Any Custom
Application
CipherCloud® Cloud Access Security Broker (CASB+) for
Your Custom Applications
CipherCloud CASB+ AnyApp for your custom DATA SECURITY. CipherCloud CASB+ provides
applications provides unparalleled protection for industry-leading end-to-end Zero Trust encryption,
your users and data, giving you complete control over and comprehensive key management with the
user access, their activities and data access. Deep flexibility to address any mix of security requirements
visibility, end-to-end data protection, advanced threat for your cloud-based custom applications. Our data
protection, and comprehensive compliance capabilities protection, data loss prevention (DLP), native device
ensure enable you to safely and securely deploy all management, secure offline data access, automated PII
of your custom cloud applications. The cloud-native anonymization, and HSM support are available in one
CASB+ platform provides end-to-end data protection scalable platform.
for enterprises adopting cloud services, ensuring ✛✛ Data loss prevention (DLP) protects your sensitive and
confidential and sensitive data is protected at all regulated custom applications content. CipherCloud
locations - in the cloud and on users devices. The CASB+ CASB+ helps you discover sensitive content and then take
capabilities enable you to deploy your cloud-based necessary action based on compliance requirements and
custom applications with the confidence of keeping risk. CipherCloud CASB+ prevents the upload of sensitive
control and knowing your data will always be protected. and regulated content defined as containing PII, PCI, PHI
or other sensitive or confidential material. This content can
also be encrypted on-the-fly during the upload to ensure
Important CASB+ Use Cases for that it is compliantly protected.
Your Custom Applications ✛✛ Our comprehensive data security also includes our
native Digital Rights Management (DRM). Data that is
VISIBILITY. CipherCloud CASB+ provides deep visibility downloaded from your cloud-based custom application
into your cloud-based custom applications. This lets to a user’s device can be protected based on predefined
policies, including defining what devices are allowed
you better understand how data is being shared by the
to access the data (for example, that users cannot use
application users. This visibility also helps you identify
personal devices to access sensitive data). In the event
and protect sensitive and private regulated data so that
that downloaded data needs to be protected from misuse
you can prevent accidental disclosure or exposure. (for example, former employees taking customer data),
✛✛ CipherCloud CASB+ supports Deep Forensic Analysis and the administrators have the ability to retract access to the
eDiscovery across all of your custom applications so you data, even if it was downloaded and copied to another
can quickly validate non-compliant behavior. device. Real-time key revocation can protect data on even
lost and stolen devices.
1
�THREAT PROTECTION. CipherCloud CASB+ brings ✛✛ Our Virus/Malware (AVAM) protection can defend against
advanced protection to identify and stop threats that virus, malware, and ransomware to help keep your cloud-
are being shared through your custom application based custom applications safe. URL link protection and
services. This protection includes capabilities such on-premise sandbox integration enable us to discover and
remediate even the most challenging Zero-Day threats.
as adaptive access control, user and entity behavior
For example, AVAM can detect and isolate an infected
analytics, virus/malware protection, and our cloud
document before the malware spreads across your cloud
access control.
documents.
✛✛ Our Adaptive Access Control (AAC) can also block
✛✛ Our Cloud Access Control (CAC) brings layers of
access, even to what appear to be authorized users, based
important controls to protect your Office 365 cloud
upon platforms used, time of day, originating location,
during the upload and download of files. For example,
and more that might suggest the theft, compromise of
CAC can scan and evaluate the content based on multiple
authentication credentials, or a sophisticated cyberattack.
parameters that may include: user name, user groups,
For example, if someone attempts to login in using your
managed versus unmanaged devices, risky IP addresses,
credentials, one hour after you have logged in from
locations (example - only allows office network connected
Detroit, Michigan, but they are located in Shanghai, China,
upload), compromised or non-compliant devices, and the
AAC would immediately identify and stop this activity.
encryption of documents prior to upload or download to
✛✛ Our User and Entity Behavior Analytics (UEBA) capability your custom applications.
uses machine learning to monitor user activity, including
✛✛ Our Cloud Security Posture Management (CSPM) brings
time of day of activity, attempts at bulk file download,
continuous oversight and real-time guardrails to protect
and other anomalous behavior. UEBA can make real-
critical administrative and configuration controls in
time decisions to flag unusual activity or block it based
your many IaaS environments, including Amazon AWS,
on variation from normal patterns. For example, if an
Microsoft Azure, and Google Cloud Services.
employee starts downloading unusually large amounts of
documents at 1 am, this would be flagged as anomalous
behavior and stopped.
2
�COMPLIANCE. CipherCloud CASB+ enables your Benefits for Your Cloud-Based Custom
cloud-based custom applications to be compliant with Application Users Include:
a broad mix of current and pending global privacy
and compliance regulations, as well as any local data
residency laws. This includes the controls necessary to Accelerate Cloud Adoption. Move to your application
support cloud-based applications under GDPR, HIPAA, clouds faster by overcoming cloud security, data
PCI-DSS, GLBA, California Consumer Privacy (2020), privacy, and compliance obstacles.
