SlideShare a Scribd company logo

Understanding Global Data Protection Laws: Webinar

Download as PPTX, PDF
CipherCloud
CipherCloud

The document discusses global data protection laws and how they apply to cloud computing. It provides an overview of data protection laws in over 80 countries and regions. It also discusses how traditional models of data sovereignty based on physical location no longer apply in cloud computing where data may be stored and processed in multiple locations. The document recommends that organizations focus on protecting data, such as through encryption, rather than just infrastructure when using cloud services in order to meet global compliance requirements.

Technology
1 of 32
© 2015 CipherCloud | All rights reserved 1 Understanding Global Data Protection Laws Willy Leichter Global Director, Cloud Security
© 2015 CipherCloud | All rights reserved 2 Agenda Cloud benefits and inhibitors Changing IT landscape Compliance basics Overview of global protection laws Microsoft/Ireland legal challenge Best practices to meet compliance Recommendations
© 2015 CipherCloud | All rights reserved 3 Balancing Cloud Benefits with Compliance Requirements Top 3 US Bank’s Consumer Self-Service Loan Origination Portal UK Education Organization Deploys Global Cloud-Based Portal Non-Technology Leader Trust Sensitive Data in Cloud Email German Cosmetics Giants Meets International Security Regulations Major European Telco Consolidates Call Centers for 25 Countries Largest Hospital Chain Meets HIPAA & HITECH in the Cloud Top Canadian Bank Safeguards Proprietary Information in the Cloud Major Wall Street Firm Adopts Cloud Applications with Confidence Global Leader in Customer Loyalty Moves Email to the Cloud Genomics Testing Leader Protects Patient Data while Using the Cloud New Zealand Bank Collaborates in the Cloud and Meets Compliance Medical Audit Leader Launches Cloud- Based Customer Portal Large Pharmaceutical Company Uses Encrypted Email Credit Reporting Giant Deploys Cloud Collaboration with DLP Controls Government-Owned Mortgage Backer Protect PII Data in the Cloud
© 2015 CipherCloud | All rights reserved 4 Changing IT Challenges Managing the proliferation of cloud services Protecting data instead of just infrastructure Complying with data protection and residency laws Using legacy tools against emerging cloud threats Disappearing network perimeter Surveillance and forced disclosure risks
© 2015 CipherCloud | All rights reserved 5© 2015 CipherCloud 5 Chile Law for the Protection of Private Life Argentina Personal Data Protection Law, Information Confidentiality Law New Zealand Privacy Act Philippines Propose Data Privacy Law Canada PIPEDA, FOIPPA, PIPA Taiwan Computer-Processed Personal Data Protection Hong Kong Personal Data Privacy Ordinance Japan Personal Information Protection Act South Korea Network Utilization and Data Protection Act European Union EU Data Protection Directive, State Data Protection Laws India Pending Laws under discussion United Kingdom ICO Privacy and Electronic Communications Regulations Australia National Privacy Principals, State Privacy Bills, Email Spam and Privacy Bills US States Breach notification in 48 states USA Federal CALEA, CCRA, CIPA, COPPA, EFTA, FACTA, ECPA, FCRA, FISMA, FERPA, GLBA, HIPAA, HITECH, PPA, RFPA, Safe Harbor, US PATRIOT Act Brazil Article 5 of ConstitutionColombia Data Privacy Law 1266 Mexico Personal Data Protection Law Morocco Data Protection Act Thailand Official Information Act B.E. 2540 Europe Privacy laws in 28 countries South Africa Electronic Communications and Transactions Act Singapore Personal & Financial Data Protection Acts Where Cloud Data Resides and What Laws Might Apply
© 2015 CipherCloud | All rights reserved 6© 2015 CipherCloud 6 Customer Example: GlobalTelco • Moving legacy CRM systems in 25 countries to Salesforce • Complying with dozens of privacy and data residency laws Challenge
© 2015 CipherCloud | All rights reserved 7 Legacy Compliance Models Don’tWork in the Cloud Legacy Protection Model • Location of data determines what laws apply • Legal sovereignty over physical media or files • Data owners control infrastructure security • Transfer and processing of data is controlled (in theory…) • Regulators focus on location, certification, perimeter security Reality in the Cloud • Data won’t and shouldn’t stay in one location • Distributed computing • Cross-region backups • Third-party processing • Many people can access the data • Remote command-and control • Support & services • Customer ask the wrong questions • Datacenter location • Infrastructure security
© 2015 CipherCloud | All rights reserved 8 Global Compliance Basics Data Owner/Controller – Always responsible, regardless of location Data Processors & Sub-Processors – Cloud providers with access to private data – Extensive contractual requirements for data owner Data Residency/Sovereignty – Must assure data doesn’t go to regions with weaker privacy protections Data Transfer – Strict requirements if data goes to a specific region with weaker controls
