We just raised a $30M Series A: Read our story

Bitglass OverviewUNIXBusinessApplication

Bitglass is the #4 ranked solution in our list of top Web Security Gateways. It is most often compared to Netskope CASB: Bitglass vs Netskope CASB

What is Bitglass?

The Bitglass OmniTM multi-protocol proxy architecture ensures that all data, whether accessed from a managed or unmanaged device, is subject to the visibility and control required by the organization, while simultaneously preserving employee privacy across personal applications. Omni Agentless, Bitglass’ reverse proxy capability, leverages patent pending AJAX-VM technology to ensure application resilience. Competitive CASBs either rely entirely on cumbersome agent-based forward proxy solutions, or suffer from breakages and downtime as cloud providers update and change their applications.

Bitglass is also known as Bitglass Next-Gen CSG.

Bitglass Buyer's Guide

Download the Bitglass Buyer's Guide including reviews and more. Updated: October 2021

Bitglass Customers

UNC-Charlotte

Bitglass Video

Pricing Advice

What users are saying about Bitglass pricing:
  • "There is training involved. If you're going to add more people to it, such as cross train more of your group, there's a cost. Other than that, that's it. We have paid exactly what the invoices have said. We signed a three-year contract and not gone above it."
  • "Typically, the longer you price forward, the better off you're going to be. They have been very willing to work with us on pricing."
  • "We have our pricing by user. We do our pricing agreements annually. There are also additional costs for maintenance."

Bitglass Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RR
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
Top 20
Enabled us to go to the cloud while accounting for HIPAA and PCI compliance

Pros and Cons

  • "The solution is very good when it comes to securing us against data leakage, because of the other proxy. It also has API scanning or data at rest. It inspects data in motion, which is the proxy, and then it has the data at rest, which is the API scanning. We can inspect for anything we want: file fingerprinting, PHI-sensitive data, PCI-sensitive data. It does not matter. We can usually find it and block it in transit and do our remediation with it. It could either be block, encrypt, or allow and watermark the file to follow it and see where it goes. It allows for those different scenarios."
  • "I wish they would advance more into the endpoint DLP solution. Currently they do not do anything around endpoint, they're still strictly cloud-based. The forward proxy is really the only thing they do. What I would like to see them do is to scan machines, workstations and servers, for information we might not want on those machines. That would be huge."

What is our primary use case?

It's our CASB, our cloud access service broker. It also does our SaaS-based based DLP, our data loss prevention, for our SaaS-based applications. We use it to protect our sensitive information. Since we are a healthcare corporation, we have to do everything we can to keep PHI data from leaking outside of the organization.

It's a SaaS offering, but there is an online appliance, a VM server, for the Active Directory sync back to the SaaS.

How has it helped my organization?

We have our own data centers, multiple data centers, and we always had the philosophy in the past that we're always on-prem in our data centers, never in the cloud. All of a sudden, one day, somebody had an epiphany and realized that we could save money by closing most of our data centers and putting things into the cloud. We wouldn't have to worry about buying infrastructure and all the hardware. So all of a sudden our company had this mass push to start sending everything possible to the cloud. But as the security department we looked at that and said, "Hang on. There's a lot of sensitive data in all of this that causes a HIPAA compliance issue and a PCI compliance issue. How can we protect that?" That is the number-one way that Bitglass helped us; with our stuff going to the cloud. 

Another aspect is that we recently went from an on-prem Exchange environment for email to the cloud-based email. What we did not really understand at the time, because it was on-prem and we didn't worry about it so much, was that we have a lot of PHI data inside of our email environment; more than we ever even thought imaginable. With Bitglass, we're able to inspect every single email sent. And if we see that it's going outside of the organization, we can stop it, unless that person has the authorization. We'll have special policies written for that person or that group of people to allow that to happen. We've never had those controls before in the past where we could stop PHI data from leaving the organization.

As for the AJAX-VM providing constant reverse proxy uptime, out of the year and two months, I can't tell you that Bitglass has ever been offline. And that is a tremendous value because of something that we've never had in the past: Any employee in the company who has access to a staff-based application could go home to their grandmother's computer, or to their mother's or their own personal computer, and log in to those SaaS-based applications and download social security numbers and patient records. Now, with the reverse proxy, we can stop that. They can try all they want, but the reverse proxy can stop it dead in its tracks. We've hardly had issues with the reverse proxy uptime. If we have had an issue, it's never been around Bitglass itself, it's always been some kind of on-prem issue. For example, we had some switches that were doing port flapping and it took us three days to figure out that it was not Bitglass. It was actually the switches that were causing all the on-prem issues that were being experienced.

In addition, we haven't seen any latency. With some applications, there might be a few milliseconds, but nothing really noticeable at all.

What is most valuable?

They have an agentless reverse proxy, which is amazing. They also have an agent forward proxy, which is very helpful. That's how you can identify the company-managed devices. With SaaS-based applications, people want to be able to access their email, for example, from a personal computer. The reverse proxy allows us to protect that and keeps them from downloading PHI data to their personal computer. But once we see that it's a company-owned device, because it's a forward proxy, the agent solution enables us to relax the policies a bit and allow them to actually do their job and access the sensitive information, if they're allowed to. That's a huge piece.

We install the forward proxy on a machine and we can have it inspect the machine for certain criteria that would classify it as a company-owned and protected device. For example, we can make sure that it has antivirus, an EDR solution installed, disk encryption, and things like that. That way we know they didn't take this agent and install it on their personal machine and that this is definitely a company owned device. With that solution, we can send them through what's called the forward proxy, which allows us to open it up to do their job, and they can access sensitive information.

What's helpful about the other piece, the reverse proxy, is we can still allow them to access their email or other SaaS-based applications if we want. But, if they go to a personal device and do so, it will put them in reverse proxy and still forward proxy because it's agentless. That will allow us to identify this is a personal device and that we have to lock the policies down so they don't download sensitive information which is not allowed to be on a personal device that is not protected with company controls.

I also find the granular level of inspection that you can do inside of all the proxy traffic to be very useful.

