Securing Buy-in Step 5: Securing Buy-in. Securing Buy-in Securing Buy-in Our Roadmap.
Df2012 securing information_assets_in_saa_s_clouds_3_0
-
Upload
debbanerjee -
Category
Technology
-
view
152 -
download
0
description
Transcript of Df2012 securing information_assets_in_saa_s_clouds_3_0
![Page 1: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/1.jpg)
Dreamforce 2012 1
Securing Information Assets in SaaS Clouds
Deb BanerjeeTechnical Director, Symantec
@banerjeesec
![Page 2: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/2.jpg)
Shared Responsibility for Security in SaaS Clouds
Dreamforce 2012 2
PAAS
IAAS
SAASEnterprise
Responsibility
![Page 3: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/3.jpg)
Dreamforce 2012 3
![Page 4: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/4.jpg)
Shared Security Model: Enterprise Responsibilities
Dreamforce 2012 4
![Page 5: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/5.jpg)
Dreamforce 2012 5
ASSETS
![Page 6: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/6.jpg)
Sensitive Information Assets
Dreamforce 2012 6
• Applications
-Standard -Custom• Documents
• Database Tables
Asset Discovery is a Foundational Capability.
![Page 7: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/7.jpg)
SaaS Information Asset Classification
Dreamforce 2012 7
• PII
• PCI
Data Classification
• Context-based: DLP-Lite
• Content Inspection: Traditional DLP
Force.com Apex agents
![Page 8: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/8.jpg)
SaaS Information Asset Classification: Context-Based
Identifies data owners based on activity streams
Enables Data Classification based on sensitivity of owner roles
Dreamforce 2012 8
![Page 9: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/9.jpg)
Polling Question
Which sensitive data do you have in the Cloud?
Dreamforce 2012 9
•PCI – Credit card data
•PII/EU DP privacy-related
•HIPAA – Health Care
•FERPA - Education
•Other Company Sensitive
![Page 10: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/10.jpg)
Dreamforce 2012 10
VULNERABILITIES
![Page 11: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/11.jpg)
Configuration Vulnerability: External Service Integrations
Dreamforce 2012 11
External Service Integration
![Page 12: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/12.jpg)
Configuration Vulnerability: Application Permissions
Presentation Identifier Goes Here 12
Application Permissions
![Page 13: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/13.jpg)
SaaS Asset Configuration Assessment: Sharing Rules
Dreamforce 2012 13
![Page 14: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/14.jpg)
SaaS Asset Configuration Assessment: User Permissions
Dreamforce 2012 14
![Page 15: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/15.jpg)
SaaS Asset Configuration Assessment: User Permissions
Presentation Identifier Goes Here 15
![Page 16: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/16.jpg)
Presentation Identifier Goes Here 16
PLAYING DEFENSEBest Practices/Solutions
![Page 17: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/17.jpg)
Data Classification
Content-Based Classification
Context-based Classification
Multiple Deployment Models Agents as Salesforce Apps
Activity Monitoring
Cloud Security Brokers
Presentation Identifier Goes Here 17
![Page 18: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/18.jpg)
User Management
User Provisioning/De-Provisioning
Access Control Context-aware e.g. location-based, data sensitvity-aware
Strong Authentication
Presentation Identifier Goes Here 18
![Page 19: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/19.jpg)
Configuration Assessment
Permissions Applications, Users, Roles/Profiles
Configuration Change Assessments Did someone’s permission to sensitive data increase “unusually”?
Applications Which apps, What data, What users, What external services?
Presentation Identifier Goes Here 19
![Page 20: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/20.jpg)
Encryption/Tokenization
Geo-Residency and Privacy Requirements
Defense in Depth
Encryption Key Management
Impact on hosted application
Network Deployment Model Cloud Security Brokers
Dreamforce 2012 20
![Page 21: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/21.jpg)
SaaS Activity Monitoring for Insider Threat Detection
Dreamforce 2012 21
Activity Logs:
Activity Logs:
![Page 22: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/22.jpg)
Solution Architecture: Extending Out From The Enterprise
Dreamforce 2012
22
Asset Feed
Asset Classification
Activity Feed
Asset Metadata Feed
DLP Agent (APEX)
Remediation Agent(APEX)
API Orchestration
Remediation
Asset Feeds
Cloud Security Brokers
Asset Discovery
Activity LogRemediation
Control Assessment
Asset Compliance View
Information Classification View
Activity-based Threat detection
SFDC Collector
Content & Context
SFDC Config Checks
SFDC API
SFDC API
Security & Compliance
Admin
Security Ops
End User
DLP
SIEM/DI
Security Ops
Dreamforce 2012
![Page 23: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/23.jpg)
Polling Question
Which Security Solutions are you using today?
Dreamforce 2012 23
•Data Classification
•User Provisioning and Access Management
•Encryption/Tokenization
•Configuration Assessment
•Activity Monitoring
![Page 24: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/24.jpg)
Deb BanerjeeDeb Banerjee
Technical Director@banerjeesec
![Page 25: Df2012 securing information_assets_in_saa_s_clouds_3_0](https://reader036.fdocuments.in/reader036/viewer/2022062511/54b7dd544a79595a348b477c/html5/thumbnails/25.jpg)