© 2015 CipherCloud | All rights reserved 9 Global Compliance Resource Center Details on data protection laws in 83 countries – Summaries of laws – National authorities and links – Security requirements – Definitions of personal and sensitive data – Data transfer restrictions – Breach notification requirements Content on industry-specific regulations – Financial services – Payment card industry (PCI) – Healthcare ciphercloud.com/global-compliance-resource-center – Dynamic interactive map – Downloadable book (PDF)
© 2015 CipherCloud | All rights reserved 10© 2015 CipherCloud 10 Overall Levels of Restrictions Strong Restrictions Moderate Restrictions Limited Restrictions
© 2015 CipherCloud | All rights reserved 11© 2015 CipherCloud 11 EEA and Safe Harbor EEA Countries Adequate protection US Safe Harbor • Austria • Belgium • Bulgaria • Croatia • Cyprus • Czech Republic • Denmark • Estonia • Finland • France • Germany • Greece • Hungary • Iceland • Ireland • Italy • Latvia • Liechtenstein • Lithuania • Luxembourg • Malta • Netherlands • Norway • Poland • Portugal • Romania • Slovakia • Slovenia • Spain • Sweden • United Kingdom EEA Countries • Andorra • Argentina • Canada • Faroe Islands • Guernsey • Isle of Man • Israel • Jersey • New Zealand • Switzerland • Uruguay Adequate Protection
© 2015 CipherCloud | All rights reserved 12© 2015 CipherCloud 12 Breach Notification Requirements Strong Requirements Limited Requirements Mandatory in 47 US States and Albertan, Canada Limited or not required in most other countries
© 2015 CipherCloud | All rights reserved 13 Does Data Residency = Data Sovereignty? Cloud providers control data across borders • Regional datacenters are rarely autonomous • Redundant backup data centers onlyin US • Central “command and control” can usually access data residing in any country SLAs are usually not binding on location • Data often spread across multiple datacenters • Best practices call forbackups in other regions US court rulings challenge data residency • Data “controlled” by US cloud providers can still be subject to US subpoenas • Microsoft ruled to release data stored in Ireland to US law enforcement Primary Microsoft datacenter locations
© 2015 CipherCloud | All rights reserved 14 The Microsoft / Ireland Case “They have total control of those records, can produce them here, and that’s all that matters.” - Federal prosecutor Serrin Turner “Warrant requires the company to provide documents it controls, regardless of location” -U.S. Justice Department “It is a question of control, not a question of the location of that information” - Judge Loretta Preska, chief of the US District Court in Manhattan
© 2015 CipherCloud | All rights reserved 15 Microsoft – standard SLAs for South American cloud customers Weak SLAs Don’t Help SharePoint Online, Exchange Online and Lync Online Datacenter locations for South American customers. SharePoint Online, Exchange Online and Lync Online Datacenter locations for Brazilian customers. Active Directory and Global Address Book Datacenter locations for all South American customers including Brazil.
© 2015 CipherCloud | All rights reserved 16 “The requirements of providing the services may mean that some data is moved to or accessed by Microsoft personnel or subcontractors outside the primary storage region. For instance, to address latency, routing data may need to be copied to different data centers in different regions. In addition, personnel who have the most technical expertise to troubleshoot specific service issues may be located in locations other than the primary location, and they may require access to systems or data for purposes of resolving an issue.” - Microsoft standard cloud SLAs Weak SLAs Don’t Help
© 2015 CipherCloud | All rights reserved 17 2. Ignore the problem • Your users will use cloud anyway • Hope (and pray) you’re not the next data breach time bomb What AreYour Practical Options? 1. Just say ‘NO’ to the Cloud • Not viable or recommended • Makes you less competitive • Limits access to latest technology 3. Focus on protecting data - not just infrastructure • Technology solutions exist • It’s possible to control sensitive data and benefit from the cloud
© 2015 CipherCloud | All rights reserved 18 Cloud Use is Inevitable The average global enterprise utilizes over 1,100 cloud applications“ “ NA EU 86% of cloud applications used by enterprises are unsanctioned Shadow IT“ “
© 2015 CipherCloud | All rights reserved 19© 2015 CipherCloud 19 Cloud Discovery Dashboard
© 2015 CipherCloud | All rights reserved 20 Where ShouldYou ProtectYour Data? Data in Transit Data at Rest * Top Threats Vulnerabilities • Account hijacking* • Forced disclosure • Data breaches* • Malicious insiders* • Insecure APIs* • Shared technology* Data in Use
