SlideShare a Scribd company logo

Webinar bitglass - complete deck-2

Download as PPTX, PDF
Bitglass
Bitglass

We are now three plus years into widespread adoption across industries of public SaaS apps like Office 365. Despite this momentum, security and compliance remain top challenges. This webinar, featuring Matt Hollcraft, CISO for Maxim Integrated, Dave Ruedger, Chief Security Architect for Maxim Integrated, and Rich Campagna, SVP of Products for Bitglass, will help you build a 2017 action plan to embrace public cloud without sacrificing security and compliance. While offering practical, actionable advice for major apps like Office 365, Matt, Dave and Rich will address your top concerns, such as unmanaged device access, external sharing, and mitigating controls. They also will provide real world examples of how other organizations have securely navigated the public cloud.

Technology
1 of 29
Your 2017 Cloud Security Action Plan Matt Hollcraft, Maxim Integrated CISO Dave Ruedger, Maxim Integrated CSA Salim Hafid, Bitglass Product Marketing Sponsored by:
Our Presenters Matt Hollcraft Chief Information Security Officer Maxim Integrated 2© 2017 Security Current Dave Ruedger Chief Security Architect Maxim Integrated Salim Hafid Product Marketing Bitglass
Building Secure Cloud 3© 2017 Security Current Dave Ruedger Chief Security Architect Maxim Integrated
Cloud Security Considerations  Identity  Access  Data Protection  Availability  Hosted Services (SaaS/IaaS)  Monitoring © 2017 Security Current 4
Cloud Security – Identity  Single Sign On  Requires effort and planning to integrate with cloud services  Not all providers support SSO integration  Synchronization is critical  Cloud Service Native  Per service provider  Difficult to manage  Changes to accounts handled manually  Password policy enforcement  Enable Multi Factor Authentication  Admin access at a minimum © 2017 Security Current 5
Cloud Security – Access  Apply same process as internal controls  Onboarding/Offboarding  Personnel changes must be managed  Integrate with Active Directory or Open LDAP  Group and Role permissions easier to manage  Keeps User permissions for data in sync  Restrict use of shared accounts  Password rotation is difficult to manage  Not auditable for individual usage © 2017 Security Current 6
Cloud Security – Data Protection  It’s still YOUR data = your RISK  3rd Party and Vendor Assessments are necessary  Admin access controls  Multi factor authentication  Monitoring and Auditing  Multi-tenancy increases risk of breach  Review data segmentation  Encryption at rest reduces risk  Geographic considerations  EU privacy compliance  Must consider data storage and transmission © 2017 Security Current 7
Cloud Security – Availability  Availability is a security concern  Build for redundancy  Recovery may be impacted during a disaster  Certificate Management  Monitor certificate expiration  Impacts all web services and applications, not just corporate website!  SPF records may be required  Cloud service sending email on your behalf  Prevents critical alerts from being flagged as spam © 2017 Security Current 8
Cloud Security – Hosted Services (SaaS/IaaS)  Backup your data  Even Amazon has encountered service outages  Some cloud failures are unrecoverable  Use scheduled exports or replication  Review default access security policies  May be too permissive  Could allow public access to restricted systems/data  Utilize IP Whitelisting to further restrict access  Penetration testing and vulnerability scanning requires permission  Failure to notify could result in your network being blocked  Could lead to service outage  Protect your API keys © 2017 Security Current 9
Cloud Security – Monitoring  Network monitoring in the cloud is limited or non-existent  Only Amazon has VPC monitoring currently  Must rely on logging  Detection is only as good as what you log  Multi cloud environments are even more challenging  IP Address space collisions/duplication  Inconsistent view of log data  Constant monitoring needed to identify shadow IT  Next Gen firewalls can tag traffic to the cloud for alerting  Implement a CASB for better control  Detects and limits/blocks access © 2017 Security Current 10
The Business Case 11© 2017 Security Current Matt Hollcraft Chief Information Security Officer Maxim Integrated
Risk: Identity and Access © 2017 Security Current
Risk: Data Protection © 2017 Security Current
Risk: Governance and Compliance © 2017 Security Current
Your 2017 Security Action Plan 15© 2017 Security Current Salim Hafid Product Marketing Bitglass
