Using Sequence Statistics to Fight Advanced Persistent Threats
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
-
Upload
blancco -
Category
Technology
-
view
87 -
download
0
Transcript of Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
© 2016 Blancco Oy Ltd. All Rights Reserved.
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
MEET OUR SPEAKERS
2
Russ ErnstVP, Product
ManagementBlancco Technology
Group
Roger GrimesSecurity
ColumnistInfoWorld
Alice MacGregor
Deputy Editor at the Stack
© 2016 Blancco Oy Ltd. All Rights Reserved.
What We’ll Cover:
Key Factors Driving Cloud Storage Adoption
Top Data Security Priorities in the Cloud
The Realities & Dangers of Shadow IT
Uncertainty of Data Loss/Theft and Need for Data Removal Can Exacerbate Security Risks
Why Regular Audits & Monitoring Can Help Thwart Security Threats
Data Erasure Is Key When Migrating Data & Decommissioning Data Centers
© 2016 Blancco Oy Ltd. All Rights Reserved.
4
Enterprise Adoption of Cloud Storage Grows
Key Factors Driving Reliance on Cloud Storage:• Migrating away from internal data centers• Lower costs • Greater flexibility• Centralized IT control & management
© 2016 Blancco Oy Ltd. All Rights Reserved.
5
Choosing the Right Cloud Storage Provider Isn’t Always Easy
• Know when to diversify & consolidate
• Think about the physical location of data
• Don’t overlook data security regulations
• Learn about all scenarios where data removal is essential
© 2016 Blancco Oy Ltd. All Rights Reserved.
6
Fighting Off APTs, Compromised Credentials and Hacked Interfaces Are Top Cloud Security Priorities
Reasons Why Incomplete/Improper Data Removal Is Often Low Priority:• Lack of understanding about the
difference between insecure deletion and secure erasure
• Insufficient budgets to implement necessary policies, processes and tools
• Unaware of dangers that persist if/when data isn’t properly erased in various scenarios
• Incomplete view and management of data across its lifecycle
© 2016 Blancco Oy Ltd. All Rights Reserved.
7
Live Poll
How confident are you that your IT team knows about all cloud storage providers being used?
• Very Confident• Confident• Somewhat Confident• Not Confident
© 2016 Blancco Oy Ltd. All Rights Reserved.
8
Shadow IT Is a Serious Problem for Organizations
Ways to Reduce Shadow IT:• Identify where all data resides (in-house, data
centers and in the cloud)• Monitor if, where and when shadow IT occurs• Monitor if employees install WiFi hotspots on
company network• Monitor network for known and unknown devices• Establish guidelines for how cloud data is
managed by cloud providers• Conduct frequent, unscheduled audits of cloud
providers• Assess security of data in the cloud
© 2016 Blancco Oy Ltd. All Rights Reserved.
9
Uncertainty of Data Loss/Theft & Need for Data Removal Looms
Important Scenarios When Data Removal Is Critical:• When migrating to a new cloud provider• When migrating from one physical server to another• When servers or storage devices are being replaced• When regulatory requirements dictate• When customers based in EU cite “right to be
forgotten”• When terminating virtual machines in Infrastructure
as a Service environments• When spinning down unneeded development server• When data cleansing as part of regular document
management and archiving practices• After disaster recovery exercises are performed
© 2016 Blancco Oy Ltd. All Rights Reserved.
10
Live Poll
How frequently do you conduct audits of your cloud storage providers?
• Once every month• Once every 3 months• Once every 6 months• Once every 9 months• Once a year• Every 2-3 years• Rarely• Never• I don’t know
© 2016 Blancco Oy Ltd. All Rights Reserved.
11
Why Regular Audits & Monitoring Are Important
© 2016 Blancco Oy Ltd. All Rights Reserved.
12
UK Data Protection Act
Data Protection principlesSchedule 1 to the Data Protection Act lists the data protection principles in the following terms:
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –(a) at least one of the conditions in Schedule 2 is met, and(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.5. Personal data processed for any purpose or purposes shall not be kept longer
than is necessary for that purpose or those purposes.6. Personal data shall be processed in accordance with the rights of data subjects
under this act.7. Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
© 2016 Blancco Oy Ltd. All Rights Reserved.
13
EU GDPR’s Right to Erasure
When does the right to erasure apply?
The right to erasure does not provide an absolute ‘right to be forgotten’.Individuals have a right to have personal data erased and to prevent processing in specific circumstances;• Where the personal data is no longer necessary in relation to the purpose
for which it was originally collected/processed.• When the individual withdraws consent.• When the individual objects to the processing and there is no overriding
legitimate interest for continuing the processing.• The personal data was unlawfully processed (ie otherwise in breach of the
GDPR).• The personal data has to be erased in order to comply with a legal
obligation.• The personal data is processed in relation to the offer of information society
services to a child.
Under the DPA, the right to erasure is limited to processing that causes unwarranted and substantial damage or distress. Under the GDPR, this threshold is not present. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.
© 2016 Blancco Oy Ltd. All Rights Reserved.
Cloud Industry recommendations for all providers
Data Life CycleAccording to the Cloud Security Alliance, it falls to “…the provider to keep that data secure, and when it is deleted, the provider should ensure (or be able to prove) that it is permanently destroyed.”
© 2016 Blancco Oy Ltd. All Rights Reserved.
ISO Security Standards impacting Data Centers and Cloud providers
Protection of privacy and personal data in the cloud - IMPLEMENTED in H2 2014
Includes:• Cloud provider should enable the right to erase
personal data.
• Cloud provider should securely erase any temporary files in systems.
• Cloud provider should ensure that whenever data storage space is re-assigned, previously residing data is not recoverable.
© 2016 Blancco Oy Ltd. All Rights Reserved.
16
Data Erasure Is Key When Migrating Data & Decommissioning Data Centers
© 2016 Blancco Oy Ltd. All Rights Reserved.
Blancco Data Erasure Management
LUNs andVirtual Machines
17
© 2016 Blancco Oy Ltd. All Rights Reserved.
Blancco LUN Blancco Virtual
Why Blancco Data Erasure Solutions?
Benefits:• Automated erasure• Simultaneous shredding of
multiple units• More cost effective than
replacing or destroying hard drives
• Improved operational efficiencies
• Detailed reporting for audit trail and regulatory compliance
Benefits:• Enhance existing cloud security
offering (‘right to be forgotten’)• Ensure compliance with
customers’ internal requirements• Drive compliance with regulatory
requirements (i.e. PCI DSS, HIPAA, ISO 27001, EU GDPR, etc.)
• Detailed reporting for audit trail and regulatory compliance
Q&A
© 2016 Blancco Oy Ltd. All Rights Reserved.
20
Content You May Find Useful:
“Lost in the Cloud: Data Security Challenges & Risks”:http://info.blancco.com/en-rs-lost-in-the-cloud-data-security-challenges-and-risks.html
“The CIO’s Guide to Optimizing Data Security in the Cloud”:https://www.blancco.com/resources/white-papers/optimizing-data-security-cloud/
“The Information End Game: What You Need to Know to Protect Corporate Data Throughout its Lifecycle”:
http://www2.blancco.com/en/white-paper/the-information-end-game-what-you-need-to-know-to-protect-corporate-data