© 2015 CipherCloud | All rights reserved 21 Encryption keys never leave the enterprise CipherCloud Encryption Model Encrypted data is indecipherable to unauthorized users Transparent to users Preserves application functionality • Encryption or tokenization at the enterprise gateway • Minimal latency • Integrated malware detection
© 2015 CipherCloud | All rights reserved 22 Unauthorized User CipherCloud Encryption Authorized User
© 2015 CipherCloud | All rights reserved 23 ©CipherCloud | All rights reserved | 23 Authorized User Unauthorized User Granular Field-Level Control ©CipherCloud | All rights reserved | 23
© 2015 CipherCloud | All rights reserved 24© 2015 CipherCloud 24 Customer Example: GlobalTelco • Moving legacy CRM systems in 25 countries to Salesforce • Complying with dozens of privacy and data residency laws Challenge • CipherCloud encryption for all personal information fields • Consistent global policy enforcement and compliance Solution Customer PII data Encrypted PII Cloud traffic
© 2015 CipherCloud | All rights reserved 25 Compliance Arguments for Cloud Encryption Prevents Cloud Providers from being Data Processors – Widely accepted for US and many global data protection laws – Still debated in Europe – especially Germany • Some believe any encryption to be “pseudo-anonymization” Improves Controller compliance even if Cloud Provider is not exempt – Important added layer of security – Widely accepted for US data protection laws Aligns with upcoming data privacy laws – Significantly stiffer penalties and legal enforcement – Important added layer of security – Widely accepted for US data protection laws
© 2015 CipherCloud | All rights reserved 26 Upcoming EU Data Protection Requirements Core principles all supported by advanced data protection – Data Minimization – Data Portability – Privacy by Design & Default – Privacy Impact Analysis Canada United Kingdom IrelandFrance
© 2015 CipherCloud | All rights reserved 27 Growing Consensus on Encryption Regulation Region Breach Notification Safe Harbor Exemptions Recommendations on Encryption PCI DSS   Encryption a “critical component” GLBA   Safe harbor “if encryption has been applied adequately” HIPAA, HITECH   Safe harbor “if encryption has been applied adequately” EU Directives Proposed Proposed Encryption likely to be recommended ICO Privacy Amendment   Notification not required if there are “measures in place which render the data unintelligible.” Privacy Amendment  Not specified Not specified but you should to “take adequate measures to prevent the unlawful disclosure” US State Privacy Laws  Generally Yes Typical breach definitions: - Personal Information: “data that is not encrypted” - Breach: “access to unencrypted data”
© 2015 CipherCloud | All rights reserved 28 The CipherCloud Platform Multi-Cloud Any Location Any Device Visibility & Monitoring Threat Prevention Data Security Privacy & Compliance Enterprise Requirements Visibility & Monitoring Threat Prevention Data Security Privacy & Compliance Platform Advanced Data Protection User & Data Monitoring Cloud Risk Intelligence CloudIntegrations EnterpriseIntegration Integrated Policy Controls On-Premises Hybrid Cloud
© 2015 CipherCloud | All rights reserved 29 Recommendations Avoiding the cloud is no longer viable, or desirable IT must move beyond the perimeter model to stay relevant – Focus needs to be on protecting data – not infrastructure Compliance requires more than cloud provider assurances – You’re responsible for the data – you must be proactive Security and privacy challenges are solvable – Strong encryption can assure exclusive access to data located anywhere – But keys must be retained by the data owner Encryption is becoming and established best practice – Not applying encryption is increasingly hard to justify Work with companies that understand data protection and have deep integration with cloud applications
© 2015 CipherCloud | All rights reserved 30 AboutCipherCloud Solutions Cloud Discovery Cloud DLP Strong Encryption Tokenization Activity Monitoring Anomaly Detection 525+ Employees Company 3.8+ Million Active Users 13 Industries 25 Countries 7 Languages P 13 Patents Customers 5 out of 10 Top US Banks 3 out of 5 Top Health Providers Top 2 Global Telecomm Company 40% of Global Mail Delivery Largest US Media Company 3 out of 5 Top Pharmaceuticals
© 2015 CipherCloud | All rights reserved 31 Visit our new Global Compliance Resource Center Online Map, Guide, Whitepapers & More: www.ciphercloud.com/resources/global-compliance-resource-center
© 2015 CipherCloud | All rights reserved 32 Questions? Click to Watch On-demand Webinar : Understanding Global Data Protection Laws For additional information : • Website: www.ciphercloud.com • Email: info@ciphercloud.com • Phone: +1 855-5CIPHER Willy Leichter Global Director, Cloud Security wleichter@ciphercloud.com Twitter: @WillyLeichter Twitter.com/ciphercloud Youtube.com/user/CipherCloudVideo Linkedin.com/company/ciphercloud Facebook.com/ciphercloud Connect with Us!

