What is our primary use case?
There are several use cases that we use it for:
- DLP purposes.
- Multi-factor, step-up authentication.
- In conjunction with Okta. We have a lot of sensitive data that goes back and forth into the cloud. Also, to some cloud offerings where our mail is, with Office 365 being one of them. Bitglass helps us secure that traffic. It allows us to see where our data is going, who's accessing our data, and what people are trying to access our data.
How has it helped my organization?
It will alert us of somebody trying to knock on the front door (perimeter) and one of my end user's account is compromised. We are in the Orlando area and also across the state of Florida. However, if I know this person is in Orlando, then 10 minutes later, they're trying to log in from Tampa, that can't be done. I have tried. I have tried to drive as fast as I could to get from Orlando to near Tampa. It just didn't worked out.
Logging in from Orlando and shifting to Tampa, that's a very real scenario where we had a staff member who was compromised. We were able to stop that based on the multi-factor, step-up authentication because the solution noticed the geographic locations were so disparate.
It gives us that extra set of eyes and ears, especially now with the pandemic. We don't have the amount of staff that other organizations have, since we're a nonprofit. The bad guys count on that. This solution gives us another layer of protection when it comes to end users, who are the people already behind the perimeter. It greatly helps us.
In the cloud stuff, we set up all the rules and policies on one page based on the applications and things that we have rolled out. In this past year, we have been able to move from an on-premise Exchange Microsoft environment to Office 365. This is by its very nature what people use Office 365 for. Bitglass was able to help us secure this as a communication tool and also add the governance piece and enforce it.
What is most valuable?
The biggest thing that I like about this product is that it's easy to use and teach. When we have somebody new starting to work with the product, it's easy to teach them. It's also easy to use the product as it does so much.
I'm into looking at the DLP rules and finding out where our data is going and who is accessing it, especially now that our organization has gone remote. When typically only one section of our organization has been remote (our caseworkers), now everybody is remote. Therefore, we need to know for everyone else:
- How is data governance being performed?
- Where can we increase our security posture by ensuring policies, procedures, and compliance are being taken care of?
Bitglass is a big part of where our data is going. Then, the fact that I can make it unusable if it goes to places that we don't think that it should, by using digital rights management (DRM).
What needs improvement?
Integration into different multi-factor authentication tools. On their page, they tout Duo, but I don't use Duo. I use another vendor. Not that they don't interact, but it takes a little bit more doing. Any amount of efficiencies here would help.
The one area of improvement that I would suggest: Integrating to some on-prem things, like Active Directory. That would be helpful, but then I would need to have a third-party piece to do things automatically, not manually.
For how long have I used the solution?
This is the second organization that I've implemented Bitglass. So, we're talking three years.
What do I think about the stability of the solution?
I've not had any problems with Bitglass going down. I've not had any issues with the AJAX-VM agentless protections at all. This is good tech.
I'm not seeing any latency with the traffic flow at all. Some of the biggest bottlenecks would be when folks are in the field and what wireless network that they connect to, e.g., are they using free WiFi? That is what prompted the need for a CASB. It was based on the data sets that we use. When our people go out, then they stop at a Starbucks or McDonald's because they have deadlines and things that they have to do. So, if they don't have a wireless access point or a MiFi, then they jump on these free WiFi things and we need to be able to secure their data. Bitglass allows us to do that.
We're at 99.99 percent uptime. The only outage had to do with when AWS had an outage and that lasted a short amount of time.
What do I think about the scalability of the solution?
I don't think there has been a problem with the scalability. I can scale what I need. Of course, there's a licensing fee involved, but I think they can handle whatever I throw at them. We're not a very large organization, but some of the organizations that I've met along the way that are a lot bigger than me don't seem to have a problem.
Right now, we have 1,800 employees working from home, so now I have 1,800 offices. Anything that is going out of our environment or perimeter, wherever that perimeter may be, we need to know:
- How are they using our data?
- How has it changed?
People are more confident in their own confines. In their house, they're very confident because that's their domain. So, they may not be following our data governance or best practices. Bitglass alerts look at:
- How the data is being pushed.
- How the data is being accessed.
- Who's accessing it.
- Where it's being accessed from.
- Who are they sharing it with.
We see all of that. It's all based on whatever rules we can think of.
Previously, we had a 25,000 full-time staff and faculty, and more than 220,000 students going through Bitglass.
How are customer service and technical support?
If I do have an issue or a support need, the organization is responsive. I'm on the East Coast, and they're on the West Coast. You really couldn't tell, because they're right on it and been there. They've been what I call a strategic business partner in both instances that we put this on.
I had an issue at the previous company that I worked at. We are on the East Coast, and they are on the West Coast; they're in California, and we're in Florida. So, we had an issue at seven o'clock in the morning. It turned out that we had a certificate expire in ADFS. We called over there because we had no idea what was going on, as the initial troubleshooting was going to the Bitglass portal and blocking people from logging in there. So, we're getting people on the phone just so we could come to a conclusion to get a root cause. Not only did my account rep call me back and get somebody on the phone, the support engineer was called and was working with the team before I talked to our account rep. Then, we had a senior VP and the CEO call me within an hour. I also had some other folks call me within an hour to make sure that we were okay. That is the type of business that Bitglass is.
