1 1 Securing (Accountability for) Cloud Content Peter McGoff – SVP and General Counsel.
-
Upload
cordelia-gibbs -
Category
Documents
-
view
214 -
download
0
Transcript of 1 1 Securing (Accountability for) Cloud Content Peter McGoff – SVP and General Counsel.
22
Definition of Accountability
In the context of corporate data governance:
“Accountability is the obligation to act as a responsible steward of the personal information of others, to take responsibility for the protection and appropriate use of that information beyond mere legal requirements, and to be accountable for any misuse of that information.” (Galway Project)
33
We’re focused on serving the complex needs of enterprises
of all sizes.
Box is a leader in the enterprise content collaboration space.
44
Box Architecture Design Principles
• Secure: Control, visibility and integration
• Enterprise-grade: Scale, reliability and speed
• Sustainable: Rapid innovation, quality and simplicity
• User Focus: Elegant and user-friendly
66
Box Investment in the Enterprise
* Upcoming
2007–2008 2009–2010 2011–2012 2013+
100 employees
1K+ employees
10K+ employees
100K+ employees
Admin Console
Identity Integration
Full-text Search
Activity Reporting
Admin Files
Trusted Access
Advanced Reports
Box Accelerator
Two-Factor Login
Device Pinning
Collaboration Controls
Content Policies*
Metadata
Content Workflow
eDiscovery*
77
Intelligence(visibility, monitor, report, search – all across the platform)
Users (identity mgmt.; who has access to what content?)
Devices(secure physical and
virtual endpoints)
Apps(secure physical and virtual
endpoints)
Content
Redefining Cloud Content Security
88
End to End Security
• User and group controls• Powerful Admin control tools• Reporting API• Advanced search• BI platform integrations• Alerting and notifications• Audit trail logging
• Hardened datacenters• Active threat detection• 24x7x365 NOC monitoring• Most secure cloud platform• Broad compliance footprint • Stringent vendor/supplier
security requirements
Security Admins Platform
• 256-bit AES encryption• FIPS 140-2 Module (NIST std.) • SSAE16 Type II datacenters• SSO, AD, and authentication• Deep sharing permissions• ISO 27001-2005
vendor/supplier baseline
99
Users: Centralize Identity and Access
Permissions and Smart Links
Identity Management: AD, SSO and 2FA
Trusted Access Management
1010
Native Two-step Auth
• Expanding choice for all
• For admins:–Require for all users–Or, permit opt in
• For end users:–Opt-in for their account–Secures web, mobile,
partner apps
Broad SSO partnerships
Users: Access Control Choices
1111
Advanced search
• By user, content type, date, size and context
• Quick, powerful targeted queries
Reporting, Audit, & SIEM
• Full audit trail logging
• Fast reporting
• BI and real-time alerts
• Strong partnerships
Intelligence: Monitor, Search, Audit
1212
Comprehensive, global compliance program
SSAE16 Type II, SOC1 and SOC2Fully tested and verified by 3rd party
Safe Harbor, EU and SwissInternational data privacy controls and enforcement
HIPAA and HITECHTrusted platform for PHI, PHRs and medical research
ISO 27001Global information security and systems controls
1313
Don’t forget: Disaster Recovery and Business Continuity Planning
• Disaster Recovery (DR) – Technology and plans to get the Site “back up and running” with minimum disruption to customers
• Business Continuity Plan (BCP) – Box has a roadmap plan for continuing operations under adverse conditions such as a regional catastrophe or criminal attack.