Recommended

Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceCipherCloud
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Salesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data ProtectionSalesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data ProtectionCipherCloud
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud
 
CipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Mark Silverberg
 
CipherCloud Technology Overview: Tokenization
CipherCloud Technology Overview: TokenizationCipherCloud Technology Overview: Tokenization
CipherCloud Technology Overview: TokenizationCipherCloud
 

Recommended

Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceCipherCloud
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Salesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data ProtectionSalesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data ProtectionCipherCloud
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud
 
CipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Mark Silverberg
 
CipherCloud Technology Overview: Tokenization
CipherCloud Technology Overview: TokenizationCipherCloud Technology Overview: Tokenization
CipherCloud Technology Overview: TokenizationCipherCloud
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention ApproachesCipherCloud
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Combatting Insider Threats Presentation
Combatting Insider Threats PresentationCombatting Insider Threats Presentation
Combatting Insider Threats PresentationSara Thomason
 
HIPAA_CheatSheet
HIPAA_CheatSheetHIPAA_CheatSheet
HIPAA_CheatSheetDerrick McBreairty
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudMarketingArrowECS_CZ
 
GDPR is Here. Now What?
GDPR is Here. Now What?GDPR is Here. Now What?
GDPR is Here. Now What?Forcepoint LLC
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Avi Networks
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationSara Thomason
 
OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015Marcel Hoffmann
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Bitglass
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc
 
Cloud Computing: What You Don't Know Can Hurt You
Cloud Computing: What You Don't Know Can Hurt YouCloud Computing: What You Don't Know Can Hurt You
Cloud Computing: What You Don't Know Can Hurt YouPatrick Fowler
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataUlf Mattsson
 

More Related Content

What's hot

Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention ApproachesCipherCloud
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Combatting Insider Threats Presentation
Combatting Insider Threats PresentationCombatting Insider Threats Presentation
Combatting Insider Threats PresentationSara Thomason
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudMarketingArrowECS_CZ
 
GDPR is Here. Now What?
GDPR is Here. Now What?GDPR is Here. Now What?
GDPR is Here. Now What?Forcepoint LLC
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Avi Networks
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationSara Thomason
 
OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015Marcel Hoffmann
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Bitglass
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc
 

What's hot (20)

Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security Menace
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Combatting Insider Threats Presentation
Combatting Insider Threats PresentationCombatting Insider Threats Presentation
Combatting Insider Threats Presentation
 
HIPAA_CheatSheet
HIPAA_CheatSheetHIPAA_CheatSheet
HIPAA_CheatSheet
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
 
GDPR is Here. Now What?
GDPR is Here. Now What?GDPR is Here. Now What?
GDPR is Here. Now What?
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers Presentation
 
OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security Threats
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security Primer
 
Jisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategiesJisc cloud services: helping our members deliver their cloud strategies
Jisc cloud services: helping our members deliver their cloud strategies
 

