Bitglass - Experts & Thought Leaders

Bitglass, the Total Cloud Security Company, has been awarded U.S. Patent No. 10,855,671 for another fundamental invention in transparent, contextual access control of cloud services. The announcement comes on the heels of a first foundational patent (U.S. Patent No. 10,757,090) for contextual access control. Industry-standard These inventions enable the transparent enforcement of contextual access control on cloud applications via a control point (CASB) inserted between an Application and an Identity Provider (IdP). In U.S. Patent No. 10,757,090, the insertion is in the order Application -> CASB -> IdP. In US Patent No. 10,855,671, the insertion is Application -> IdP -> CASB. Since their initial filings in August 2013, these patented inventions have been adopted widely by other foremost cloud security vendors seeking to enable inline security, and are now considered the industry standard for addressing business-critical security use cases. Enabling access In US Patent No. 10,855,671 (ACS proxy mode), once the user has been authenticated by an Identity Provider, the CASB considers the risk profile of the user and determines the level of access to allow. The CASB may permit direct access to the application, proxied and controlled access to the application with data and threat protection enforced, or deny access altogether. In comparison, in U.S. Patent No. 10,757,090 (SAML relay mode), the CASB intercedes between the application and the IdP and is aware of both successful and unsuccessful login attempts, thereby enabling stronger anomaly detection and Denial of Service protection. Integration Because this approach is cloud-native and requires no agents, it’s transparent to the end-user" “Our CASB platform can integrate with any IdP you have in place and can secure access to any cloud resource,” said Anurag Kahol, CTO of Bitglass. “Because this approach is cloud-native and requires no agents, it’s transparent to the end-user and can secure any device, including employees’ personal endpoints.” Real-time security “This patent firmly establishes that Bitglass invented the foundations of contextual access control for the cloud,” said Nat Kausik, CEO of Bitglass. “This is why our CASB remains the industry standard for organisations that need real-time security. It is this same CASB that is now a part of our Secure Access Service Edge offering, along with our SmartEdge Secure Web Gateway and our real-time ZTNA.”

Bitglass, the Total Cloud Security Company, has received full scores across all nine criteria in KuppingerCole’s Market Compass on Cloud Access Security Brokers (CASBs). The report covers vendors with offerings that address the challenges of security and compliance when using cloud services. This is the fourth time KuppingerCole has included Bitglass in its CASB Compass, demonstrating the company’s strong and consistent market validation. The criteria against which participants are reviewed include security, interoperability, usability, deployment, discovery, access control, data protection, compliance, and posture management. In addition to securing top marks for the above criteria, Bitglass’ CASB was selected as the solution “Featured for Innovation,” highlighting Bitglass for pushing the cloud security space forward with its advanced technologies. Agentless reverse proxy One major problem with the deployment of CASB is the need to install agents on devices or as part of a forward proxy" Specifically, the report focused on the uniqueness of its agentless reverse proxy. Powered by patented AJAX-VM technology, which ensures performance and uptime as applications are updated, Bitglass’ reverse proxy delivers agentless, real-time protection for any app accessed by any device - including personal devices. Additionally, the Market Compass highlights Bitglass’ SmartEdge Secure Web Gateway (SWG). As the world’s only on-device SWG, it decrypts and inspects traffic locally via a SmartEdge agent on each device, forgoing the need for on-premises appliances, VPNs, cloud proxies, and network hops. Real-time data “One major problem with the deployment of CASB is the need to install agents on devices or as part of a forward proxy,” says KuppingerCole analyst and author of the report Mike Small. “The Bitglass solution leverages patent pending AJAX-VM agentless reverse proxy capabilities. This enables the Bitglass solution to provide support to any application with real-time data and threat protection, identity, and visibility.”

Bitglass, the total cloud security company, has been awarded U.S. Patent No. 10,757,090 for its fundamental invention of the SAML relay, for transparent, real-time access control of cloud services. Since the time the patent was filed in 2015, the technology has become widely adopted by leading cloud security vendors. The SAML relay allows for a security broker or proxy (aka CASB) to be transparently inserted into the traffic flow between users and cloud services, during the login process. Once the user logs in, the CASB considers the risk profile of the user, and determines the level of access to permit the user. The CASB may permit direct access to the application, proxied and controlled access to the application with data and threat protection enforced, or deny access altogether. Transparent cloud security Anurag Kahol, CTO of Bitglass, said, “Since Bitglass’ founding, we’ve recognised that many organisations need a cloud-based solution that can secure application access from any device, whether a corporate device or a personal device. Our SAML relay technology has become the standard for enabling secure, ubiquitous access.” “This patent is further recognition that Bitglass is the architect of SAML relay and reverse proxy technology that all CASB vendors have imitated,” said Nat Kausik, CEO of Bitglass. "For organisations that need transparent cloud security, the Bitglass CASB remains the solution of choice. Today, it is a core component of our SASE offering, along with our SmartEdge Secure Web Gateway and our zero trust network access.”