Which solution did I use previously and why did I switch?
Before, when I first got to the organization, things happened. People were compromised. Outlook accounts were indicators of compromise. To this date, I'm not finding those as often when I'm being alerted.
How was the initial setup?
The initial setup was pretty much straightforward. We did some integrations to get it all done and implemented, then you're off and running.
The biggest drawback to the implementation was the organization. It took a little bit of time to buy because this is a different type of technology that the organization has not used, so going through the multiple meetings to give the benefits and what this provides us. That's a drawback in running the implementation.
The application only took a night to deploy. I'm talking about a few hours, but that was once everything was approved to go through.
We started with the critical data in the cloud. These type of datasets include the regulated data, such as HIPAA or PCI.
What about the implementation team?
We used our deployment managers. We took the training, then we used them. We didn't use any outside people.
There are two and a half people on my infrastructure team, including a consultant (who is not full-time). I am managing a lot of this solution myself by going in, cleaning up, and deactivating users. Users who leave the organization free up their places.
What was our ROI?
We are not a large IT shop. Anytime we can gain efficiencies and don't have to track down any false positives or false alerts, then we see ROI. With a small team, there's always that alert burnout where there can be so many alerts happening that it's just easier to do nothing. We don't find that. We find that we're able to get in and do a lot more of the infrastructure and things because the product works the way we expect it to.
What's my experience with pricing, setup cost, and licensing?
There is training involved. If you're going to add more people to it, such as cross train more of your group, there's a cost. Other than that, that's it. We have paid exactly what the invoices have said. We signed a three-year contract and not gone above it.
Understand what it is you're paying for with a CASB. Do your homework and understand what your use cases will be, because you will pay based on use case. Always be weary of someone who comes in and just wants to cut prices. If they're going to lose to a competitor and just whacks their price in half just to get the business. If it didn't match your needs based on what the product does in the beginning, you're going to be sorry. Know your use cases and purchase towards your use case. Make sure that you get a strategic business partner when it comes to your vendors.
Which other solutions did I evaluate?
I did do an exhaustive search when it came to selecting a CASB. We looked at other major players: Netskope, Symantec, and Skyhigh. We looked at a lot of them before we saw Bitglass.
At the time, Bitglass had more out-of-the-box features and integrated more closely with our platforms. We're talking about Active Directory, where I can get that integrated. It's not a data dump or a nightly upload of our LDAP or directory solutions into the product. We were able to do or add the scanning via Cylance. That came standard with these, while with the other companies, it was an add-on piece or they reverse engineered the solution to try and make it work. I've been doing IT for 20 plus years. Anytime a company tries to reverse engineer something after they first purchase it, it's never a good experience for the end user because for support, it is always, "Oh, you've got to go over here," or "I've got to transfer you over here". Well, okay. "Now I've got to transfer you over here." That is not anything that I can hang my hat on. Therefore, you're looking at the amount of features and functionality from the Bitglass side, as opposed to some of their competitors.
We didn't take one of their competitors because it was a large deployment with multiple servers in different areas. I was trying to reduce space, not increase my infrastructure footprint.
What other advice do I have?
The biggest thing is know your use cases. If you're not sure what your use cases are, have them help define them. When you understand your use cases, you understand how you're going to use the product. It doesn't mean that you don't learn the other bits and functionality of it, but your core duty to your organization is to protect that critical data. Understand what those data sets are and how critical are they:
- Are they regulated via the state or at the federal level?
- What is it that you're trying to protect?
If you can understand these questions, then you can tailor a lot of the training and a lot of what you have for what you need. I talk to my team all the time when we do things, and it has to be sustainable, maintainable and also adaptable. It has to be adaptable to the client because technology is the one thing that we have in business that will change. We know it will change. So, if you're rigid with whatever you're doing and not adapting, then you are already behind.
I really like what this product does and what it stands for. We are a nonprofit, and until our use cases change, we are not using the product to its fullest potential.
I do not use SASE yet. That is more for budgetary purposes. With the pandemic, our budget allocation has been a bit steep.
Biggest lesson learnt: The different ways people can use data. Where they access and share it, then send it, do things, and respond. I understand now the need, more than ever, to evangelize. In the security industry, there's a saying, "Your weakest link is your end user." I tend to disagree now. The weakest link happens to be our security awareness training. How well are we doing there? Because if you train and teach, then things go a bit smoother.
With everything that I know about Bitglass and working with the organization as a whole, such as, meeting the CEO on down through new folks, I would rate them a 10 out of 10. They have a fantastic culture and ethic when it comes to the customer first. If I need something, they're there. Just this past week, we went to do an integration of the fifth application, but something happened, and we had to postpone it. Our deployment manager says, "No problem. I'm there." He didn't even wait for me to say what we were going to postpone it to. He just said, "Okay, I'm there." That puts me at ease. They have my back and are there to help.
Which version of this solution are you currently using?