Similar to Understanding Global Data Protection Laws: Webinar

Cloud Computing: What You Don't Know Can Hurt You
Cloud Computing: What You Don't Know Can Hurt YouCloud Computing: What You Don't Know Can Hurt You
Cloud Computing: What You Don't Know Can Hurt YouPatrick Fowler
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataUlf Mattsson
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public SectorMHCCloud
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
Scot Cloud 2016
Scot Cloud 2016Scot Cloud 2016
Scot Cloud 2016Ray Bugg
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful EnterpriseEric Kavanagh
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security PresentationIdeba
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudGurbir Singh
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
 

Similar to Understanding Global Data Protection Laws: Webinar (20)

Cloud Computing: What You Don't Know Can Hurt You
Cloud Computing: What You Don't Know Can Hurt YouCloud Computing: What You Don't Know Can Hurt You
Cloud Computing: What You Don't Know Can Hurt You
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran Adler
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
Scot Cloud 2016
Scot Cloud 2016Scot Cloud 2016
Scot Cloud 2016
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security Presentation
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the Cloud
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
 

More from CipherCloud

Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSACipherCloud
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingCipherCloud
 
CipherCloud at DreamForce 2014!
CipherCloud at DreamForce 2014!CipherCloud at DreamForce 2014!
CipherCloud at DreamForce 2014!CipherCloud
 
Encryption Crackability
Encryption CrackabilityEncryption Crackability
Encryption CrackabilityCipherCloud
 
Customer Success Story by CipherCloud
Customer Success Story by CipherCloudCustomer Success Story by CipherCloud
Customer Success Story by CipherCloudCipherCloud
 
A Casestudy on Salesforce Cloud Security
A Casestudy on Salesforce Cloud SecurityA Casestudy on Salesforce Cloud Security
A Casestudy on Salesforce Cloud SecurityCipherCloud
 
CipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud
 
CipherCloud for Any App
CipherCloud for Any AppCipherCloud for Any App
CipherCloud for Any AppCipherCloud
 

More from CipherCloud (8)

Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSA
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File Sharing
 
CipherCloud at DreamForce 2014!
CipherCloud at DreamForce 2014!CipherCloud at DreamForce 2014!
CipherCloud at DreamForce 2014!
 
Encryption Crackability
Encryption CrackabilityEncryption Crackability
Encryption Crackability
 
Customer Success Story by CipherCloud
Customer Success Story by CipherCloudCustomer Success Story by CipherCloud
Customer Success Story by CipherCloud
 
A Casestudy on Salesforce Cloud Security
A Casestudy on Salesforce Cloud SecurityA Casestudy on Salesforce Cloud Security
A Casestudy on Salesforce Cloud Security
 
CipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce ChatterCipherCloud's Solutions for Salesforce Chatter
CipherCloud's Solutions for Salesforce Chatter
 
CipherCloud for Any App
CipherCloud for Any AppCipherCloud for Any App
CipherCloud for Any App
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Understanding Global Data Protection Laws: Webinar