In terms of how the solution secures us against data breaches and attacks, it works alongside an IDP solution that we have. We use Ping and they integrate together, so we can force multifactor authentication. And even if someone makes it past the multifactor authentication and login for Ping, if Bitglass doesn't have the proper SAML tokens passed to it through the SAML insertion, it will not allow access to those sensitive applications. Let's say someone were somehow able to hack someone's credentials and hack multifactor authentication. That's a tall order. But at the same time, Bitglass will be able to take a unique login that happened somewhere else — for example, the user is here in Tennessee, but now you have a login 500 miles away or 300 miles away, as well. Bitglass will be able to detect that and stop it because it's an invalid login. It knows that it's suspicious.

The solution is very good when it comes to securing us against data leakage, because of the other proxy. It also has API scanning or data at rest. It inspects data in motion, which is the proxy, and then it has the data at rest, which is the API scanning. We can inspect for anything we want: file fingerprinting, PHI-sensitive data, PCI-sensitive data. It does not matter. We can usually find it and block it in transit and do our remediation with it. It could either be block, encrypt, or allow and watermark the file to follow it and see where it goes. It allows for those different scenarios.

What needs improvement?

I wish they would advance more into the endpoint DLP solution. Currently they do not do anything around endpoint, they're still strictly cloud-based. The forward proxy is really the only thing they do. What I would like to see them do is to scan machines, workstations and servers, for information we might not want on those machines. That would be huge. We have to consider the fact that that's not really their arena, but I think if they would come into that arena, they would open themselves to providing a more complete solution.

For how long have I used the solution?

I have been using Bitglass for about a year and two months.

What do I think about the stability of the solution?

The solution's overall uptime is top-notch, 100 percent. We've had zero outages related to the product.

What do I think about the scalability of the solution?

The scalability is outstanding. 

One thing that we did find — and this is where we made mistakes in our deployment — is that instead of doing our Direct App Access and doing 10 users in reverse proxy and forward proxy and then 10 more in just reverse proxy as a test, we started rolling it out department by department, facility by facility, in big waves. We have about 100,000 employees. We were going to roll to all those employees in just seven waves. We made it to wave four before we had to stop our deployment. We found that Bitglass itself would automatically scale and just handle it. They always talked about their infrastructure and how it auto-scales based on demand. What we would have is about 20,000-plus users logging in between at 8:00 am and 8:05 am Central Time, which was a ton of traffic all of a sudden slamming at the infrastructure, and it just handled it like a champ. It would scale.

There's still room to grow. I have to stress, it's not Bitglass' fault. It's a company strategy. We have to figure out what our strategy and what our DLP program and cloud-based program is going to be.

In the applications that we have put into it, there is a 100 percent adoption rate, but we're still in the discovery phase of trying to find out how many SaaS-based applications are in our organization. We're at well over 100 SaaS-based applications. Over the last six months we've been vetting all of those applications and meeting with the teams that run a given application in the cloud and with the teams that use it in our enterprise. We're starting a number of such applications each week, finding out the details: What does it do? Does it support the infrastructure that it takes to integrate with Bitglass? We've been working on that for six months.

How are customer service and technical support?

I have used their support quite a bit. They are outstanding. I've been able to call them at any time that I'm here working. It doesn't matter when, they've always been very responsive. If I don't get somebody when I call, usually within five to 10 minutes, max, someone's calling me back.

In addition, if we run into something that we don't like, and we say, "Okay, this thing could be better," they open up an enhancement request and they'll take it before their board and they have a discussion about that feature request. If they need clarity, they will actually get their engineers on the phone with us to get more clarity on what we're actually asking for. I would say that they've implemented more than half of the things that we've requested. They're very open to improving their product for the users. Those improvements are available to all customers.

They'll do some things for independent customers. For example, even though we're an Active Directory shop, we have an IDM solution called NetIQ. It's the source of truth for all user accounts. It propagates out to AD and controls what's in AD. It controls what's in all the different types of applications. Bitglass supports AD integration, but didn't support our IDM solution, which is essentially just LDAP. What Bitglass did, on the fly, was that they created their agent to adapt to our IDM solution. They will actually do specific stuff for a company, but when it comes to the overall product itself, they make sure that changes are going to benefit all customers.

Which solution did I use previously and why did I switch?

The whole Bitglass package, which is a single solution, encompasses CASB, web security, advanced threat protection, identity, DLP, and zero trust network access. As a company, we're moving towards zero trust. Two things made us, as a company, choose Bitglass. 

  1. The agentless reverse proxy.
  2. We are moving to zero trust. 

We liked the way their product looked compared to the competitors. We liked the fact that it has an agentless solution, which is the reverse proxy. That allowed us to protect our data without having to worry about blocking the users. The thing that's important is that our people still need to access their email, for example. If they're on their personal device, that's fine, we want them to have that access on their phones, etc. But what we don't want is patient data on their personal devices, and that's what the reverse proxy is predominantly about.

How was the initial setup?

The initial setup was straightforward. It was one of the most simple, easy solutions I've ever seen, in terms of setting it up, given that it's such a predominant piece of cloud security and zero trust. It's almost out-of-the-box. It just works. It's crazy how easy it is.

We're actually still deploying. In Bitglass' defense, because we are so young as a company in going to the cloud, we've had a lot to learn ourselves as far as SaaS-based security and DLP programs go. We've never had either one of those. We're still trying to figure out exactly where we are. Unfortunately, and it's not Bitglass' fault, we are currently deploying, again, in our enterprise. We are actively deploying as we speak.

Our deployment strategy is different today than it was in the beginning. As an organization, in the beginning, we wanted to understand things more and we took our time and made a lot of mistakes. That was not Bitglass' fault. Our deployment strategy now, which is what I recommend to everybody, is to understand all the apps that you are going to deploy Bitglass for. Make sure you understand the capabilities of the application and what the application contains data-wise, because realistically, all applications might not need to be in Bitglass. That's a company choice.

