CSA Research: Mitigating Cloud Threats
-
Upload
bitglass -
Category
Technology
-
view
126 -
download
0
Transcript of CSA Research: Mitigating Cloud Threats
webinaraugust 30
2016
mitigating risk for cloud
applications
STORYBOARDS
core questions
■ What are the top cloud security threats facing enterprises?
■ How should cloud app vendors approach government cooperation?
■ What capabilities are most valuable for protecting data?■ Do IT leaders have adequate visibility into user activity?■ How are organizations dealing with the shadow IT threat?
STORYBOARDS
■ A few organizations now cloud-only
■ Most cloud-first or shifting to a cloud-first mentality
■ Rate of adoption continues to grow rapidly across all industries
cloud adoption continues to risemost organizations have deployed at least one cloud app
poll:what are your
top cloud security
concerns
STORYBOARDS
biggest concern - external sharingfollowed by unauthorized devices, data sync
■ Nearly 60% see external sharing as a key concern○ Cloud apps have made one
click sharing easier■ Data sync concerns suggest
orgs need control over sync clients
STORYBOARDS
■ Organizations need solutions that leverage cloud APIs for control over sharing
■ Real-time DLP limits risk at access and download
■ UEBA trending up
sharing controls and DLP top cloud sec capabilitiesaccess controls are increasingly valuable
STORYBOARDS
■ One in three say yes, they expect cloud providers to cooperate with government
■ Small handful support government mandated encryption algorithms
most opposed to government cooperationover 30% say providers should turn over encrypted data
poll:what security
capabilities are most critical
in your org
STORYBOARDS
■ Many are turning to third-party solutions○ Separation of systems for
data-at-rest provides additional level of security
■ 17% take no security measures.
IT leaders use encryption to combat security concernsmost are taking steps to limit risk of data leakage
STORYBOARDS
■ Basic visibility provided by some cloud apps
■ Cross-app visibility is limited orgs without CASBs
most enterprises lack adequate visibilitycross-app visibility remains a challenge
STORYBOARDS
■ Written policies ineffective in protecting data
■ Blocking apps encourages employees to work around IT
■ Useful technical controls, like proxies, used by 29%
most orgs lack technical controls to combat shadow ITa growing problem needs an effective solution
STORYBOARDS
the enterprise is responsible for secure saas usage
componentsusage/consumption
dataapplication
servicesservers & storage
network
layer
data
application
infrastructure
owner
enterprise
STORYBOARDS
security must evolve to
protect data outside the
firewall
ungoverned access to
corporate data in the cloud
hidden Shadow IT threats
sensitive cloud data on
unmanaged devices
STORYBOARDS
findings recap
■ Public cloud adoption continues to rise, only 16% have no SaaS apps deployed.
■ Split on government cooperation. 55% are opposed.■ Shadow IT a concern, but few organizations have technical
controls in place.■ Security incidents still rampant. 59% due to unwanted external
sharing.■ Cloud visibility is lacking. Less than 30% can monitor user
logins and activity.
STORYBOARDS
about bitglass
total data
protection est. jan
2013
200+ custome
rs
tier 1 VCs
STORYBOARDS
our solutions
cloud mobile breach
16
resources:more info about cloud security
■ report: mitigating cloud threats
■ whitepaper: definitive guide to casbs
■ report: cloud adoption by industry
STORYBOARDS
bitglass.com@bitglass