  • 1. © 2015 CipherCloud | All rights reserved 1 Understanding Global Data Protection Laws Willy Leichter Global Director, Cloud Security
  • 2. © 2015 CipherCloud | All rights reserved 2 Agenda Cloud benefits and inhibitors Changing IT landscape Compliance basics Overview of global protection laws Microsoft/Ireland legal challenge Best practices to meet compliance Recommendations
  • 3. © 2015 CipherCloud | All rights reserved 3 Balancing Cloud Benefits with Compliance Requirements Top 3 US Bank’s Consumer Self-Service Loan Origination Portal UK Education Organization Deploys Global Cloud-Based Portal Non-Technology Leader Trust Sensitive Data in Cloud Email German Cosmetics Giants Meets International Security Regulations Major European Telco Consolidates Call Centers for 25 Countries Largest Hospital Chain Meets HIPAA & HITECH in the Cloud Top Canadian Bank Safeguards Proprietary Information in the Cloud Major Wall Street Firm Adopts Cloud Applications with Confidence Global Leader in Customer Loyalty Moves Email to the Cloud Genomics Testing Leader Protects Patient Data while Using the Cloud New Zealand Bank Collaborates in the Cloud and Meets Compliance Medical Audit Leader Launches Cloud- Based Customer Portal Large Pharmaceutical Company Uses Encrypted Email Credit Reporting Giant Deploys Cloud Collaboration with DLP Controls Government-Owned Mortgage Backer Protect PII Data in the Cloud
  • 4. © 2015 CipherCloud | All rights reserved 4 Changing IT Challenges Managing the proliferation of cloud services Protecting data instead of just infrastructure Complying with data protection and residency laws Using legacy tools against emerging cloud threats Disappearing network perimeter Surveillance and forced disclosure risks
  • 5. © 2015 CipherCloud | All rights reserved 5© 2015 CipherCloud 5 Chile Law for the Protection of Private Life Argentina Personal Data Protection Law, Information Confidentiality Law New Zealand Privacy Act Philippines Propose Data Privacy Law Canada PIPEDA, FOIPPA, PIPA Taiwan Computer-Processed Personal Data Protection Hong Kong Personal Data Privacy Ordinance Japan Personal Information Protection Act South Korea Network Utilization and Data Protection Act European Union EU Data Protection Directive, State Data Protection Laws India Pending Laws under discussion United Kingdom ICO Privacy and Electronic Communications Regulations Australia National Privacy Principals, State Privacy Bills, Email Spam and Privacy Bills US States Breach notification in 48 states USA Federal CALEA, CCRA, CIPA, COPPA, EFTA, FACTA, ECPA, FCRA, FISMA, FERPA, GLBA, HIPAA, HITECH, PPA, RFPA, Safe Harbor, US PATRIOT Act Brazil Article 5 of ConstitutionColombia Data Privacy Law 1266 Mexico Personal Data Protection Law Morocco Data Protection Act Thailand Official Information Act B.E. 2540 Europe Privacy laws in 28 countries South Africa Electronic Communications and Transactions Act Singapore Personal & Financial Data Protection Acts Where Cloud Data Resides and What Laws Might Apply
  • 6. © 2015 CipherCloud | All rights reserved 6© 2015 CipherCloud 6 Customer Example: GlobalTelco • Moving legacy CRM systems in 25 countries to Salesforce • Complying with dozens of privacy and data residency laws Challenge
  • 7. © 2015 CipherCloud | All rights reserved 7 Legacy Compliance Models Don’tWork in the Cloud Legacy Protection Model • Location of data determines what laws apply • Legal sovereignty over physical media or files • Data owners control infrastructure security • Transfer and processing of data is controlled (in theory…) • Regulators focus on location, certification, perimeter security Reality in the Cloud • Data won’t and shouldn’t stay in one location • Distributed computing • Cross-region backups • Third-party processing • Many people can access the data • Remote command-and control • Support & services • Customer ask the wrong questions • Datacenter location • Infrastructure security
  • 8. © 2015 CipherCloud | All rights reserved 8 Global Compliance Basics Data Owner/Controller – Always responsible, regardless of location Data Processors & Sub-Processors – Cloud providers with access to private data – Extensive contractual requirements for data owner Data Residency/Sovereignty – Must assure data doesn’t go to regions with weaker privacy protections Data Transfer – Strict requirements if data goes to a specific region with weaker controls
  • 9. © 2015 CipherCloud | All rights reserved 9 Global Compliance Resource Center Details on data protection laws in 83 countries – Summaries of laws – National authorities and links – Security requirements – Definitions of personal and sensitive data – Data transfer restrictions – Breach notification requirements Content on industry-specific regulations – Financial services – Payment card industry (PCI) – Healthcare ciphercloud.com/global-compliance-resource-center – Dynamic interactive map – Downloadable book (PDF)