When you deploy Bitglass, what I have learned is that you deploy what's called Direct App Access. When Bitglass receives the login information, it says, "Oh, we're going to send this user directly to the application and we are not going to send it through any kind of proxy." For example, if you go to gmail.com to log into email, it's not going to send you through the proxy, it will send you directly to gmail.com. What you do is you take about 10 users, depending on the size of your organization, and you put their company-owned devices into forward proxy and you have those same users use a reverse proxy away from the company. Then, you take another 10 users and you put them only in reverse proxy. You don't write any policies to restrict any kind of access in any of the proxies. You then watch how that works and make sure that there are no unknown issues with proxies with those SaaS-based applications or APIs. It doesn't matter what solution you use, when you deal with a proxy —  this is something we've learned, it doesn't matter what proxy you deal with, whether it's Bitglass or some kind of proxy server — there's always the chance of issues.

I'm the only super-admin. We have about 40 additional role admins who have view-only access to investigate issues with people being able to log in. That is all they can do. As far as administrating the app configurations, I'm the sole person.

What about the implementation team?

We mainly deployed it ourselves. That comes back to what I was saying. If we had listened to Bitglass, they could have helped us through the deployment process a little bit better. They wanted to be involved, they offered their services, time in and time out. But again, as an organization, we were wanting to understand everything better. It's our own fault that it's taken so long to deploy.

What was our ROI?

We haven't seen a direct monetary return, but we have seen an indirect monetary return. We pay however much the licensing is for Bitglass every year, and that is a cost we didn't have in the past. However, the HIPAA fines, and HIPAA compliance issues — the millions of dollars that we could be liable for if patient records are leaked outside of the company — create an indirect return on investment.

What's my experience with pricing, setup cost, and licensing?

Their pricing is extremely fair. 

They need to make sure they pay attention to how the licensing works. There are many licensing methods. One way is the number of endpoint users you will have. And they license for every single application that you're going to put into the proxy system. They also have a few other types of licensing around CSPM, so there are many components.

Bitglass didn't misrepresent their licensing structure in any way, but as a company we didn't really look at what it meant. Fortunately, we feel we got a really good deal with Bitglass and we got everything we need. We didn't have to go back and buy any additional licensing. However, if we had not just blindly gotten the right deal, we might have needed to go back and revisit the licensing structure with our account manager. We really didn't fully understand the way all the licensing worked until after the fact. Do your due diligence and make sure you understand. Don't over-buy your license and don't under-buy.

Which other solutions did I evaluate?

We never really deployed anything else as vastly as we have deployed Bitglass. We went into the PoC phase with several products. Bitglass is the one that has continued to stand out in performance and ease of deployment. It's simple to use. I hate to even say this, but it's very elementary. They put a lot of time and thought into the interface to make it as simple as it can be.

We looked at Symantec and we PoC'd McAfee and Proofpoint. In terms of the differences between these solutions and Bitglass, the first thing is the ease of deployment. Then there is the agentless reverse proxy, which no one else had, and the ease of use. And performance was another difference. What we found with some of the other products was that they were very resource intensive. Some of them also required a lot of on-prem appliances, whether VMs or other things. Bitglass was the only solution that was totally cloud. The only reason we have anything on-prem is because we're an Active Directory shop and have to feed the users up to the cloud. Otherwise, Bitglass does have the capability of being a 100 percent cloud solution, because it does have its own IAM service.

What other advice do I have?

My advice is to listen to Bitglass when they tell you how to deploy it properly. That's one of the two main things I have learned from using this solution. 

The other is, when you deploy this, always — and I stress this greatly — always deploy the new app or new API in what's called Direct App Access. That means once the user is authenticated into Bitglass, regardless of whether it's an external IDP or you're using the simple, built-in IDP from Bitglass, Direct App Access sends you directly to whatever it is you're trying to access, with no proxy. Always deploy with that, and then select about 10 users for reverse proxy, as well as 10 users that will use reverse and forward proxy. I would recommend that those 20 users be power users, people who use those applications on a regular basis. Bitglass is pretty seamless and it integrates well. But if it's an application that it has never integrated with before, which a lot of our applications have been, there is always the possibility that Bitglass is going to have to make a change for that application. That is a lesson learned for us. We would take an application that they had never integrated with before and we would just slam all of the users into it. It could handle the scale; it scaled fine. But what would happen is that there are certain JavaScripts on the client-side that Bitglass wouldn't handle correctly. It's not a fault of Bitglass, it's just a difference in technology in the way that the product was developed.

So we identify that there's a problem with those power users. We then take those users out of the proxies and allow it to stand Direct App Access. When you do it that way you don't have issues. They can investigate, they can figure out what the issue is, they address it, and they fix it. And then you can start easing the deployment out again. That's huge.

The solution provides a single policy page to secure all of our interactions to the cloud, but not for on-prem. It's not really much of an on-prem solution. There are ways that you could do that, with firewalls. But Bitglass is really more of a cloud-based protection and it's not meant for on-prem devices. With that being said, there is a single policy page around Bitglass, but when it comes to each SaaS-based application or API, then each one of those has its single page of policy. So you have your policies for Bitglass itself, then you have your policies for each app or each API. Bitglass's approach which, for me, makes a lot of sense, is that every application is different. So it's hard to treat them all the same.

We don't yet use the solution's SmartEdge Secure Web Gateway. We are currently in the process of talks for bringing that into our environment. I find a lot of appeal to it and there are a lot of things with that new SmartEdge that would be extremely beneficial to our organization.

Overall, knowing what I know now, a year and two months later, and having been through this whole Bitglass deployment with the issues that we've had that were not Bitglass' fault, I would still choose the same product today. I would do it again, but I would listen to Bitglass more and I would change my deployment method.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
David Overton
Sr. Director of Information Security & Enterprise Architecture at Childrens Home Society of Florida
Real User
Top 10
Gives us another layer of protection when it comes to end users; an extra set of eyes and ears

Pros and Cons

  • "The biggest thing that I like about this product is that it's easy to use and teach. When we have somebody new starting to work with the product, it's easy to teach them. It's also easy to use the product as it does so much."
  • "Integration into different multi-factor authentication tools. On their page, they tout Duo, but I don't use Duo. I use another vendor. Not that they don't interact, but it takes a little bit more doing. Any amount of efficiencies here would help."

What is our primary use case?