Sarbanes Oxley Act, FISMA, ITAR, NERC CIP, and much Increase Cloud Visibility. Discover your custom
more. application cloud usage, data movement, and user
✛✛ The CipherCloud CASB+ platform provides the ability activity to minimize data loss and compliance risk.
to protect data within your custom applications with you
Reduce Cost of Ownership. One centrally controlled,
holding control of who has access to the data - even the
easy-to-deploy hosted or hybrid platform to address
provider's super administrators cannot see your data
all enterprise cloud requirements, provide end-to-end
without your explicit permission and granting access. With
the CASB+ platform, you can define a single set of security data protection, and minimize the scope of compliance
and compliance policies for your custom applications audits.
from a single console, eliminating per-application security Minimize Data Breach Risks with Powerful Data
complexity or security misconfigurations.
Protection. End-to-end data protection and other
✛✛ Our unique Hybrid Deployment allows any multinational key features ensure data is never stored in cloud
enterprise to manage one integrated secure deployment applications or cloud platforms unprotected,
for key cloud applications across multiple countries with minimizing the risk of data breach, financial loss, and
controls and key management configurable to comply reputational and legal impact.
with any industry regulatory requirement or local privacy
law. Each country may have different compliance controls Prevent Forced Third-Party Disclosures and Be
for data privacy, data protection, data sovereignty, and in Control. CASB+ brings a unique and powerful
data residency. The CipherCloud CASB+ platform can encryption key management capability to your
do this by supporting any combination of customer- cloud-based custom applications that is always in the
controlled keys, for multiple applications, in configurations customer’s jurisdiction. No matter who requests access
that can include one or more on-premise key management to the data, from third parties to the cloud provider,
systems. only the customer can grant or deny access.
✛✛ With the CASB+ platform, you can greatly simplify SaaS Enhanced Collaborative Governance. CASB+ provides
application licensing and administration with a global
a full solution for the collaborative sharing of data
deployment, while controlling user and regional access to
with third parties, including full control over sensitive
restricted data.
content, full monitoring, and logging of all cloud
activity.
Enterprise Integration The Most Comprehensive Solution for Global
Compliance Requirements. The CipherCloud CASB+
All of your cloud-based custom application traffic can architecture can uniquely address any mix of global
be integrated with your security information and event compliance requirements and local privacy laws to
management (SIEM) system to improve the probability simplify your cloud-based application adoption and
of identifying critical incidents of compromise (IOCs). reduce costs.
Further, we integrate with other important enterprise
applications and infrastructure to include data loss
prevention (DLP) systems such as Symantec, mobile
device management (MDM) systems such as Airwatch,
Sandbox engines such as Juniper SkyATP, and more.
3
�CipherCloud CASB+ is the Best Cloud Security The Largest Multinational Companies in the
Solution for Your Custom Applications World Use CipherCloud
Unified. One Single Integrated CipherCloud CASB+ ✛✛ 5 of the Top 10 U.S. Banks
Platform provides all of the key CASB components. ✛✛ 6 of the Top Banks Worldwide
Total Cloud Control. CipherCloud CASB+ provides ✛✛ 3 of the Top 10 Insurance Firms
total control of any user, any device, managed or BYOD,
✛✛ 3 of the Top 10 U.S. Health Care Firms
anywhere in the extended enterprise, and enforces
policies to mitigate risk. ✛✛ 3 of the Top 10 Pharmaceutical Firms
Seamless. CipherCloud CASB+ extends data protection ✛✛ 2 of the Largest Telecommunications Firms
transparently to the user experience, ensuring ✛✛ Government agencies in the United States, United
application workflows are not affected. Kingdom, Canada,
Australia, and beyond
End-to-end or Zero Trust Encryption. Zero Trust
Encryption completely protects data in the cloud
from the enterprise “edge” and back. Data remains About CipherCloud
encrypted at rest (database), in motion (middleware,
API’s, network), and in use.
CipherCloud, a leader in cloud security, provides an
Native Digital Rights Management. Built-in DRM award-winning cloud security platform delivering
completely controls devices that access sensitive powerful end-to-end protection for data resident in
encrypted data. DRM tracks all movement of data, and the cloud, threat prevention, visibility, and compliance
restricts access in real-time, and secures documents for enterprises to adopt cloud with confidence.
even when offline. Uniquely, CipherCloud provides the deepest levels of
Secure and Simple Collaborative Governance. Secure data protection in real time to provide an immediate
Collaboration without cumbersome portals or other 3rd solution for challenging cloud security and compliance
party tools. requirements. The world’s largest global enterprises
and government institutions in over 25 countries
Agentless - Built for Speed. CipherCloud CASB+ does protect and secure their cloud information with
everything you need without the unnecessary overhead CipherCloud.
of yet another agent sitting on your endpoints.
No Reconfiguration of Your Network. CipherCloud
CASB+ blocks unsanctioned clouds using your
existing network infrastructure. No complex network
reconfiguration or traffic routing required.
Unique Hybrid Architecture. CipherCloud CASB+
supports multiple on-premise KMS. Data encryption
keys are retained exclusively by the customer.
© 2018 CipherCloud, Inc. All rights reserved. CipherCloud® is a registered trademark of CipherCloud, Inc. All other
trademarks are the property of their respective owners. Cyber Killchain® is a registered trademark of Lockheed Martin.
SharePoint®, OneDrive® and Office 365® are registered trademarks of Microsoft®. SAP® SuccessFactors® are registered
trademarks of SAP. ServiceNow® is a registered trademark of ServiceNow®. Salesforce® is a registered trademark of
[Link]. Zendesk® is a registered trademark of Zendesk. OneLog™ is a trademark of OneLog. Box® is a registered
trademark of Box. Dropbox® is a registered trademark of Dropbox.