PowerPoint Presentation

Protecting your data in Google appsYou will learn in the next 60 minutes:The basic security that comes Google AppsExtending security while using Google AppsTips and tricks to maintain control of your data

Google Apps Security2Cloud apps are becoming an essential part of business

Cost effectiveRemote accessAgility and speedImproved ProductivityBetter collaboration

Customer will use its reasonable endeavours to prevent unauthorised use of the Services, and to terminate any unauthorised use. Customer will promptly notify Google of any unauthorised use of, or access to, the Services of which it becomes aware.Googles Policy

Google cannot be responsible for malicious use of your companys user accounts(or security of your infrastructure or users).

(the fine print)

Security In The Cloud is a Shared ResponsibilityGoogle Apps Security3

The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like.

http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681

Security In The Cloud is a Shared ResponsibilityGoogle Apps Security4

FRONTEND SECURITYAccess visibilityAccess controlData loss preventionBACKEND SECURITYXsite scripting, SQL Injection, etc.WebApplication

SaaSYouVendor

The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like.

http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681

5What could go wrong?1.34% of accounts were compromisedCompromised means: account takeover, rogue (bad actor) insider, malicious data destruction, etc.Report highlighted threshold triggers (static) and anomalous behavior (data science) just a sample out of 60+ factors This malicious activity would apply regardless of SaaS app or storage provider used, Google Drive

From Elasticas Q2 2015 Shadow Data Report:Malicious Use% of total compromised accountsGoogle Apps Security

90%of organizations lost sensitive data via file sharing

Shadow DataUse of sanctioned apps in unsanctioned ways

average cost of data breach for storage SaaS providers/companyShadow Data All the potentially risky data exposures lurking in sanctioned cloud apps, due to lack of knowledge of the type of data being uploaded, and how it is being shared. This can directly lead to compliance violations or sensitive data loss.Shadow IT All the potentially risky unsanctioned Cloud Apps used in your organization, without the knowledge of IT.Source: Elastica Q2 2015Source: Ponemon$13.8MWhat is Shadow Data? Google Apps Security

Source: Ponemon, 2013 Cost of Data Breach Study

So youve probably heard of Shadow IT, but you may not have heard of Shadow Data. But the reality is Shadow Data can be far more dangerous. While Shadow IT is about understanding all the cloud apps that are being used in your environment that IT may not be aware of, Shadow Data can occur in fully sanction apps. Shadow data is about understanding what types of data users are uploading into your apps and how they are sharing these files with others.

Who Controls Sharing?Sharing has become democratized (no longer top-down controls)Even file owners no longer fully control how their files are shared

Alice shares a file with Bob

Bob shares that file publicly without Alices knowledgeAvg breach costs $201/record.A viral episode will cost you ?!

Shadow Data Goes Viral

Google Apps SecurityOTHERAPPS

design notes: Can we show how Bob has caused $201 cost from a violation and that each person later costs additional $201? to emphasize how a viral document can increase costs of a breach.

1 breach $201 record source: Ponemon Institute 2014So to expand on this, lets take a look at the other case. The non-malicious user whos simply oversharing.

So let me ask you this question: Do you remember back in the day when we had file sharing within our data center? Wed build a file server, and the IT admin or domain admin had full control over who had access to that file server and what could be shared with whom. When we work with applications like Dropbox, for all the wonderful things it brings us, it now also brings us the question of who controls sharing? Sharing has become democratized now, where youre putting the controls in the hands of the user. Even file owners no longer fully control how their files are shared. *CLICK* Lets look at this example where Alice shares a file with Bob, *CLICK* and then Bob decides to share the file with two friends. And they share with their friends, and so on, and so on, and so on. From here things get very complicated because permissions, control, file ownership, all get a little confusing. This is an example of what we call shadow data, or shadow IT. Youll likely hear me use this term again.

files per user are broadly shared (average)

12.5%contain compliance related data Shadow Data

25%Of total files stored in the cloud per user (average)

of these files

Google Apps Security

So lets take a look at the stats here: From data weve collected on our own customers that were monitoring, we see that the average user stores about 2037 files in cloud based storage accounts. *CLICK* Of these files on average about 185 of these are shared broadly. *CLICK* These may be public or externally shared or just shared with the whole company.

If we take a look at those 185 files that are shared broadly, about 20% of these contain sensitive data! (PII, PHI or PCI)

If we go back and look at it from perspective of which users are doing this, we see that 5% of our users are responsible for 85% of the risk exposure. So who are they? What are these files? Where are they? And how do we remediate this? As it turns out, we can solve these, problems, but we need the right tools. Manual remediation would take us lengthy amounts of time to resolve, but automated tools, can resolve this in seconds.

So lets take look at how we can do this.

Average number of files per user 2037

About 9% broadly shared (company-wide, external or public)

20% of these contain compliance-related data!

Average time to remediate risk exposures: Manual: 67 minutes per user Automated: 16 seconds per user (1/251)

9Google Apps provides base security, but you still need

User visibility and controlAnalysis of risky behavior

Automated classificationData protection / attack mitigation

REQUIREMENTBECAUSEHOW Compliance mandates require identification of sensitive dataUsers are the biggest threat that can bypass your security controlsThis is not readily seen just by A/V scanning or APT systemsBefore, during, and after a breach requires fast responseLeverage data science to automatically understand content without involving humansReal-time awareness of access and actionsPer user-graph of normal behavior vs. risky behaviorComplete lifecycle solutionGoogle Apps Security

Suggestion: Data Protection / Attack Mitigation 9

Data Science Powered Cloud App Security

beforeduringafter

Google Apps Security

External and public content exposures, including compliance risks

Inbound risky content shared with employees (e.g. malware, IP, etc)Risky users and user activitiesGet a Free Shadow Data Risk AssessmentGoogle Apps Security

Thank You!Take the free Shadow Data Risk AssessmentVisit us to learn how you can find risks and protect critical content in your file sharing apps.Elastica.net

ABOVE LEARN MORE BULLETS NEED TO BE UPDATED.

Design notes: Same layout as the Gateway closing slide

Now that youve seen this, I hope weve been able to answer your questions about safely enabling Dropbox. We would love to ask you to give Elastica a try. Setting up an evaluation literally takes about 5 minutes, requires no hardware or software, and you can start gaining visibility into your Dropbox for Business accounts very quickly.

To get started, please contact your local sales team, or contact us directly here at Elastica to set up an evaluation today. Thanks, and well look forward to seeing you on our next webinar!