There are several use cases that we use it for:

  • DLP purposes. 
  • Multi-factor, step-up authentication. 
  • In conjunction with Okta. We have a lot of sensitive data that goes back and forth into the cloud. Also, to some cloud offerings where our mail is, with Office 365 being one of them. Bitglass helps us secure that traffic. It allows us to see where our data is going, who's accessing our data, and what people are trying to access our data.

How has it helped my organization?

It will alert us of somebody trying to knock on the front door (perimeter) and one of my end user's account is compromised. We are in the Orlando area and also across the state of Florida. However, if I know this person is in Orlando, then 10 minutes later, they're trying to log in from Tampa, that can't be done. I have tried. I have tried to drive as fast as I could to get from Orlando to near Tampa. It just didn't worked out.

Logging in from Orlando and shifting to Tampa, that's a very real scenario where we had a staff member who was compromised. We were able to stop that based on the multi-factor, step-up authentication because the solution noticed the geographic locations were so disparate.

It gives us that extra set of eyes and ears, especially now with the pandemic. We don't have the amount of staff that other organizations have, since we're a nonprofit. The bad guys count on that. This solution gives us another layer of protection when it comes to end users, who are the people already behind the perimeter. It greatly helps us. 

In the cloud stuff, we set up all the rules and policies on one page based on the applications and things that we have rolled out. In this past year, we have been able to move from an on-premise Exchange Microsoft environment to Office 365. This is by its very nature what people use Office 365 for. Bitglass was able to help us secure this as a communication tool and also add the governance piece and enforce it.

What is most valuable?

The biggest thing that I like about this product is that it's easy to use and teach. When we have somebody new starting to work with the product, it's easy to teach them. It's also easy to use the product as it does so much.

I'm into looking at the DLP rules and finding out where our data is going and who is accessing it, especially now that our organization has gone remote. When typically only one section of our organization has been remote (our caseworkers), now everybody is remote. Therefore, we need to know for everyone else:

  • How is data governance being performed? 
  • Where can we increase our security posture by ensuring policies, procedures, and compliance are being taken care of? 

Bitglass is a big part of where our data is going. Then, the fact that I can make it unusable if it goes to places that we don't think that it should, by using digital rights management (DRM).

What needs improvement?

Integration into different multi-factor authentication tools. On their page, they tout Duo, but I don't use Duo. I use another vendor. Not that they don't interact, but it takes a little bit more doing. Any amount of efficiencies here would help.

The one area of improvement that I would suggest: Integrating to some on-prem things, like Active Directory. That would be helpful, but then I would need to have a third-party piece to do things automatically, not manually. 

For how long have I used the solution?

This is the second organization that I've implemented Bitglass. So, we're talking three years.

What do I think about the stability of the solution?

I've not had any problems with Bitglass going down. I've not had any issues with the AJAX-VM agentless protections at all. This is good tech.

I'm not seeing any latency with the traffic flow at all. Some of the biggest bottlenecks would be when folks are in the field and what wireless network that they connect to, e.g., are they using free WiFi? That is what prompted the need for a CASB. It was based on the data sets that we use. When our people go out, then they stop at a Starbucks or McDonald's because they have deadlines and things that they have to do. So, if they don't have a wireless access point or a MiFi, then they jump on these free WiFi things and we need to be able to secure their data. Bitglass allows us to do that.

We're at 99.99 percent uptime. The only outage had to do with when AWS had an outage and that lasted a short amount of time.

What do I think about the scalability of the solution?

I don't think there has been a problem with the scalability. I can scale what I need. Of course, there's a licensing fee involved, but I think they can handle whatever I throw at them. We're not a very large organization, but some of the organizations that I've met along the way that are a lot bigger than me don't seem to have a problem.

Right now, we have 1,800 employees working from home, so now I have 1,800 offices. Anything that is going out of our environment or perimeter, wherever that perimeter may be, we need to know:

  • How are they using our data? 
  • How has it changed? 

People are more confident in their own confines. In their house, they're very confident because that's their domain. So, they may not be following our data governance or best practices. Bitglass alerts look at:

  • How the data is being pushed.
  • How the data is being accessed.
  • Who's accessing it. 
  • Where it's being accessed from. 
  • Who are they sharing it with. 

We see all of that. It's all based on whatever rules we can think of.

Previously, we had a 25,000 full-time staff and faculty, and more than 220,000 students going through Bitglass.

How are customer service and technical support?

If I do have an issue or a support need, the organization is responsive. I'm on the East Coast, and they're on the West Coast. You really couldn't tell, because they're right on it and been there. They've been what I call a strategic business partner in both instances that we put this on.

I had an issue at the previous company that I worked at. We are on the East Coast, and they are on the West Coast; they're in California, and we're in Florida. So, we had an issue at seven o'clock in the morning. It turned out that we had a certificate expire in ADFS. We called over there because we had no idea what was going on, as the initial troubleshooting was going to the Bitglass portal and blocking people from logging in there. So, we're getting people on the phone just so we could come to a conclusion to get a root cause. Not only did my account rep call me back and get somebody on the phone, the support engineer was called and was working with the team before I talked to our account rep. Then, we had a senior VP and the CEO call me within an hour. I also had some other folks call me within an hour to make sure that we were okay. That is the type of business that Bitglass is.

Which solution did I use previously and why did I switch?

Before, when I first got to the organization, things happened. People were compromised. Outlook accounts were indicators of compromise. To this date, I'm not finding those as often when I'm being alerted.

How was the initial setup?

The initial setup was pretty much straightforward. We did some integrations to get it all done and implemented, then you're off and running. 

The biggest drawback to the implementation was the organization. It took a little bit of time to buy because this is a different type of technology that the organization has not used, so going through the multiple meetings to give the benefits and what this provides us. That's a drawback in running the implementation.

The application only took a night to deploy. I'm talking about a few hours, but that was once everything was approved to go through.

We started with the critical data in the cloud. These type of datasets include the regulated data, such as HIPAA or PCI.

What about the implementation team?

We used our deployment managers. We took the training, then we used them. We didn't use any outside people.

There are two and a half people on my infrastructure team, including a consultant (who is not full-time). I am managing a lot of this solution myself by going in, cleaning up, and deactivating users. Users who leave the organization free up their places.

