Forcepoint ONE Reviews

It's our CASB, our cloud access service broker. It also does our SaaS-based based DLP, our data loss prevention, for our SaaS-based applications. We use it to protect our sensitive information. Since we are a healthcare corporation, we have to do everything we can to keep PHI data from leaking outside of the organization.

It's a SaaS offering, but there is an online appliance, a VM server, for the Active Directory sync back to the SaaS.

We have our own data centers, multiple data centers, and we always had the philosophy in the past that we're always on-prem in our data centers, never in the cloud. All of a sudden, one day, somebody had an epiphany and realized that we could save money by closing most of our data centers and putting things into the cloud. We wouldn't have to worry about buying infrastructure and all the hardware. So all of a sudden our company had this mass push to start sending everything possible to the cloud. But as the security department we looked at that and said, "Hang on. There's a lot of sensitive data in all of this that causes a HIPAA compliance issue and a PCI compliance issue. How can we protect that?" That is the number-one way that Bitglass helped us; with our stuff going to the cloud. 

Another aspect is that we recently went from an on-prem Exchange environment for email to the cloud-based email. What we did not really understand at the time, because it was on-prem and we didn't worry about it so much, was that we have a lot of PHI data inside of our email environment; more than we ever even thought imaginable. With Bitglass, we're able to inspect every single email sent. And if we see that it's going outside of the organization, we can stop it, unless that person has the authorization. We'll have special policies written for that person or that group of people to allow that to happen. We've never had those controls before in the past where we could stop PHI data from leaving the organization.

As for the AJAX-VM providing constant reverse proxy uptime, out of the year and two months, I can't tell you that Bitglass has ever been offline. And that is a tremendous value because of something that we've never had in the past: Any employee in the company who has access to a staff-based application could go home to their grandmother's computer, or to their mother's or their own personal computer, and log in to those SaaS-based applications and download social security numbers and patient records. Now, with the reverse proxy, we can stop that. They can try all they want, but the reverse proxy can stop it dead in its tracks. We've hardly had issues with the reverse proxy uptime. If we have had an issue, it's never been around Bitglass itself, it's always been some kind of on-prem issue. For example, we had some switches that were doing port flapping and it took us three days to figure out that it was not Bitglass. It was actually the switches that were causing all the on-prem issues that were being experienced.

In addition, we haven't seen any latency. With some applications, there might be a few milliseconds, but nothing really noticeable at all.

There are several use cases that we use it for:

• DLP purposes. 
• Multi-factor, step-up authentication. 
• In conjunction with Okta. We have a lot of sensitive data that goes back and forth into the cloud. Also, to some cloud offerings where our mail is, with Office 365 being one of them. Bitglass helps us secure that traffic. It allows us to see where our data is going, who's accessing our data, and what people are trying to access our data.

It will alert us of somebody trying to knock on the front door (perimeter) and one of my end user's account is compromised. We are in the Orlando area and also across the state of Florida. However, if I know this person is in Orlando, then 10 minutes later, they're trying to log in from Tampa, that can't be done. I have tried. I have tried to drive as fast as I could to get from Orlando to near Tampa. It just didn't worked out.

Logging in from Orlando and shifting to Tampa, that's a very real scenario where we had a staff member who was compromised. We were able to stop that based on the multi-factor, step-up authentication because the solution noticed the geographic locations were so disparate.

It gives us that extra set of eyes and ears, especially now with the pandemic. We don't have the amount of staff that other organizations have, since we're a nonprofit. The bad guys count on that. This solution gives us another layer of protection when it comes to end users, who are the people already behind the perimeter. It greatly helps us. 

In the cloud stuff, we set up all the rules and policies on one page based on the applications and things that we have rolled out. In this past year, we have been able to move from an on-premise Exchange Microsoft environment to Office 365. This is by its very nature what people use Office 365 for. Bitglass was able to help us secure this as a communication tool and also add the governance piece and enforce it.

I use the solution as a secure web gateway, similar to a proxy, to control access to the Internet for users. It is implemented on our equipment, such as laptops, to block certain categories like gambling and games. This is particularly important in the financial services industry where clients access the Internet through our network.

The control of web access by category is very effective. For example, I can access social networks but block specific platforms like Instagram and Facebook while allowing access to LinkedIn, a professional network. This helps me manage what users can access efficiently. The experience has generally been good, especially with how I can control web categories and give access to clients. It also helps me block tweets or other unwanted content.