What best describes your current public cloud strategy? AUDIENCE POLL: © 2017 Security Current
17© 2017 Security Current Office 365 is the leading SaaS productivity suite: No signs of public cloud slowing down
Major cloud app vendors doing their part to secure cloud apps: ○ Haven’t had massive breaches many naysayers expected ○ Spend more on security personnel and infrastructure ○ Patch vulnerabilities quickly ○ Achieve stringent compliance certifications (ISO 27001, SOC 2, FedRAMP, CSA, etc) Enterprises must use cloud apps securely ○ Still responsible for use of enterprise data and accounts ○ Still responsible for compliance 18© 2017 Security Current Is the cloud secure? It can be, if used securely
19© 2017 Security Current Public Cloud App Separation of Duties enterprise (CASB) end-user devices visibility & analytics data protection identity & access control application storage servers network cloud app vendor
What are your top cloud security concerns? AUDIENCE POLL: © 2017 Security Current
Critical Cloud Control Areas 21© 2017 Security Current
Where to get controls? Existing Security, App Native, Third Party Existing Investments VPN, NGFW/SWG, DLP (Endpt/Ntwk) Pros: - Minimal new investment (time, $) - Existing expertise Cons: - Backhauling inefficient, poor performance - BYOD blindspot - May not be cloud aware App Native Varies by application Pros: - No additional products/vendors to deploy Cons: - Requires different strategy/execution per app - Capabilities vary widely across apps - App team controls data/security Third Party (CASB) CASB, IdaaS Pros: - Single policy across all apps - Comprehensive security model - Dual controls (app vs sec team) Cons: - Additional vendor, new expertise 22© 2017 Security Current
Major Healthcare Firm 23© 2017 Security Current Secure Office 365 & BYOD Client ■ 180,000 employees ■ Among the largest US healthcare orgs Challenge ■ HIPAA Compliant cloud and mobile ■ Controlled access to Office 365 from managed & unmanaged devices ■ Control external sharing ■ Real-time inline data protection Solution ■ Real-time inline protection on any device ■ Contextual access control on managed & unmanaged devices (Omni) ■ Real-time DLP on any device ■ API control in the cloud ■ Agentless BYOD with selective wipe ■ Enterprise-wide for all SaaS apps
Financial services client 24© 2017 Security Current Secure Salesforce and Office 365 Client ■ 20,000 employees ■ Global presence ■ $6T in assets under management Challenge ■ Needed complete CASB for enterprise-wide migration to SaaS ■ Security for Office 365 ■ Encryption of data-at-rest in Salesforce Solution ■ Searchable true encryption of data in Salesforce ■ Real-time inline DLP on any device (Citadel) ■ Contextual access control on managed & unmanaged devices (Omni) ■ API control in the cloud ■ Discover breach & Shadow IT
✓ Prioritize critical applications ✓ Identify security & compliance gaps ✓ Evaluate built-in controls vs third party (CASB, IdAAS, etc) ✓ Design/implement policies ✓ Align to app deployment timeline 25© 2017 Security Current Your 2017 Cloud Security Action Plan
bitglass mission total data protection outside the firewall 26 #1 CASB real-time data protection founded 2013 tier 1 funding award-winning tech leader 3 patents, 3 pending
■ Gartner Marketguide to CASBs ■ Whitepaper: Definitive Guide to CASBs ■ Case Study: fortune 100 healthcare firm secures o365 27© 2017 Security Current Resources: More About Public Cloud Security
Thank you for joining us Matt Hollcraft Chief Information Security Officer Maxim Integrated 28© 2017 Security Current Dave Ruedger Chief Security Architect Maxim Integrated Salim Hafid Product Marketing Bitglass
bitglass.com @bitglass securitycurrent.com @SecurityCurrent Connect with us

Recommended

Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsBitglass
 
5 Security Questions To Ask When Deploying O365
5 Security Questions To Ask When Deploying O3655 Security Questions To Ask When Deploying O365
5 Security Questions To Ask When Deploying O365Bitglass
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial servicesBitglass
 
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass
 
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 

Recommended

Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsBitglass
 
5 Security Questions To Ask When Deploying O365
5 Security Questions To Ask When Deploying O3655 Security Questions To Ask When Deploying O365
5 Security Questions To Ask When Deploying O365Bitglass
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial servicesBitglass
 
Bitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass Webinar - Top 6 CASB Use Cases
Bitglass Webinar - Top 6 CASB Use CasesBitglass
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass
 
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Bitglass
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass
 
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Bitglass
 
CASBs - A New Hope
CASBs - A New HopeCASBs - A New Hope
CASBs - A New HopeBitglass
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Bitglass
 
Office 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataOffice 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataBitglass
 
4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security4 Essential Components of Office 365 Security
4 Essential Components of Office 365 SecurityBitglass
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 
CASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media GroupCASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media GroupBitglass
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depthAlberto Pascual
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Bitglass
 
The Four Horsemen of the O365 Apocalypse
The Four Horsemen of the O365 ApocalypseThe Four Horsemen of the O365 Apocalypse
The Four Horsemen of the O365 ApocalypseBitglass
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Bridging the Office 365 Security Gap - Redmond Media
Bridging the Office 365 Security Gap - Redmond MediaBridging the Office 365 Security Gap - Redmond Media
Bridging the Office 365 Security Gap - Redmond MediaBitglass
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCSA Argentina
 

More Related Content

What's hot

Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Bitglass
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass
 
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Bitglass
 
CASBs - A New Hope
CASBs - A New HopeCASBs - A New Hope
CASBs - A New HopeBitglass
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Bitglass
 
Office 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataOffice 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataBitglass
 
4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security4 Essential Components of Office 365 Security
4 Essential Components of Office 365 SecurityBitglass
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 
CASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media GroupCASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media GroupBitglass
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depthAlberto Pascual
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Bitglass
 
The Four Horsemen of the O365 Apocalypse
The Four Horsemen of the O365 ApocalypseThe Four Horsemen of the O365 Apocalypse
The Four Horsemen of the O365 ApocalypseBitglass
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Bridging the Office 365 Security Gap - Redmond Media
Bridging the Office 365 Security Gap - Redmond MediaBridging the Office 365 Security Gap - Redmond Media
Bridging the Office 365 Security Gap - Redmond MediaBitglass
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 

What's hot (20)

Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security Menace
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
 
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
 
CASBs - A New Hope
CASBs - A New HopeCASBs - A New Hope
CASBs - A New Hope
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?
 
Office 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataOffice 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your Data
 
4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
 
CASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media GroupCASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media Group
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depth
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)
 
The Four Horsemen of the O365 Apocalypse
The Four Horsemen of the O365 ApocalypseThe Four Horsemen of the O365 Apocalypse
The Four Horsemen of the O365 Apocalypse
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
Bridging the Office 365 Security Gap - Redmond Media
Bridging the Office 365 Security Gap - Redmond MediaBridging the Office 365 Security Gap - Redmond Media
Bridging the Office 365 Security Gap - Redmond Media
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 

Similar to Webinar bitglass - complete deck-2

Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCSA Argentina
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityDoug Copley
 
Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security Cristian Garcia G.
 
vSEC: bezpečnostní platforma pro privátní a veřejné cloudové služby
vSEC: bezpečnostní platforma pro privátní a veřejné cloudové službyvSEC: bezpečnostní platforma pro privátní a veřejné cloudové služby
vSEC: bezpečnostní platforma pro privátní a veřejné cloudové službyMarketingArrowECS_CZ
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2jeffirby
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Forcepoint LLC
 
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...Marcin Szary
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...Digital Transformation EXPO Event Series
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаCisco Russia
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Technologies
 
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfAndreBolo1
 

Similar to Webinar bitglass - complete deck-2 (20)

Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & Security
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & Security
 
Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security
 
vSEC: bezpečnostní platforma pro privátní a veřejné cloudové služby
vSEC: bezpečnostní platforma pro privátní a veřejné cloudové službyvSEC: bezpečnostní platforma pro privátní a veřejné cloudové služby
vSEC: bezpečnostní platforma pro privátní a veřejné cloudové služby
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Securing Your Cloud With Check Point's vSEC
Securing Your Cloud With Check Point's vSECSecuring Your Cloud With Check Point's vSEC
Securing Your Cloud With Check Point's vSEC
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365
 