What was our ROI?

We are not a large IT shop. Anytime we can gain efficiencies and don't have to track down any false positives or false alerts, then we see ROI. With a small team, there's always that alert burnout where there can be so many alerts happening that it's just easier to do nothing. We don't find that. We find that we're able to get in and do a lot more of the infrastructure and things because the product works the way we expect it to.

What's my experience with pricing, setup cost, and licensing?

There is training involved. If you're going to add more people to it, such as cross train more of your group, there's a cost. Other than that, that's it. We have paid exactly what the invoices have said. We signed a three-year contract and not gone above it.

Understand what it is you're paying for with a CASB. Do your homework and understand what your use cases will be, because you will pay based on use case. Always be weary of someone who comes in and just wants to cut prices. If they're going to lose to a competitor and just whacks their price in half just to get the business. If it didn't match your needs based on what the product does in the beginning, you're going to be sorry. Know your use cases and purchase towards your use case. Make sure that you get a strategic business partner when it comes to your vendors.

Which other solutions did I evaluate?

I did do an exhaustive search when it came to selecting a CASB. We looked at other major players: Netskope, Symantec, and Skyhigh. We looked at a lot of them before we saw Bitglass.

At the time, Bitglass had more out-of-the-box features and integrated more closely with our platforms. We're talking about Active Directory, where I can get that integrated. It's not a data dump or a nightly upload of our LDAP or directory solutions into the product. We were able to do or add the scanning via Cylance. That came standard with these, while with the other companies, it was an add-on piece or they reverse engineered the solution to try and make it work. I've been doing IT for 20 plus years. Anytime a company tries to reverse engineer something after they first purchase it, it's never a good experience for the end user because for support, it is always, "Oh, you've got to go over here," or "I've got to transfer you over here". Well, okay. "Now I've got to transfer you over here." That is not anything that I can hang my hat on. Therefore, you're looking at the amount of features and functionality from the Bitglass side, as opposed to some of their competitors. 

We didn't take one of their competitors because it was a large deployment with multiple servers in different areas. I was trying to reduce space, not increase my infrastructure footprint.

What other advice do I have?

The biggest thing is know your use cases. If you're not sure what your use cases are, have them help define them. When you understand your use cases, you understand how you're going to use the product. It doesn't mean that you don't learn the other bits and functionality of it, but your core duty to your organization is to protect that critical data. Understand what those data sets are and how critical are they:

  • Are they regulated via the state or at the federal level? 
  • What is it that you're trying to protect? 

If you can understand these questions, then you can tailor a lot of the training and a lot of what you have for what you need. I talk to my team all the time when we do things, and it has to be sustainable, maintainable and also adaptable. It has to be adaptable to the client because technology is the one thing that we have in business that will change. We know it will change. So, if you're rigid with whatever you're doing and not adapting, then you are already behind.

I really like what this product does and what it stands for. We are a nonprofit, and until our use cases change, we are not using the product to its fullest potential.

I do not use SASE yet. That is more for budgetary purposes. With the pandemic, our budget allocation has been a bit steep.

Biggest lesson learnt: The different ways people can use data. Where they access and share it, then send it, do things, and respond. I understand now the need, more than ever, to evangelize. In the security industry, there's a saying, "Your weakest link is your end user." I tend to disagree now. The weakest link happens to be our security awareness training. How well are we doing there? Because if you train and teach, then things go a bit smoother. 

With everything that I know about Bitglass and working with the organization as a whole, such as, meeting the CEO on down through new folks, I would rate them a 10 out of 10. They have a fantastic culture and ethic when it comes to the customer first. If I need something, they're there. Just this past week, we went to do an integration of the fifth application, but something happened, and we had to postpone it. Our deployment manager says, "No problem. I'm there." He didn't even wait for me to say what we were going to postpone it to. He just said, "Okay, I'm there." That puts me at ease. They have my back and are there to help.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Bitglass. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.
JH
Cyber Security Officer at a insurance company with 51-200 employees
Real User
Top 20
We can verify people working remotely have valid certificates to connect to our applications

Pros and Cons

  • "We are able to verify what is getting saved out onto the cloud. It allows us to have some DLP rules, since we have to be HIPAA compliant. If some personal health information has been uploaded to Office 365, then we are able to detect that sort of thing and account for it. We have set up rules to prevent people from doing that."
  • "In our environment, when an Active Directory password changes, we tend to have some latency issues with access. It takes about 15 minutes before that password is accessible through Bitglass after the change. That would be the major thing I see as a negative."

What is our primary use case?

We use it for our cloud-based solutions. For instance, we use it for Office 365, Salesforce, and a couple of web applications that are cloud-based. It gives us an added layer of security with a little more visibility into those applications, as far as: who's logging in and who's not. It's kind of a firewall, in a sense. Since none of our business is really overseas, we don't really have employees or customers who should be logging in from outside of the United States. We just block any attempt that is coming in from offshore.

Another thing that it does, if people are not able to connect, then it gives us an easy view into why they may not be connecting. For instance, if their iPhone is not connecting, then sometimes we can see if they are entering the wrong password or something else. It has a little simpler navigation than what Office 365 gives us. It is also a little quicker to see login failures.

How has it helped my organization?

It has given us a more secure environment. If we weren't using their certificate and some of the other rule sets where we can verify their identity, we would probably not allow people to connect remotely unless they were coming through our VPN. 

We are able to see attempted connections and that sort of thing. 

We are able to verify what is getting saved out onto the cloud. It allows us to have some DLP rules, since we have to be HIPAA compliant. If some personal health information has been uploaded to Office 365, then we are able to detect that sort of thing and account for it. We have set up rules to prevent people from doing that. 

We can create rules to prevent people from copying things. We can see what sort of security rights are set up in SharePoint. We use a sort of combination of a native Office 365 rules set with Bitglass rules.

It has allowed us to have people working remotely during this pandemic so we can make sure they have valid certificates to connect to applications. If they don't have a valid certificate, then they can't connect.

