Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
-
Upload
the-peoplematter-institute -
Category
Technology
-
view
53 -
download
0
Transcript of Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
![Page 1: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/1.jpg)
Proprietary and confidential
Will My SaaS Provider Leak My Corporate Data?
![Page 2: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/2.jpg)
Proprietary and confidential
A Strategic Guide to Avoiding System and Network Breaches
“Against a sufficiently skilled, funded and
motivated attacker, all networks are
vulnerable.
But good security makes many kinds of
attack harder, costlier and riskier.
Against attackers who aren’t sufficiently
skilled, good security may protect you
completely.”
BRUCE SCHNEIERDec. 19, 2014
—Chief Technology Officer of Resilient Systems, a fellow at
Harvard's Berkman Center, and a board member of EFF
![Page 3: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/3.jpg)
Proprietary and confidential
Overview
Who’s Really Vulnerable?
Spoiler: it’s all of us.
What am I afraid of?
Share your story
Can I Trust This Guy?
Focused topics on (not) sharing data
![Page 4: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/4.jpg)
Proprietary and confidential
Who’s Really Vulnerable?
![Page 5: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/5.jpg)
Proprietary and confidential
What Am I Afraid Of?
Part 1:
What top 2 or 3 things
scare you the most
about your current
situation?
![Page 6: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/6.jpg)
Proprietary and confidential
What Am I Afraid Of?
Part 2:
● What makes you
interested in Security
today?
● What do you hope to
get from today’s
discussion?
![Page 7: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/7.jpg)
Proprietary and confidential
What’s on Our Mind?
● Does my provider know what they’re doing?
● PCI compliance will protect me● How secure is my system● How other people failed● How much is security worth● ...Others?
![Page 8: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/8.jpg)
Proprietary and confidential
Does my provider know what they’re doing?
● Is SaaS provider more
knowledgeable and experienced
than my staff?
● Is provider more scalable than
my staff/systems?
● Who owns the data?
● Can they answer the hard
questions?
![Page 9: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/9.jpg)
Proprietary and confidential
The Hard Questions
● Security: The system is protected, both logically and physically, against unauthorized access.
● Availability: The system is available for operation and use as committed or agreed to.
● Processing Integrity: System processing is complete, accurate, timely, and authorized.
● Confidentiality: Information that is designated “confidential” is protected as committed or agreed.
● Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
![Page 10: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/10.jpg)
Proprietary and confidential
SOC2
● Operation conforms to strict and
detailed standards
● Adherence verified continually
● Formal audit by third party
![Page 11: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/11.jpg)
Proprietary and confidential
PCI Compliance Will Protect Me
● Gaps
● Strengths
● Evolution
![Page 12: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/12.jpg)
Proprietary and confidential
How Secure Is My Own System
Can you tell if your system was penetrated today?
Are you using…
● Malware scanning
● IDS/IPS
● Vulnerability scanning
Do your users know how to...
● Use strong passwords
● React to Pfishing
● Recognize fake sites
![Page 13: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/13.jpg)
Proprietary and confidential
How Other People Failed
● Attacks in the news
● Common attacks
![Page 14: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/14.jpg)
Proprietary and confidential
How Much Is Security Worth
“Sony made its situation worse by
having substandard security.”
BRUCE SCHNEIER
Sony Pictures’ executive director of information security Jason Spaltro told CIO Magazine in 2007 that it may be “a valid business decision to accept the risk” of a security breach.
http://www.cio.com/article/2439324/risk-management/your-guide-to-good-enough-compliance.html
![Page 15: Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation](https://reader034.fdocuments.in/reader034/viewer/2022042818/55be2d9abb61eb1e058b4584/html5/thumbnails/15.jpg)
Proprietary and confidential
The Guide to Secure Partner Relationships
● Admit you’re vulnerable
● Assess the risk
● Choose your partners
● Prioritize your improvements
● Monitor your environment
● Evolve