Director, Cloud & Data Security at a financial services firm with 5,001-10,000 employees
Real User
2020-09-07T05:57:00Z
Sep 7, 2020
The product works, and their organization is pretty dynamic. Get a very clear understanding of your use case before bringing the product in. That applies to all CASBs because there are different problems for different people. I feel like a lot of people think this type of solution can solve every problem. You have to figure out what problem you're going to solve, e.g., data protection or user access. From there, the idea is to jump in and bring it on. This industry, as a landscape, is changing from a product perspective. I see CASB converging with other Zero Trust solutions. I am prepared to see evolution of this industry sector because of the changing cloud needs. I would rate this solution as a seven out of a 10. SASA and some other things are a bit premature. As an organization, they have not been in business for a very long time. That comes with some level of challenges. We had an initial support challenge, which got resolved, but that kind of highlighted, as a software company, they're still maturing and productizing their product.
Vice President, Corporate Information Security & Chief Security Officer at Ricoh Americas
Real User
2020-09-01T05:25:00Z
Sep 1, 2020
A true single pane of glass is not easy to achieve. The more you do with them, the more you can move towards that goal. As they continue to increase their functionality, the solutions that they offer, and the partners/integrations they have, they are certainly moving more in the single pane of glass direction. For security professionals and CISOs, as much as we can declutter and simplify, that's a great thing. For us, it has done exactly what we wanted it to do. Bitglass continues to be a valuable partner: * The relationship is good. * Support is good. * The solution works well. I would rate this solution as a nine plus out of 10. I did a video with Bitglass a couple years ago. It's out on YouTube. If you Google my company, Ricoh, and Bitglass on YouTube, the video will pop right up. There is a lot of good info there.
Cyber Security Officer at a insurance company with 51-200 employees
Real User
2020-08-30T08:33:00Z
Aug 30, 2020
I would spend more time on the proof of concept than we did. We didn't really have the available applications to test it as robustly as we probably normally would have. I would give the solution an eight out of 10.
Sr. Director of Information Security & Enterprise Architecture at Childrens Home Society of Florida
Real User
2020-08-26T05:42:00Z
Aug 26, 2020
The biggest thing is know your use cases. If you're not sure what your use cases are, have them help define them. When you understand your use cases, you understand how you're going to use the product. It doesn't mean that you don't learn the other bits and functionality of it, but your core duty to your organization is to protect that critical data. Understand what those data sets are and how critical are they: * Are they regulated via the state or at the federal level? * What is it that you're trying to protect? If you can understand these questions, then you can tailor a lot of the training and a lot of what you have for what you need. I talk to my team all the time when we do things, and it has to be sustainable, maintainable and also adaptable. It has to be adaptable to the client because technology is the one thing that we have in business that will change. We know it will change. So, if you're rigid with whatever you're doing and not adapting, then you are already behind. I really like what this product does and what it stands for. We are a nonprofit, and until our use cases change, we are not using the product to its fullest potential. I do not use SASE yet. That is more for budgetary purposes. With the pandemic, our budget allocation has been a bit steep. Biggest lesson learnt: The different ways people can use data. Where they access and share it, then send it, do things, and respond. I understand now the need, more than ever, to evangelize. In the security industry, there's a saying, "Your weakest link is your end user." I tend to disagree now. The weakest link happens to be our security awareness training. How well are we doing there? Because if you train and teach, then things go a bit smoother. With everything that I know about Bitglass and working with the organization as a whole, such as, meeting the CEO on down through new folks, I would rate them a 10 out of 10. They have a fantastic culture and ethic when it comes to the customer first. If I need something, they're there. Just this past week, we went to do an integration of the fifth application, but something happened, and we had to postpone it. Our deployment manager says, "No problem. I'm there." He didn't even wait for me to say what we were going to postpone it to. He just said, "Okay, I'm there." That puts me at ease. They have my back and are there to help.
CTO at a financial services firm with 11-50 employees
Real User
2020-08-06T06:44:00Z
Aug 6, 2020
You should definitely look at Bitglass as part of your process. I think it's still best of class and I think there is a lot of innovation that's happening at Bitglass. In terms of a CASB, and in terms of this new product for SASE as well, they are the best in terms of the feature set that they're offering. As for maintenance, we've got one infrastructure engineer and part of his responsibilities is to look at the weekly logs for Bitglass to see if there are any unusual connections.