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнеса
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
 
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdf
 
Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019
 

More from Bitglass

Webinar - Mobile Security Trends
Webinar - Mobile Security TrendsWebinar - Mobile Security Trends
Webinar - Mobile Security TrendsBitglass
 
Empowering the Cloud Through G Suite
Empowering the Cloud Through G SuiteEmpowering the Cloud Through G Suite
Empowering the Cloud Through G SuiteBitglass
 
Securing IaaS Applications
Securing IaaS ApplicationsSecuring IaaS Applications
Securing IaaS ApplicationsBitglass
 
6 essentials for secure BYOD in healthcare
6 essentials for secure BYOD in healthcare6 essentials for secure BYOD in healthcare
6 essentials for secure BYOD in healthcareBitglass
 
Webinar: are casbs ready for primetime?
Webinar: are casbs ready for primetime?Webinar: are casbs ready for primetime?
Webinar: are casbs ready for primetime?Bitglass
 
CASBs and Office 365 (with Argyle)
CASBs and Office 365 (with Argyle)CASBs and Office 365 (with Argyle)
CASBs and Office 365 (with Argyle)Bitglass
 
Webinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMWebinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMBitglass
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareBitglass
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsBitglass
 
The Security Gap: Protecting Healthcare Data in Office 365
The Security Gap: Protecting Healthcare Data in Office 365The Security Gap: Protecting Healthcare Data in Office 365
The Security Gap: Protecting Healthcare Data in Office 365Bitglass
 
Data-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD SecurityData-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD SecurityBitglass
 

More from Bitglass (11)

Webinar - Mobile Security Trends
Webinar - Mobile Security TrendsWebinar - Mobile Security Trends
Webinar - Mobile Security Trends
 
Empowering the Cloud Through G Suite
Empowering the Cloud Through G SuiteEmpowering the Cloud Through G Suite
Empowering the Cloud Through G Suite
 
Securing IaaS Applications
Securing IaaS ApplicationsSecuring IaaS Applications
Securing IaaS Applications
 
6 essentials for secure BYOD in healthcare
6 essentials for secure BYOD in healthcare6 essentials for secure BYOD in healthcare
6 essentials for secure BYOD in healthcare
 
Webinar: are casbs ready for primetime?
Webinar: are casbs ready for primetime?Webinar: are casbs ready for primetime?
Webinar: are casbs ready for primetime?
 
CASBs and Office 365 (with Argyle)
CASBs and Office 365 (with Argyle)CASBs and Office 365 (with Argyle)
CASBs and Office 365 (with Argyle)
 
Webinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMWebinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDM
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in Healthcare
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud Threats
 
The Security Gap: Protecting Healthcare Data in Office 365
The Security Gap: Protecting Healthcare Data in Office 365The Security Gap: Protecting Healthcare Data in Office 365
The Security Gap: Protecting Healthcare Data in Office 365
 
Data-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD SecurityData-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD Security
 

Recently uploaded

Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Webinar bitglass - complete deck-2