We started with a very clear primary use case, which is what landed us on Bitglass: The need to protect Office 365. More specifically, we wanted to make sure that untrusted devices would not be able to download the full O365 client. 

Granted, you can do that with Microsoft tools, if you purchase some of their additional solutions. However, we decided that it made more sense for us to go with an independent CASB that we could leverage for other things as well.

Since the initial deployment, we have looked to expand well beyond the initial use case to protect additional cloud-based environments as well as implement additional functionality, such as DLP.

While you can't ever guarantee you can prevent a breach, I think Bitglass and their solution are a key component in helping secure our environment. We would not be with them if they weren't a valuable partner, as CASBs, in general, are a key piece of an overall security ecosystem.

In our case, controlling unmanaged devices and preventing them from being able to download full clients is a significant piece of the security and governance overall puzzle. To really control specific data leakage, you would need to fully implement DLP. So, we are in the process of evaluating the Bitglass DLP functionality, though we have not operationalized it yet. It certainly has the capability to secure against data leakage.

We use it for our cloud-based solutions. For instance, we use it for Office 365, Salesforce, and a couple of web applications that are cloud-based. It gives us an added layer of security with a little more visibility into those applications, as far as: who's logging in and who's not. It's kind of a firewall, in a sense. Since none of our business is really overseas, we don't really have employees or customers who should be logging in from outside of the United States. We just block any attempt that is coming in from offshore.

Another thing that it does, if people are not able to connect, then it gives us an easy view into why they may not be connecting. For instance, if their iPhone is not connecting, then sometimes we can see if they are entering the wrong password or something else. It has a little simpler navigation than what Office 365 gives us. It is also a little quicker to see login failures.

It has given us a more secure environment. If we weren't using their certificate and some of the other rule sets where we can verify their identity, we would probably not allow people to connect remotely unless they were coming through our VPN. 

We are able to see attempted connections and that sort of thing. 

We are able to verify what is getting saved out onto the cloud. It allows us to have some DLP rules, since we have to be HIPAA compliant. If some personal health information has been uploaded to Office 365, then we are able to detect that sort of thing and account for it. We have set up rules to prevent people from doing that. 

We can create rules to prevent people from copying things. We can see what sort of security rights are set up in SharePoint. We use a sort of combination of a native Office 365 rules set with Bitglass rules.

It has allowed us to have people working remotely during this pandemic so we can make sure they have valid certificates to connect to applications. If they don't have a valid certificate, then they can't connect.

The solution provides a single policy page to secure all of our interactions to the cloud and our on-premise resources. For example, there is a policy page where we go to define our policies. On that policy page, we have Office 365 and Salesforce policies.

The use case is around protecting data on BYOD devices where users can access any type of data.

It is overall a good solution for securing against data breaches and attacks, but there is no 100 percent guarantee in software. We feel that it is a pretty solid product for protecting data on the public cloud.

The solution’s AJAX-VM provides constant reverse proxy uptime. It has been very positive for our security operations. When people are trying to access the SaaS solution, it protects us from downloading any of that data and experiencing any type of attacks.

We mostly use it for CASB. It has a very light weight impact in that it doesn't really affect anything from an operations perspective. It is helping our monitoring, which results in better security, threat protection, or security posture.

When we have had enhancement requests, they have been able to fulfill those based on our changing needs. Therefore, we feel it's a pretty good solution.

Bitglass allows us to leverage cloud applications with security. What that means for us is that, as our applications are moving from on-premise to the cloud, we can have security controls on who logs in, around when they log in, and what data they're accessing. That's what Bitglass allows us to do.

We're not using the proxies. We're only using it for the login policy management.

We can now allow people to access cloud apps on their laptops, safely and securely, when they're not in the office. It allows us to have more flexibility, working from home or remotely during COVID. This is a security platform that allows all that to happen. Without having Bitglass, our work from home strategy would be drastically different and our potential for productivity would be reduced.

The solution provides a single platform for CASB, web security, advanced threat protection, identity, data loss protection, and zero-trust network access. It does all that in one product. It's good because it allows us to adopt more and more cloud apps. It really gives us the flexibility to pursue any new technology that is going to benefit our organization and that is in the cloud.

Bitglass also provides a single policy page to secure all of our interactions to the cloud applications. It does not do it for on-prem, in our case. It could do so, but not the way that we have it configured. But for our cloud interactions, we have unifying policies; a single spot on the platform. From there, we can say, "This set of cloud applications needs to follow this policy." From that point, we can see which policies are being applied. So it's a single spot for policy management. It simplifies our security operations.