Transcript
Look, we we spend, um, a lot of time, right, uh, with our work applications. So it's not uncommon for people to use their personal, their work device to, to access personal applications, whether they're checking their email or, um, or, or maybe their personal Dropbox or Box or whatever it is. Sometimes maybe that's a bit of a shadow IT issue, right? I'm trying to circumvent, um, a flow, uh, meaning maybe there's a limit on the company, um, uh, right, repository or I don't have access to it or whatever. Um, and I tend to use my own Dropbox or Box, right? So some of it happens as well. So these are, these are interesting use cases. Um, and look at the end of the day, um, we just need to see what, what is happening, um, and be able to apply the right policies against these use cases to one, um, ensure that the company doesn't lose data, but two also let employees continue to do what they're doing, um, and not, you know, and put the right, uh, the right policies in place to ensure that sensitive company sensitive data, um, does not leave the organization. Okay. So let's let's dig a little deeper into some of these use cases. Right. So we we do need what what's called at this point is tenancy restrictions. So meaning, I want to be able to access Gmail. But I have a company Gmail and a personal Gmail or I want to be able to access Box, but I have my own personal Box account. And there's a, there's the company Box account, right? Um, and, and that kind of tenancy restriction is incredibly important, uh, for organizations to be able to do. It's a granular way to, to control that sensitive data and still allow users to go about their day to day business, right? Now, um, the there are multiple ways to get this done also, including, uh, having a solid endpoint solution, right? Um, if if we think about it, I mean, endpoint is really the device that allows us to connect to everything. Um, it's where we create data, it's where we type things out with our keyboard. So, having that visibility and control starting with the endpoint is incredibly important. So let me go through a couple of of just quick use cases there, right? So the ability to control um, data going from my personal email or right, um, to my work email, um, and again, I mentioned I've done this, uh, accidentally in the past where I would, I cc myself and I've accidentally cc'd my personal Gmail, um, as I'm working, right? That's a really interesting use case that you should have some policies around. The exact same thing, um, with work. Now, I want to allow, um, uh, my partners to be able to, uh, to, for instance, share sensitive data, um, but I also want to have different policies for different types of users, my employees versus versus my partners. Right. Um, so that's a user base, um, um, app control function there. And then if we think about this, at the end of the day, um, as I was saying, right, we need to have, understand what is that data to begin with. So having DLP that identifies that data and understands what kind of sensitivity that data has in it is, is also important. OK. Now, here's where it gets a little interesting. Um, we are in a world of collaboration and and both, uh, you know, you, employees, partners, vendors, contractors. Right. The list goes on, um, eh for BYO and BYO doesn't always necessarily mean contractors, vendors, etc. It could also happen from a merger and an acquisition perspective where we just acquired another company and all those devices now are BYO, as far as I'm concerned. They're unmanaged devices. I don't trust them. Um, but I have to give them access to my environment. The use cases here are endless um, and uh, browser isolation is, is the solution. Um, and browser isolation is this incredibly powerful, um, way of allowing access to any user, any device to cloud applications, but restricting what kind of access they have to those cloud applications through a, an intelligent browser, okay. Let's talk about those use cases. So um, so for instance, um, we just acquired a, a a new company. They're all employees. Um, and I'm going to give them browser isolation access to all my sensitive data such as Salesforce, as an example. Now they will have access to that data. They can view that data. They can run their reports. But we're going to do things such as block the ability to take screenshots of it, right? We're going to fingerprint that screenshot. If you try to take it, we're going to, uh, be be able to put restrictions on the downloading of that, of, of that, um, uh, application or report or whatever, that sensitive data. Now, this is powerful both for partners. Um, you've got right, you've got that, uh, partner use case where now I can allow temporary contractors. I can even do things such as, hey, um, you're a contractor for three months. I'm going to set your your access to these specific applications, and I'm going to create this portal just for my for my new contractors or partners or employees, whatever. Um, and it's like an IDP, right. And, uh, um, a a a a internal application portal where you can log in to these different applications. So, now I don't have to give you access to my entire organization, through VPN, for instance, I'm going to give you a portal where you can access specific sensitive applications or specific applications. And I'm going to add additional policies within these applications. Right. So that browser isolation, um, is absolutely key for you to operationalize. If we think about what organization do we know that doesn't have partners, contractors, vendors that they deal with that they need to provide access to, right? Um, and that should be thought about as a foundational aspect of your data protection solution.