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
2020-08-05T06:59:00Z
Aug 5, 2020
My advice is to listen to Bitglass when they tell you how to deploy it properly. That's one of the two main things I have learned from using this solution. The other is, when you deploy this, always — and I stress this greatly — always deploy the new app or new API in what's called Direct App Access. That means once the user is authenticated into Bitglass, regardless of whether it's an external IDP or you're using the simple, built-in IDP from Bitglass, Direct App Access sends you directly to whatever it is you're trying to access, with no proxy. Always deploy with that, and then select about 10 users for reverse proxy, as well as 10 users that will use reverse and forward proxy. I would recommend that those 20 users be power users, people who use those applications on a regular basis. Bitglass is pretty seamless and it integrates well. But if it's an application that it has never integrated with before, which a lot of our applications have been, there is always the possibility that Bitglass is going to have to make a change for that application. That is a lesson learned for us. We would take an application that they had never integrated with before and we would just slam all of the users into it. It could handle the scale; it scaled fine. But what would happen is that there are certain JavaScripts on the client-side that Bitglass wouldn't handle correctly. It's not a fault of Bitglass, it's just a difference in technology in the way that the product was developed. So we identify that there's a problem with those power users. We then take those users out of the proxies and allow it to stand Direct App Access. When you do it that way you don't have issues. They can investigate, they can figure out what the issue is, they address it, and they fix it. And then you can start easing the deployment out again. That's huge. The solution provides a single policy page to secure all of our interactions to the cloud, but not for on-prem. It's not really much of an on-prem solution. There are ways that you could do that, with firewalls. But Bitglass is really more of a cloud-based protection and it's not meant for on-prem devices. With that being said, there is a single policy page around Bitglass, but when it comes to each SaaS-based application or API, then each one of those has its single page of policy. So you have your policies for Bitglass itself, then you have your policies for each app or each API. Bitglass's approach which, for me, makes a lot of sense, is that every application is different. So it's hard to treat them all the same. We don't yet use the solution's SmartEdge Secure Web Gateway. We are currently in the process of talks for bringing that into our environment. I find a lot of appeal to it and there are a lot of things with that new SmartEdge that would be extremely beneficial to our organization. Overall, knowing what I know now, a year and two months later, and having been through this whole Bitglass deployment with the issues that we've had that were not Bitglass' fault, I would still choose the same product today. I would do it again, but I would listen to Bitglass more and I would change my deployment method.
Forcepoint ONE is a comprehensive cybersecurity platform that provides organizations with a unified approach to protecting their critical data and assets. It offers a range of solutions that cover everything from network security and cloud security to data protection and insider threat prevention.
With Forcepoint ONE, organizations can gain complete visibility into their security posture, identify potential threats, and take proactive measures to mitigate risks.
One of the key features of...
I give the solution a nine out of ten. Bitglass is a good solution that can be consolidated with other solutions from the same vendor.
The product works, and their organization is pretty dynamic. Get a very clear understanding of your use case before bringing the product in. That applies to all CASBs because there are different problems for different people. I feel like a lot of people think this type of solution can solve every problem. You have to figure out what problem you're going to solve, e.g., data protection or user access. From there, the idea is to jump in and bring it on. This industry, as a landscape, is changing from a product perspective. I see CASB converging with other Zero Trust solutions. I am prepared to see evolution of this industry sector because of the changing cloud needs. I would rate this solution as a seven out of a 10. SASA and some other things are a bit premature. As an organization, they have not been in business for a very long time. That comes with some level of challenges. We had an initial support challenge, which got resolved, but that kind of highlighted, as a software company, they're still maturing and productizing their product.
A true single pane of glass is not easy to achieve. The more you do with them, the more you can move towards that goal. As they continue to increase their functionality, the solutions that they offer, and the partners/integrations they have, they are certainly moving more in the single pane of glass direction. For security professionals and CISOs, as much as we can declutter and simplify, that's a great thing. For us, it has done exactly what we wanted it to do. Bitglass continues to be a valuable partner: * The relationship is good. * Support is good. * The solution works well. I would rate this solution as a nine plus out of 10. I did a video with Bitglass a couple years ago. It's out on YouTube. If you Google my company, Ricoh, and Bitglass on YouTube, the video will pop right up. There is a lot of good info there.
I would spend more time on the proof of concept than we did. We didn't really have the available applications to test it as robustly as we probably normally would have. I would give the solution an eight out of 10.