  • 1. Your 2017 Cloud Security Action Plan Matt Hollcraft, Maxim Integrated CISO Dave Ruedger, Maxim Integrated CSA Salim Hafid, Bitglass Product Marketing Sponsored by:
  • 2. Our Presenters Matt Hollcraft Chief Information Security Officer Maxim Integrated 2© 2017 Security Current Dave Ruedger Chief Security Architect Maxim Integrated Salim Hafid Product Marketing Bitglass
  • 3. Building Secure Cloud 3© 2017 Security Current Dave Ruedger Chief Security Architect Maxim Integrated
  • 4. Cloud Security Considerations  Identity  Access  Data Protection  Availability  Hosted Services (SaaS/IaaS)  Monitoring © 2017 Security Current 4
  • 5. Cloud Security – Identity  Single Sign On  Requires effort and planning to integrate with cloud services  Not all providers support SSO integration  Synchronization is critical  Cloud Service Native  Per service provider  Difficult to manage  Changes to accounts handled manually  Password policy enforcement  Enable Multi Factor Authentication  Admin access at a minimum © 2017 Security Current 5
  • 6. Cloud Security – Access  Apply same process as internal controls  Onboarding/Offboarding  Personnel changes must be managed  Integrate with Active Directory or Open LDAP  Group and Role permissions easier to manage  Keeps User permissions for data in sync  Restrict use of shared accounts  Password rotation is difficult to manage  Not auditable for individual usage © 2017 Security Current 6
  • 7. Cloud Security – Data Protection  It’s still YOUR data = your RISK  3rd Party and Vendor Assessments are necessary  Admin access controls  Multi factor authentication  Monitoring and Auditing  Multi-tenancy increases risk of breach  Review data segmentation  Encryption at rest reduces risk  Geographic considerations  EU privacy compliance  Must consider data storage and transmission © 2017 Security Current 7
  • 8. Cloud Security – Availability  Availability is a security concern  Build for redundancy  Recovery may be impacted during a disaster  Certificate Management  Monitor certificate expiration  Impacts all web services and applications, not just corporate website!  SPF records may be required  Cloud service sending email on your behalf  Prevents critical alerts from being flagged as spam © 2017 Security Current 8
  • 9. Cloud Security – Hosted Services (SaaS/IaaS)  Backup your data  Even Amazon has encountered service outages  Some cloud failures are unrecoverable  Use scheduled exports or replication  Review default access security policies  May be too permissive  Could allow public access to restricted systems/data  Utilize IP Whitelisting to further restrict access  Penetration testing and vulnerability scanning requires permission  Failure to notify could result in your network being blocked  Could lead to service outage  Protect your API keys © 2017 Security Current 9
  • 10. Cloud Security – Monitoring  Network monitoring in the cloud is limited or non-existent  Only Amazon has VPC monitoring currently  Must rely on logging  Detection is only as good as what you log  Multi cloud environments are even more challenging  IP Address space collisions/duplication  Inconsistent view of log data  Constant monitoring needed to identify shadow IT  Next Gen firewalls can tag traffic to the cloud for alerting  Implement a CASB for better control  Detects and limits/blocks access © 2017 Security Current 10
  • 11. The Business Case 11© 2017 Security Current Matt Hollcraft Chief Information Security Officer Maxim Integrated
  • 14. Risk: Governance and Compliance © 2017 Security Current
  • 15. Your 2017 Security Action Plan 15© 2017 Security Current Salim Hafid Product Marketing Bitglass
  • 16. What best describes your current public cloud strategy? AUDIENCE POLL: © 2017 Security Current
  • 17. 17© 2017 Security Current Office 365 is the leading SaaS productivity suite: No signs of public cloud slowing down
  • 18. Major cloud app vendors doing their part to secure cloud apps: ○ Haven’t had massive breaches many naysayers expected ○ Spend more on security personnel and infrastructure ○ Patch vulnerabilities quickly ○ Achieve stringent compliance certifications (ISO 27001, SOC 2, FedRAMP, CSA, etc) Enterprises must use cloud apps securely ○ Still responsible for use of enterprise data and accounts ○ Still responsible for compliance 18© 2017 Security Current Is the cloud secure? It can be, if used securely
  • 19. 19© 2017 Security Current Public Cloud App Separation of Duties enterprise (CASB) end-user devices visibility & analytics data protection identity & access control application storage servers network cloud app vendor
  • 20. What are your top cloud security concerns? AUDIENCE POLL: © 2017 Security Current
  • 21. Critical Cloud Control Areas 21© 2017 Security Current
  • 22. Where to get controls? Existing Security, App Native, Third Party Existing Investments VPN, NGFW/SWG, DLP (Endpt/Ntwk) Pros: - Minimal new investment (time, $) - Existing expertise Cons: - Backhauling inefficient, poor performance - BYOD blindspot - May not be cloud aware App Native Varies by application Pros: - No additional products/vendors to deploy Cons: - Requires different strategy/execution per app - Capabilities vary widely across apps - App team controls data/security Third Party (CASB) CASB, IdaaS Pros: - Single policy across all apps - Comprehensive security model - Dual controls (app vs sec team) Cons: - Additional vendor, new expertise 22© 2017 Security Current
  • 23. Major Healthcare Firm 23© 2017 Security Current Secure Office 365 & BYOD Client ■ 180,000 employees ■ Among the largest US healthcare orgs Challenge ■ HIPAA Compliant cloud and mobile ■ Controlled access to Office 365 from managed & unmanaged devices ■ Control external sharing ■ Real-time inline data protection Solution ■ Real-time inline protection on any device ■ Contextual access control on managed & unmanaged devices (Omni) ■ Real-time DLP on any device ■ API control in the cloud ■ Agentless BYOD with selective wipe ■ Enterprise-wide for all SaaS apps
  • 24. Financial services client 24© 2017 Security Current Secure Salesforce and Office 365 Client ■ 20,000 employees ■ Global presence ■ $6T in assets under management Challenge ■ Needed complete CASB for enterprise-wide migration to SaaS ■ Security for Office 365 ■ Encryption of data-at-rest in Salesforce Solution ■ Searchable true encryption of data in Salesforce ■ Real-time inline DLP on any device (Citadel) ■ Contextual access control on managed & unmanaged devices (Omni) ■ API control in the cloud ■ Discover breach & Shadow IT
  • 25. ✓ Prioritize critical applications ✓ Identify security & compliance gaps ✓ Evaluate built-in controls vs third party (CASB, IdAAS, etc) ✓ Design/implement policies ✓ Align to app deployment timeline 25© 2017 Security Current Your 2017 Cloud Security Action Plan
  • 26. bitglass mission total data protection outside the firewall 26 #1 CASB real-time data protection founded 2013 tier 1 funding award-winning tech leader 3 patents, 3 pending
  • 27. ■ Gartner Marketguide to CASBs ■ Whitepaper: Definitive Guide to CASBs ■ Case Study: fortune 100 healthcare firm secures o365 27© 2017 Security Current Resources: More About Public Cloud Security
  • 28. Thank you for joining us Matt Hollcraft Chief Information Security Officer Maxim Integrated 28© 2017 Security Current Dave Ruedger Chief Security Architect Maxim Integrated Salim Hafid Product Marketing Bitglass