  • 10. © 2015 CipherCloud | All rights reserved 10© 2015 CipherCloud 10 Overall Levels of Restrictions Strong Restrictions Moderate Restrictions Limited Restrictions
  • 11. © 2015 CipherCloud | All rights reserved 11© 2015 CipherCloud 11 EEA and Safe Harbor EEA Countries Adequate protection US Safe Harbor • Austria • Belgium • Bulgaria • Croatia • Cyprus • Czech Republic • Denmark • Estonia • Finland • France • Germany • Greece • Hungary • Iceland • Ireland • Italy • Latvia • Liechtenstein • Lithuania • Luxembourg • Malta • Netherlands • Norway • Poland • Portugal • Romania • Slovakia • Slovenia • Spain • Sweden • United Kingdom EEA Countries • Andorra • Argentina • Canada • Faroe Islands • Guernsey • Isle of Man • Israel • Jersey • New Zealand • Switzerland • Uruguay Adequate Protection
  • 12. © 2015 CipherCloud | All rights reserved 12© 2015 CipherCloud 12 Breach Notification Requirements Strong Requirements Limited Requirements Mandatory in 47 US States and Albertan, Canada Limited or not required in most other countries
  • 13. © 2015 CipherCloud | All rights reserved 13 Does Data Residency = Data Sovereignty? Cloud providers control data across borders • Regional datacenters are rarely autonomous • Redundant backup data centers onlyin US • Central “command and control” can usually access data residing in any country SLAs are usually not binding on location • Data often spread across multiple datacenters • Best practices call forbackups in other regions US court rulings challenge data residency • Data “controlled” by US cloud providers can still be subject to US subpoenas • Microsoft ruled to release data stored in Ireland to US law enforcement Primary Microsoft datacenter locations
  • 14. © 2015 CipherCloud | All rights reserved 14 The Microsoft / Ireland Case “They have total control of those records, can produce them here, and that’s all that matters.” - Federal prosecutor Serrin Turner “Warrant requires the company to provide documents it controls, regardless of location” -U.S. Justice Department “It is a question of control, not a question of the location of that information” - Judge Loretta Preska, chief of the US District Court in Manhattan
  • 15. © 2015 CipherCloud | All rights reserved 15 Microsoft – standard SLAs for South American cloud customers Weak SLAs Don’t Help SharePoint Online, Exchange Online and Lync Online Datacenter locations for South American customers. SharePoint Online, Exchange Online and Lync Online Datacenter locations for Brazilian customers. Active Directory and Global Address Book Datacenter locations for all South American customers including Brazil.
  • 16. © 2015 CipherCloud | All rights reserved 16 “The requirements of providing the services may mean that some data is moved to or accessed by Microsoft personnel or subcontractors outside the primary storage region. For instance, to address latency, routing data may need to be copied to different data centers in different regions. In addition, personnel who have the most technical expertise to troubleshoot specific service issues may be located in locations other than the primary location, and they may require access to systems or data for purposes of resolving an issue.” - Microsoft standard cloud SLAs Weak SLAs Don’t Help
  • 17. © 2015 CipherCloud | All rights reserved 17 2. Ignore the problem • Your users will use cloud anyway • Hope (and pray) you’re not the next data breach time bomb What AreYour Practical Options? 1. Just say ‘NO’ to the Cloud • Not viable or recommended • Makes you less competitive • Limits access to latest technology 3. Focus on protecting data - not just infrastructure • Technology solutions exist • It’s possible to control sensitive data and benefit from the cloud
  • 18. © 2015 CipherCloud | All rights reserved 18 Cloud Use is Inevitable The average global enterprise utilizes over 1,100 cloud applications“ “ NA EU 86% of cloud applications used by enterprises are unsanctioned Shadow IT“ “
  • 19. © 2015 CipherCloud | All rights reserved 19© 2015 CipherCloud 19 Cloud Discovery Dashboard
  • 20. © 2015 CipherCloud | All rights reserved 20 Where ShouldYou ProtectYour Data? Data in Transit Data at Rest * Top Threats Vulnerabilities • Account hijacking* • Forced disclosure • Data breaches* • Malicious insiders* • Insecure APIs* • Shared technology* Data in Use
  • 21. © 2015 CipherCloud | All rights reserved 21 Encryption keys never leave the enterprise CipherCloud Encryption Model Encrypted data is indecipherable to unauthorized users Transparent to users Preserves application functionality • Encryption or tokenization at the enterprise gateway • Minimal latency • Integrated malware detection
