The biggest thing that I like about this product is that it's easy to use and teach. When we have somebody new starting to work with the product, it's easy to teach them. It's also easy to use the product as it does so much.

I'm into looking at the DLP rules and finding out where our data is going and who is accessing it, especially now that our organization has gone remote. When typically only one section of our organization has been remote (our caseworkers), now everybody is remote. Therefore, we need to know for everyone else:

• How is data governance being performed? 
• Where can we increase our security posture by ensuring policies, procedures, and compliance are being taken care of? 

Bitglass is a big part of where our data is going. Then, the fact that I can make it unusable if it goes to places that we don't think that it should, by using digital rights management (DRM).

The platform has a lot of great features that can be utilized, e.g., we have been looking at DLP. 

They have some tie-ins to other partners, which is good. 

They have an agentless reverse proxy, which is amazing. They also have an agent forward proxy, which is very helpful. That's how you can identify the company-managed devices. With SaaS-based applications, people want to be able to access their email, for example, from a personal computer. The reverse proxy allows us to protect that and keeps them from downloading PHI data to their personal computer. But once we see that it's a company-owned device, because it's a forward proxy, the agent solution enables us to relax the policies a bit and allow them to actually do their job and access the sensitive information, if they're allowed to. That's a huge piece.

We install the forward proxy on a machine and we can have it inspect the machine for certain criteria that would classify it as a company-owned and protected device. For example, we can make sure that it has antivirus, an EDR solution installed, disk encryption, and things like that. That way we know they didn't take this agent and install it on their personal machine and that this is definitely a company owned device. With that solution, we can send them through what's called the forward proxy, which allows us to open it up to do their job, and they can access sensitive information.

What's helpful about the other piece, the reverse proxy, is we can still allow them to access their email or other SaaS-based applications if we want. But, if they go to a personal device and do so, it will put them in reverse proxy and still forward proxy because it's agentless. That will allow us to identify this is a personal device and that we have to lock the policies down so they don't download sensitive information which is not allowed to be on a personal device that is not protected with company controls.

I also find the granular level of inspection that you can do inside of all the proxy traffic to be very useful.

In terms of how the solution secures us against data breaches and attacks, it works alongside an IDP solution that we have. We use Ping and they integrate together, so we can force multifactor authentication. And even if someone makes it past the multifactor authentication and login for Ping, if Bitglass doesn't have the proper SAML tokens passed to it through the SAML insertion, it will not allow access to those sensitive applications. Let's say someone were somehow able to hack someone's credentials and hack multifactor authentication. That's a tall order. But at the same time, Bitglass will be able to take a unique login that happened somewhere else — for example, the user is here in Tennessee, but now you have a login 500 miles away or 300 miles away, as well. Bitglass will be able to detect that and stop it because it's an invalid login. It knows that it's suspicious.

The solution is very good when it comes to securing us against data leakage, because of the other proxy. It also has API scanning or data at rest. It inspects data in motion, which is the proxy, and then it has the data at rest, which is the API scanning. We can inspect for anything we want: file fingerprinting, PHI-sensitive data, PCI-sensitive data. It does not matter. We can usually find it and block it in transit and do our remediation with it. It could either be block, encrypt, or allow and watermark the file to follow it and see where it goes. It allows for those different scenarios.

Depending on the company, the data leak prevention or protection is the most valuable feature. DLP is the capability that we leverage. 

We leverage the impossible travel event type of capabilities and the reverse proxy capabilities. They protect and provide data protection, which basically help us with unauthorized access and protecting data on all transactions. This is important. These features focus on cloud applications, and that's where we use them.

We have tested and monitor how the solution secures us against data leakage. We feel that it is pretty good from that perspective.

Through their security portal, that is where we configure policies and any sort of security. This positively affects our security operations. We can go to one place and make the changes we need to, which saves time by providing easy access.

By default without a policy, Bitglass has the capability to notify the admin of multiple or simultaneous logins across a wide range of geographical regions. The solution will take action if the same credentials are used in multiple regions at the same time, preventing unauthorized access.

I find the login features probably the most valuable. If somebody is having trouble logging into Office 365 or Salesforce, I can typically verify, "Yes, indeed. I see you're not able to connect." I can usually figure out why they're not connecting correctly, such as, putting in the wrong user ID or password. Or, they might not have a valid certificate to connect to those applications.

Identity simplifies our cloud security ops. It gives us a single pane of glass for our cloud-based apps. Because Office 365 tends to be slow to navigate though, this gives us quicker access. 

The initial login into Salesforce or Office 365 can be slow. However, once Bitglass has been established, it's not really noticeable.

They are improving their interface all the time, which is helpful. They have done some changes to make it simpler.

Forcepoint ONE is okay for me, and I find it a very good solution. Its most valuable feature is monitoring. Its monitoring is very good, and it can communicate with a SIEM system. I also find the DLP feature of Forcepoint ONE good.

The core CASB solution is the most valuable part. It allows us to put policies in place around which devices can log into our cloud applications. We have a policy that states that only company devices can access these cloud applications. Our most sensitive data lives in our email, which is in the cloud, and in Slack, which is our messaging platform, and it lives in Box which has all of our files. The ability to access all of that, our critical data, has to be from a device that's company-issued so we know that the security level and the encryption level are up to a certain point.

It does a great job of securing us against data breaches and attacks. Prior to our moving over to Bitglass, we had one incident where someone's password was compromised. Whoever the hacker was, was able to log in and then send emails on behalf of this individual at our company. After we implemented the Bitglass solution in front of email, that scenario was no longer possible. They can't log in from a device that's not company-issued because now we have these policies set in place.

In terms of how the solution secures us against data leakage, their technology is good in the sense that it resides at the login point. That means that at the point that you're trying to get to the application, you need to fulfill a certain set of applications or a certain set of policies.

• Location proximity mapping
• Data type inventory
• Simple integration