The solution provides a single policy page to secure all of our interactions to the cloud and our on-premise resources. For example, there is a policy page where we go to define our policies. On that policy page, we have Office 365 and Salesforce policies.

What is most valuable?

I find the login features probably the most valuable. If somebody is having trouble logging into Office 365 or Salesforce, I can typically verify, "Yes, indeed. I see you're not able to connect." I can usually figure out why they're not connecting correctly, such as, putting in the wrong user ID or password. Or, they might not have a valid certificate to connect to those applications.

Identity simplifies our cloud security ops. It gives us a single pane of glass for our cloud-based apps. Because Office 365 tends to be slow to navigate though, this gives us quicker access. 

The initial login into Salesforce or Office 365 can be slow. However, once Bitglass has been established, it's not really noticeable.

They are improving their interface all the time, which is helpful. They have done some changes to make it simpler.

What needs improvement?

In our environment, when an Active Directory password changes, we tend to have some latency issues with access. It takes about 15 minutes before that password is accessible through Bitglass after the change. That would be the major thing I see as a negative.

The Active Directory password thing created a lot of negative feedback from our end user staff. As we move forward, we will probably have to evaluate that to see if it appears in other applications. At this point, we don't have any plans to discontinue it, but as we scale up, we will probably have that conversation.

Where I missed a step: I didn't provide enough training to our end user staff and system admin staff. This created some elements of frustration for them as they migrated to the cloud applications. The password synchronization piece seemed to be the big negative thing. When people can't log into an application, they get pretty uptight about it. That is probably my biggest misgiving.

The synchronization/password change issue is probably the most glaring problem that we have with it. Unfortunately, it's one that hits anybody who uses the product. Anytime their password changes, it becomes an issue.

For how long have I used the solution?

About a year and a half.

What do I think about the stability of the solution?

The solution's overall uptime is excellent. We have never really had any downtime.

We don't really do much maintenance, because there's not a whole lot to maintain. Maintenance is pretty much done by a system administrator and me.

What do I think about the scalability of the solution?

We only have about five applications that we are using. 

Our whole company is going through the solution, so there are about 170 users.

How are customer service and technical support?

Their technical support is excellent, accessible, and quick to respond. There is very little delay. We are not waiting around to hear back from them because they are right on top of it. Therefore, I would give their support staff excellent reviews.

How was the initial setup?

It seemed complex in terms of getting used to navigating the interface.

Our deployment took a bit longer because we were in the process of migrating to Office 365. I am not sure I can pin that on Bitglass, as we would have to contact them when we got a new set of users. A lot of that was us getting use to managing Bitglass. They held our hands for several months. I don't think it was because of Bitglass as much as the timing of implementing Office 365.

We were in the process of implementing Office 365 and Salesforce. This was chaotic, and not the best example of an organization going to the cloud, but we got through it.

What about the implementation team?

With their support, onboarding it was excellent. They helped us through the entire process and were easily accessible when we needed them. Their support has been excellent.

What was our ROI?

It was a good solution at the time because I didn't feel Office 365 was giving us a very robust solution. They have gotten better. So, when our renewal comes up, we will have to evaluate if we want to continue with Bitglass or if we feel that Microsoft is giving us enough of a solution.

Which other solutions did I evaluate?

We did really evaluate other solutions. We wanted something that was cloud-based, not an appliance.

This solution was recommended by a couple of third-parties who were using it.

What other advice do I have?

I would spend more time on the proof of concept than we did. We didn't really have the available applications to test it as robustly as we probably normally would have.

I would give the solution an eight out of 10. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SK
CTO at a financial services firm with 11-50 employees
Real User
Top 20
Provides a single platform for CASB and multiple types of security, allowing us to adopt more and more cloud apps

Pros and Cons

  • "The core CASB solution is the most valuable part. It allows us to put policies in place around which devices can log into our cloud applications. We have a policy that states that only company devices can access these cloud applications."
  • "Their new SASE (secure access service edge) product would have been the one thing I would have requested. Now that they have that platform, I'd like to see it as integrated and seamless as possible with the core product. That's what they're working towards and that's where we're seeing the advancements."

What is our primary use case?

Bitglass allows us to leverage cloud applications with security. What that means for us is that, as our applications are moving from on-premise to the cloud, we can have security controls on who logs in, around when they log in, and what data they're accessing. That's what Bitglass allows us to do.

We're not using the proxies. We're only using it for the login policy management.

How has it helped my organization?

We can now allow people to access cloud apps on their laptops, safely and securely, when they're not in the office. It allows us to have more flexibility, working from home or remotely during COVID. This is a security platform that allows all that to happen. Without having Bitglass, our work from home strategy would be drastically different and our potential for productivity would be reduced.

The solution provides a single platform for CASB, web security, advanced threat protection, identity, data loss protection, and zero-trust network access. It does all that in one product. It's good because it allows us to adopt more and more cloud apps. It really gives us the flexibility to pursue any new technology that is going to benefit our organization and that is in the cloud.

Bitglass also provides a single policy page to secure all of our interactions to the cloud applications. It does not do it for on-prem, in our case. It could do so, but not the way that we have it configured. But for our cloud interactions, we have unifying policies; a single spot on the platform. From there, we can say, "This set of cloud applications needs to follow this policy." From that point, we can see which policies are being applied. So it's a single spot for policy management. It simplifies our security operations.

What is most valuable?

The core CASB solution is the most valuable part. It allows us to put policies in place around which devices can log into our cloud applications. We have a policy that states that only company devices can access these cloud applications. Our most sensitive data lives in our email, which is in the cloud, and in Slack, which is our messaging platform, and it lives in Box which has all of our files. The ability to access all of that, our critical data, has to be from a device that's company-issued so we know that the security level and the encryption level are up to a certain point.

It does a great job of securing us against data breaches and attacks. Prior to our moving over to Bitglass, we had one incident where someone's password was compromised. Whoever the hacker was, was able to log in and then send emails on behalf of this individual at our company. After we implemented the Bitglass solution in front of email, that scenario was no longer possible. They can't log in from a device that's not company-issued because now we have these policies set in place.

In terms of how the solution secures us against data leakage, their technology is good in the sense that it resides at the login point. That means that at the point that you're trying to get to the application, you need to fulfill a certain set of applications or a certain set of policies.