  • 22. © 2015 CipherCloud | All rights reserved 22 Unauthorized User CipherCloud Encryption Authorized User
  • 23. © 2015 CipherCloud | All rights reserved 23 ©CipherCloud | All rights reserved | 23 Authorized User Unauthorized User Granular Field-Level Control ©CipherCloud | All rights reserved | 23
  • 24. © 2015 CipherCloud | All rights reserved 24© 2015 CipherCloud 24 Customer Example: GlobalTelco • Moving legacy CRM systems in 25 countries to Salesforce • Complying with dozens of privacy and data residency laws Challenge • CipherCloud encryption for all personal information fields • Consistent global policy enforcement and compliance Solution Customer PII data Encrypted PII Cloud traffic
  • 25. © 2015 CipherCloud | All rights reserved 25 Compliance Arguments for Cloud Encryption Prevents Cloud Providers from being Data Processors – Widely accepted for US and many global data protection laws – Still debated in Europe – especially Germany • Some believe any encryption to be “pseudo-anonymization” Improves Controller compliance even if Cloud Provider is not exempt – Important added layer of security – Widely accepted for US data protection laws Aligns with upcoming data privacy laws – Significantly stiffer penalties and legal enforcement – Important added layer of security – Widely accepted for US data protection laws
  • 26. © 2015 CipherCloud | All rights reserved 26 Upcoming EU Data Protection Requirements Core principles all supported by advanced data protection – Data Minimization – Data Portability – Privacy by Design & Default – Privacy Impact Analysis Canada United Kingdom IrelandFrance
  • 27. © 2015 CipherCloud | All rights reserved 27 Growing Consensus on Encryption Regulation Region Breach Notification Safe Harbor Exemptions Recommendations on Encryption PCI DSS   Encryption a “critical component” GLBA   Safe harbor “if encryption has been applied adequately” HIPAA, HITECH   Safe harbor “if encryption has been applied adequately” EU Directives Proposed Proposed Encryption likely to be recommended ICO Privacy Amendment   Notification not required if there are “measures in place which render the data unintelligible.” Privacy Amendment  Not specified Not specified but you should to “take adequate measures to prevent the unlawful disclosure” US State Privacy Laws  Generally Yes Typical breach definitions: - Personal Information: “data that is not encrypted” - Breach: “access to unencrypted data”
  • 28. © 2015 CipherCloud | All rights reserved 28 The CipherCloud Platform Multi-Cloud Any Location Any Device Visibility & Monitoring Threat Prevention Data Security Privacy & Compliance Enterprise Requirements Visibility & Monitoring Threat Prevention Data Security Privacy & Compliance Platform Advanced Data Protection User & Data Monitoring Cloud Risk Intelligence CloudIntegrations EnterpriseIntegration Integrated Policy Controls On-Premises Hybrid Cloud
  • 29. © 2015 CipherCloud | All rights reserved 29 Recommendations Avoiding the cloud is no longer viable, or desirable IT must move beyond the perimeter model to stay relevant – Focus needs to be on protecting data – not infrastructure Compliance requires more than cloud provider assurances – You’re responsible for the data – you must be proactive Security and privacy challenges are solvable – Strong encryption can assure exclusive access to data located anywhere – But keys must be retained by the data owner Encryption is becoming and established best practice – Not applying encryption is increasingly hard to justify Work with companies that understand data protection and have deep integration with cloud applications
  • 30. © 2015 CipherCloud | All rights reserved 30 AboutCipherCloud Solutions Cloud Discovery Cloud DLP Strong Encryption Tokenization Activity Monitoring Anomaly Detection 525+ Employees Company 3.8+ Million Active Users 13 Industries 25 Countries 7 Languages P 13 Patents Customers 5 out of 10 Top US Banks 3 out of 5 Top Health Providers Top 2 Global Telecomm Company 40% of Global Mail Delivery Largest US Media Company 3 out of 5 Top Pharmaceuticals
  • 31. © 2015 CipherCloud | All rights reserved 31 Visit our new Global Compliance Resource Center Online Map, Guide, Whitepapers & More: www.ciphercloud.com/resources/global-compliance-resource-center
  • 32. © 2015 CipherCloud | All rights reserved 32 Questions? Click to Watch On-demand Webinar : Understanding Global Data Protection Laws For additional information : • Website: www.ciphercloud.com • Email: info@ciphercloud.com • Phone: +1 855-5CIPHER Willy Leichter Global Director, Cloud Security wleichter@ciphercloud.com Twitter: @WillyLeichter Twitter.com/ciphercloud Youtube.com/user/CipherCloudVideo Linkedin.com/company/ciphercloud Facebook.com/ciphercloud Connect with Us!