feature.
We found that Bitglass could accommodate other SaaS portals if we did the work, and single sign-on support can be enabled as well. We chose Active Directory Federation Services with Bitglass as a SAML provider. Okta, an SSO service, can also be used.
Another Bitglass strength is tending to devices both inside and outside an organization’s “secure perimeter,” although smartphones (we tested Android and iOS) have comparatively limited control compared to Windows or Mac OSX.
Initial setup was straightforward, and included directions to the correct scripts to join our small test Active Directory domain. A circuit to an organization’s Active Directory is necessary for authentication.
The Bitglass administrative portal renders a lot of information, and is the nexus of control. The administrative portal has object filters, including a set of pre-defined libraries of patterns for things like credit card data fields as keywords, used to stanch information flow upon a match with the object filter.
DLP is good, but not perhaps as good as CipherCloud or Netskope and not as programmable, either.
Starting a new Salesforce instance with Bitglass involved creating a Salesforce subdomain, then modifying it so that an installed (self-signed Bitglass) certificate was used to force browser re-direction through Bitglass’s portal for rules/policy purposes, and subsequent data imprisonment. This locks in Bitglass as a provider and circuit for users, thus allowing agentless clients to use Bitglass for SSO, audit, and DLP features. It’s pretty easy, we found.
What’s less trivial is the need for staff to monitor exception handling, including noise generated from high volume user activity across a potentially broad spectrum of SaaS and supported cloud resources, but this is the same stress that CASB will impose for any good level of activity with any CASB product. The noise, however, can be “smoothed” to a manageable level.
Here, the Activity Dashboard of Bitglass became very useful. We felt like we had a handle on activity that needed addressing, and that a variety of activities with a high volume of load would be acceptable to us, although we lack the capacity to emulate the shenanigans of thousands of users doing cloud plus Exchange, Google or Office365 apps, Evernote — plus Salesforce. You might assume that your user base is well-behaved, but we all know that users do odd things, and sometimes try to get around the rules. This is why the BitGlass UI made us happy, in that it separates the trivial from the ghastly.
Financial firms can stay relevant by focusing on digitization, security and data quality
How can financial institutions be faster, smarter and more responsive? Find out how they can avoid the risk of becoming irrelevant with insights into digitization strategies, beefing up on data security and ensuring data quality.
Veeam Availability Platform Designs for Ransomware Resiliency Series
The threat of ransomware is real and should be top of mind for CIOs as well as technology administrators of all types. In this brief, Veeam® will share some key tips to add ransomware resiliency to provide the best levels of Availability for critical applications and data.
VMware Virtual SAN risk avoidance and Availability
Veeam Backup & Replication provides full support for VMware vSAN, enabling faster backups through smart logic that reduces network traffic and enables backup and restore for the storage policy associated with the VM.
Transforming Data protection with Integrations for Microsoft Azure and Microsoft Office 365
Veeam for the Microsoft Cloud provides a consolidated solution for virtual, physical and cloud-based workloads with integrations for Microsoft Azure and Office 365.
The Future of Retail in a Digital World
Retailers may face cyber attacks like any other industry, but steps can be taken to guard against cyber crime.