What needs improvement?

Their new SASE (secure access service edge) product would have been the one thing I would have requested. Now that they have that platform, I'd like to see it as integrated and seamless as possible with the core product. That's what they're working towards and that's where we're seeing the advancements.

For how long have I used the solution?

I have been using Bitglass for over two years.

What do I think about the stability of the solution?

The solution's overall uptime is good. We haven't had downtime for Bitglass in production. 

What do I think about the scalability of the solution?

For us, it's scalable. We have not seen any issues.

We've got a 50-user license for our company. The users are from across the company, and our adoption rate is 100 percent.

How are customer service and technical support?

Their tech support is good. They're a 10 out of 10 in responsiveness and they're an eight out of 10 in getting the resolution, which usually involves code changes.

Which solution did I use previously and why did I switch?

This is our first CASB solution. We went with Bitglass for the security of our cloud apps.

How was the initial setup?

The setup is fairly straightforward. It's not perfectly straightforward because you need to understand how it integrates within your cloud apps. Once you have the connection, the identity providers, then setting up the policies is easy.

We ran deployment and testing for about a month before going live.

In terms of our implementation strategy, we had a separate instance of the cloud apps running in parallel to test out all the policies and to fine-tune all of our policies. Once that was complete, we used that on our production tenant.

What about the implementation team?

We worked with an integrator called RFA, but we did most of the testing on our side.

What was our ROI?

We have absolutely seen return on our investment with Bitglass. From a cybersecurity standpoint, we have more controls. And from a productivity standpoint, we have more and more cloud apps that we have deployed, and that's really working in our favor.

Which other solutions did I evaluate?

We looked at Netskope and Skyhigh, but that was this two years ago so our comparisons are fairly outdated now. But at that time, Bitglass had the best SAML integration, which is the identification and integration services. That was the key for us as we were looking to connect into a lot of cloud applications.

What other advice do I have?

You should definitely look at Bitglass as part of your process. I think it's still best of class and I think there is a lot of innovation that's happening at Bitglass. In terms of a CASB, and in terms of this new product for SASE as well, they are the best in terms of the feature set that they're offering.

As for maintenance, we've got one infrastructure engineer and part of his responsibilities is to look at the weekly logs for Bitglass to see if there are any unusual connections.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
David Levine
Vice President, Corporate Information Security & Chief Security Officer at Ricoh Americas
Real User
Top 10
Controls unmanaged devices, preventing them from being able to download full clients

Pros and Cons

  • "The initial setup was straightforward, which was a huge win. That mostly goes to the fact that they are agentless. We didn't have to sit there deploying thousands of agents and all the things that go along with that type of deployment. We were up and running very quickly."

    What is our primary use case?

    We started with a very clear primary use case, which is what landed us on Bitglass: The need to protect Office 365. More specifically, we wanted to make sure that untrusted devices would not be able to download the full O365 client. 

    Granted, you can do that with Microsoft tools, if you purchase some of their additional solutions. However, we decided that it made more sense for us to go with an independent CASB that we could leverage for other things as well.

    Since the initial deployment, we have looked to expand well beyond the initial use case to protect additional cloud-based environments as well as implement additional functionality, such as DLP.

    How has it helped my organization?

    While you can't ever guarantee you can prevent a breach, I think Bitglass and their solution are a key component in helping secure our environment. We would not be with them if they weren't a valuable partner, as CASBs, in general, are a key piece of an overall security ecosystem.

    In our case, controlling unmanaged devices and preventing them from being able to download full clients is a significant piece of the security and governance overall puzzle. To really control specific data leakage, you would need to fully implement DLP. So, we are in the process of evaluating the Bitglass DLP functionality, though we have not operationalized it yet. It certainly has the capability to secure against data leakage.

    What is most valuable?

    The platform has a lot of great features that can be utilized, e.g., we have been looking at DLP. 

    They have some tie-ins to other partners, which is good. 

    What needs improvement?

    A few minor items for consideration:

    • Enhanced reporting ( e.g. a report to find out how many users are in specific Bitglass group).
    • MFA Enhancement: Perhaps adding an MFA Application.

    For how long have I used the solution?

    We started looking at them back in 2017, but we didn't implement until 2018.

    What do I think about the stability of the solution?

    We haven't had any issues with latency; certainly nothing systemic. It operates seamlessly behind the scenes and the uptime has been excellent. 

    100 percent dedicated staff is not needed. We have one engineer, who is the primary contact for the solution, but is not even remotely close to be dedicated to it.

    What do I think about the scalability of the solution?

    The scalability is excellent. I don't have any concerns. We have a tremendous number of clients, not agents, routing through it. 

    We are in the process of expanding our usage now. Our longer-term plan is to sweep much more under CASB.

    How are customer service and technical support?

    The support and company engagement from day one have been great about being open and available. Over time, I have gotten to know all levels of people within their company, including the CEO, and you can't always say that. It goes to their dedication to their customers and company culture. 

    It has been a tremendous partnership working with Bitglass. They took the time to understand our use case and have remained just as engaged today, even through their tremendous growth, as they were in the initial sale cycle. One of the things I say a lot, "There are vendors and there are partners." Everybody is good at doing the right thing when everything's going well. But, how a company reacts when you need help or if you have an issue is the true measure of the relationship. To that point, Bitglass has really been a true partner.

    Which solution did I use previously and why did I switch?

    This was our first foray into CASBs.

    How was the initial setup?

    The initial setup was straightforward, which was a huge win. That mostly goes to the fact that they are agentless. We didn't have to sit there deploying thousands of agents and all the things that go along with that type of deployment. We were up and running very quickly.

    We do have a very small number of users using the agent as their standard proxy. However, almost our entire deployment is agentless, which is one of the things that attracted us to Bitglass.

    Once testing was complete, and given the agentless nature of the solution, the deployment was straightforward and the time to realize benefit was really short.

    What about the implementation team?

    We were initially up and running (with some tweaking and tuning) in about a day. Once Bitglass had the environment setup, it was just a matter pointing our Office 365 environment to route through them.