The biggest thing is know your use cases. If you're not sure what your use cases are, have them help define them. When you understand your use cases, you understand how you're going to use the product. It doesn't mean that you don't learn the other bits and functionality of it, but your core duty to your organization is to protect that critical data. Understand what those data sets are and how critical are they: * Are they regulated via the state or at the federal level? * What is it that you're trying to protect? If you can understand these questions, then you can tailor a lot of the training and a lot of what you have for what you need. I talk to my team all the time when we do things, and it has to be sustainable, maintainable and also adaptable. It has to be adaptable to the client because technology is the one thing that we have in business that will change. We know it will change. So, if you're rigid with whatever you're doing and not adapting, then you are already behind. I really like what this product does and what it stands for. We are a nonprofit, and until our use cases change, we are not using the product to its fullest potential. I do not use SASE yet. That is more for budgetary purposes. With the pandemic, our budget allocation has been a bit steep. Biggest lesson learnt: The different ways people can use data. Where they access and share it, then send it, do things, and respond. I understand now the need, more than ever, to evangelize. In the security industry, there's a saying, "Your weakest link is your end user." I tend to disagree now. The weakest link happens to be our security awareness training. How well are we doing there? Because if you train and teach, then things go a bit smoother. With everything that I know about Bitglass and working with the organization as a whole, such as, meeting the CEO on down through new folks, I would rate them a 10 out of 10. They have a fantastic culture and ethic when it comes to the customer first. If I need something, they're there. Just this past week, we went to do an integration of the fifth application, but something happened, and we had to postpone it. Our deployment manager says, "No problem. I'm there." He didn't even wait for me to say what we were going to postpone it to. He just said, "Okay, I'm there." That puts me at ease. They have my back and are there to help.
You should definitely look at Bitglass as part of your process. I think it's still best of class and I think there is a lot of innovation that's happening at Bitglass. In terms of a CASB, and in terms of this new product for SASE as well, they are the best in terms of the feature set that they're offering. As for maintenance, we've got one infrastructure engineer and part of his responsibilities is to look at the weekly logs for Bitglass to see if there are any unusual connections.
My advice is to listen to Bitglass when they tell you how to deploy it properly. That's one of the two main things I have learned from using this solution. The other is, when you deploy this, always — and I stress this greatly — always deploy the new app or new API in what's called Direct App Access. That means once the user is authenticated into Bitglass, regardless of whether it's an external IDP or you're using the simple, built-in IDP from Bitglass, Direct App Access sends you directly to whatever it is you're trying to access, with no proxy. Always deploy with that, and then select about 10 users for reverse proxy, as well as 10 users that will use reverse and forward proxy. I would recommend that those 20 users be power users, people who use those applications on a regular basis. Bitglass is pretty seamless and it integrates well. But if it's an application that it has never integrated with before, which a lot of our applications have been, there is always the possibility that Bitglass is going to have to make a change for that application. That is a lesson learned for us. We would take an application that they had never integrated with before and we would just slam all of the users into it. It could handle the scale; it scaled fine. But what would happen is that there are certain JavaScripts on the client-side that Bitglass wouldn't handle correctly. It's not a fault of Bitglass, it's just a difference in technology in the way that the product was developed. So we identify that there's a problem with those power users. We then take those users out of the proxies and allow it to stand Direct App Access. When you do it that way you don't have issues. They can investigate, they can figure out what the issue is, they address it, and they fix it. And then you can start easing the deployment out again. That's huge. The solution provides a single policy page to secure all of our interactions to the cloud, but not for on-prem. It's not really much of an on-prem solution. There are ways that you could do that, with firewalls. But Bitglass is really more of a cloud-based protection and it's not meant for on-prem devices. With that being said, there is a single policy page around Bitglass, but when it comes to each SaaS-based application or API, then each one of those has its single page of policy. So you have your policies for Bitglass itself, then you have your policies for each app or each API. Bitglass's approach which, for me, makes a lot of sense, is that every application is different. So it's hard to treat them all the same. We don't yet use the solution's SmartEdge Secure Web Gateway. We are currently in the process of talks for bringing that into our environment. I find a lot of appeal to it and there are a lot of things with that new SmartEdge that would be extremely beneficial to our organization. Overall, knowing what I know now, a year and two months later, and having been through this whole Bitglass deployment with the issues that we've had that were not Bitglass' fault, I would still choose the same product today. I would do it again, but I would listen to Bitglass more and I would change my deployment method.