Editor's Notes

  1. Salim Intros
  2. Key points to present: IAM is key for cloud security because: - Naturally accessible via public internet - Multi-tenant environments are only as strong as the weakest link - Just like any network, lacks access control standards causes issues in areas such as separation of duties, change management and confidentiality. Risk reduction strategies should include: - Multi-factor authentication - Review and approval of cloud provider admins and personnel - Consideration for prohibition of competitor provisioning in adjacent servers
  3. Key points to present: Focus on the data. It’s all about the data, because: - Data, unlike almost any other asset, can be replicated in many places - Data stored on someone else’s servers should be encrypted, if needed, just like any other place. - Your data is like your kids, you just don’t allow anyone to be responsible for it and you always agree on the return process (i.e. exiting the cloud provider) Risk reduction strategies for data include: - Understand you data map and flows, physically where the data is stored (privacy) - Encryption, encryption , encryption – in transit and rest! - Robust Ts & C’s language and negotiation for return or deletion of data when exiting a provider (including cloud provider back ups)
  4. Key points to present: Don’t forget the due diligence: - The data owner is still responsible for G&C - Cloud providers feel they are not responsible - Your controls are only as strong as their validation Risk reduction strategies should include: - Require completion of SSAE 16 SOC 2 annually - Ensure your access to ALL audit and monitoring tools provided – ideally at no charge with the service - For any adverse findings in the audit reports, demand an action plan for remediation (success depends on the spend with the provider) and possibly include language in the T’s and C’s
  5. what best describes your organization’s current public cloud strategy? Cloud only Cloud first Cloud sometimes Cloud if we have to Cloud never
  6. Explosion of SaaS in the enterprise, leveraging Bitglass Cloud Adoption Report data O365 and productivity suites as proxy for broader cloud adoption in the enterprise across all verticals and all software functions.
  7. what best describes your organization’s current public cloud strategy? Cloud only Cloud first Cloud sometimes Cloud if we have to Cloud never
  8. Critical control areas Cloud - data-at-rest protection - encryption, sharing/backend sync controls, etc. Access - who has access to what and in which context? access controls, DLP, etc Identity - SSO, 2FA, identity best practices from prem, etc. Mobile - protecting cloud data sync'd/downloaded to devices, both managed and BYOD.