    What was our ROI?

    ROI on a security tool is always kind of a tough one, because it's usually risk mitigation. There isn't always a hard dollar ROI, but the solution has absolutely done what we wanted it to do.

    What's my experience with pricing, setup cost, and licensing?

    Typically, the longer you price forward, the better off you're going to be. They have been very willing to work with us on pricing.

    Which other solutions did I evaluate?

    We certainly evaluated several other products. 

    What other advice do I have?

    A true single pane of glass is not easy to achieve. The more you do with them, the more you can move towards that goal. As they continue to increase their functionality, the solutions that they offer, and the partners/integrations they have, they are certainly moving more in the single pane of glass direction. For security professionals and CISOs, as much as we can declutter and simplify, that's a great thing.

    For us, it has done exactly what we wanted it to do. Bitglass continues to be a valuable partner: 

    • The relationship is good. 
    • Support is good. 
    • The solution works well.

    I would rate this solution as a nine plus out of 10.

    I did a video with Bitglass a couple years ago. It's out on YouTube. If you Google my company, Ricoh, and Bitglass on YouTube, the video will pop right up. There is a lot of good info there.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    RK
    Director, Cloud & Data Security at a financial services firm with 5,001-10,000 employees
    Real User
    Top 20
    Provides the level of protection that we need for BYOD devices, but they need to mature their SASE solution

    Pros and Cons

    • "The solution’s AJAX-VM provides constant reverse proxy uptime. It has been very positive for our security operations. When people are trying to access the SaaS solution, it protects us from downloading any of that data and experiencing any type of attacks"
    • "Initially, we had some challenges that Bitglass resolved quickly. The challenges were around communication. There didn't seem like there was the right level of communication within the Bitglass organization. Once we brought the issues up at a higher level, then they were resolved."

    What is our primary use case?

    The use case is around protecting data on BYOD devices where users can access any type of data.

    How has it helped my organization?

    It is overall a good solution for securing against data breaches and attacks, but there is no 100 percent guarantee in software. We feel that it is a pretty solid product for protecting data on the public cloud.

    The solution’s AJAX-VM provides constant reverse proxy uptime. It has been very positive for our security operations. When people are trying to access the SaaS solution, it protects us from downloading any of that data and experiencing any type of attacks.

    We mostly use it for CASB. It has a very light weight impact in that it doesn't really affect anything from an operations perspective. It is helping our monitoring, which results in better security, threat protection, or security posture.

    When we have had enhancement requests, they have been able to fulfill those based on our changing needs. Therefore, we feel it's a pretty good solution.

    What is most valuable?

    Depending on the company, the data leak prevention or protection is the most valuable feature. DLP is the capability that we leverage. 

    We leverage the impossible travel event type of capabilities and the reverse proxy capabilities. They protect and provide data protection, which basically help us with unauthorized access and protecting data on all transactions. This is important. These features focus on cloud applications, and that's where we use them.

    We have tested and monitor how the solution secures us against data leakage. We feel that it is pretty good from that perspective.

    Through their security portal, that is where we configure policies and any sort of security. This positively affects our security operations. We can go to one place and make the changes we need to, which saves time by providing easy access.

    What needs improvement?

    They need to mature the SmartEdge Secure Web Gateway (SASE) solution. It is still very early as a product based on industry standards.

    For how long have I used the solution?

    Two years.

    What do I think about the stability of the solution?

    The stability is excellent. We have not seen any issues.

    We have not seen any latency issues, whatsoever. It has been very seamless.

    The solution's overall uptime is excellent.

    What do I think about the scalability of the solution?

    The solution is pretty scalable. Right now, we have 12,000 end users on it. 

    We do plan to increase usage by expanding the solution to five other applications. We find the solution to be integrable. 

    How are customer service and technical support?

    Initially, we had some challenges that Bitglass resolved quickly. The challenges were around communication. There didn't seem like there was the right level of communication within the Bitglass organization. Once we brought the issues up at a higher level, then they were resolved.

    We have found the technical support to be responsive. The turnaround time is within an hour or two.

    Which solution did I use previously and why did I switch?

    At a previous organization, I used Netskope.

    My current organization did not previously use another solution.

    How was the initial setup?

    The initial setup was complex. We had special use cases, which needed to be addressed. There was a little more configuration needed for data protection.

    The deployment took two months to get the resources design completed.

    For the use cases that we had identified, we PoC the solution first as part of our evaluation criteria. When we saw the results from it, then we were able to move ahead with design and roll up.

    What about the implementation team?

    We did the deployment ourselves with one architect and two engineers.

    What was our ROI?

    It is definitely providing us value.

    What's my experience with pricing, setup cost, and licensing?

    We have our pricing by user. We do our pricing agreements annually. There are also additional costs for maintenance.

    Which other solutions did I evaluate?

    We also looked at Microsoft and McAfee's CASB: MVISION Cloud (formerly Skyhigh Networks). The biggest goal that we had with Bitglass was our use case was actualized on BYOD. We could not get those other solutions to really provide the level of protection we were looking for coming in from a BYOD device.

    We have used competitive solutions that rely on private cloud architectures. Bitglass's uptime is very good in comparison. 

    In comparison to Netskope, Bitglass has better ease of implementation. Also, Netskope was where they said the product was two years ago.

    What other advice do I have?

    The product works, and their organization is pretty dynamic.

    Get a very clear understanding of your use case before bringing the product in. That applies to all CASBs because there are different problems for different people. I feel like a lot of people think this type of solution can solve every problem. You have to figure out what problem you're going to solve, e.g., data protection or user access. From there, the idea is to jump in and bring it on.

    This industry, as a landscape, is changing from a product perspective. I see CASB converging with other Zero Trust solutions. I am prepared to see evolution of this industry sector because of the changing cloud needs.

    I would rate this solution as a seven out of a 10. SASA and some other things are a bit premature. As an organization, they have not been in business for a very long time. That comes with some level of challenges. We had an initial support challenge, which got resolved, but that kind of highlighted, as a software company, they're still maturing and productizing their product.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Buyer's Guide
    Download our free Bitglass Report and get advice and tips from experienced pros sharing their opinions.