Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Storage and Security: Solving Compliance Challenges

307 views

Published on

Fredrik Forslund, Director of Cloud & Data Center Erasure Solutions at Blancco Technology Group explores cloud storage compliance challenges and solutions with seasoned security and compliance experts, Giulio Coraggio, Partner at DLA Piper, and Eric Vanderburg, Director of Information Systems & Security at Jurinnov LLC.

What You’ll Learn:

Common pain points associated with storing, managing and protecting data in the private cloud
Key scenarios when cloud security may be compromised
Regulatory requirements that must be met whenever data is stored in the cloud
Best practices to minimize data security risks and regulatory compliance violations

Published in: Technology
  • There is a useful site for you that will help you to write a perfect and valuable essay and so on. Check out, please ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Cloud Storage and Security: Solving Compliance Challenges

  1. 1. CLOUD STORAGE & SECURITY: SOLVING COMPLIANCE CHALLENGES
  2. 2. MEET THE PANEL Director, Information Systems and Security, Jurinnov LLC Eric Vanderburg Partner, DLA Piper Giulio Coraggio Presenters Director of Cloud & Data Center Erasure Solutions, Blancco Technology Group Fredrik Forslund Moderator
  3. 3. WHAT WE’LL EXPLORE The Realities & Pain Points of Storing Data in the Cloud How, Where & When Cloud Security Could Be Compromised Navigating Through Legal & Regulatory Compliance What to Consider in Deploying the Right Cloud Storage Strategy Recommendations to Store, Manage & Protect Data in the Cloud
  4. 4. THE REALITIES & PAIN POINTS OF STORING DATA IN THE CLOUD
  5. 5. Source: SkyHigh Q4 2015 Cloud Report
  6. 6. 15.8% OF FILES IN THE CLOUD CONTAIN SENSITIVE DATA 6 Source: SkyHigh Q4 2015 Cloud Report SENSITIVE DATA 7.6% 2.3% 1.6% Protected Health Information Payment Data Documents in File Sharing Services Personally Identifiable Information 4.3%
  7. 7. MANAGING DATA IN THE CLOUD IS COMPLICATED & TOUGH 7 Organizations that experienced breaches in the cloud cited malware as the top private cloud attack vector Cloud Breaches 33% Cite unauthorized access to data from other tenants as the most pressing concern with public cloud deployments Unauthorized Access 40% Store or process sensitive data in the cloud Sensitive Data 40% Do not currently have visibility into their public cloud providers’ operations Lack of Visibility 33% *Source: SANS Institute, ‘Orchestrating Security in the Cloud’ Paper, 2015
  8. 8. Webinar Audience Poll Question: What type of cloud strategy does your business implement? Responses: • Private • Public • Hybrid • I don’t know
  9. 9. Hybrid Cloud More scalable than private Requires some higher upfront costs More control over data flows Private Cloud High degree of control Higher upfront costs More difficult to scale Public Cloud Highly scalable Pay for what you use Easy to deploy and manage MANY CLOUD STRATEGIES TO CHOOSE
  10. 10. HOW, WHERE & WHEN CLOUD SECURITY COULD BE COMPROMISED
  11. 11. Webinar Audience Poll Question: Has your company suffered a cloud data breach in the last 12 months? Responses: • Yes • No • I don’t know
  12. 12. INTERNAL & EXTERNAL THREATS CAN’T BE IGNORED Source: SkyHigh Q4 2015 Cloud Report
  13. 13. WHEN/WHERE IS DATA MOST AT RISK? During Data Migration During Data Use or Storage Data End-of-Life Equipment End-of-Life
  14. 14. NAVIGATING THROUGH LEGAL & REGULATORY COMPLIANCE
  15. 15. 15 ENTERPRISE BUSINESSES MUST GET ON BOARD National Data Protection Law EU Data Protection Regulation 2015 Right to be Forgotten ISO Standard 27001, 27040 etc. Sarbanes-Oxley HIPAA (Health Insurance Portabiltiy and Accountability) Credit Card Industry PCI-DSS
  16. 16. 01 02 03 04 ISO/IEC 27001: SETTING THE BAR HIGH FOR SECURITY STANDARDS 16 TOP MANAGEMENT Must implement information security policy themselves RISK MANAGEMENT Relevant security risks should be addressed and mitigated INTERNAL AUDITS Must verify all security risks have been addressed and operational processes are set DATA REMOVAL Sensitive data and licensed software must be securely removed prior to disposal or reuse
  17. 17. ISO 27018: PROTECTION OF PRIVACY & PERSONAL DATA IN THE CLOUD 17 Home PC Push Sync Back Up All Files Work Laptop Push Sync Work Files Notebook Smart Sync Select Files Tablet Sync Local Stream the Rest Smartphon e Sync a Few Stream the Rest ! My Documents My Photos My Music My Work Files Special Project
  18. 18. Webinar Audience Poll Question: How Prepared Is Your Organization for GDPR? Responses: • Fully Prepared • Somewhat Prepared • Early Preparation Stages • Unprepared • Don’t Know
  19. 19. Source: ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016 Somewhat Prepared; Still Need to Find Right Data Removal Software Fully Prepared (Established Processes, Policies & Technology) Unprepared; Don’t Know How or Where to Start Don’t Know On Right Track (Currently Researching & Developing Processes/Policies
  20. 20. WHAT CHANGES WITH THE GENERAL DATA PROTECTION REGULATION? 20 New Sanctions for Violations & Breaches New Liabilities for Cloud Providers New Obligations/ Protections
  21. 21. Environmental Protection Physical Protection Network Protection Hardware Protection Breach Notification Secure Communications Computing Security DATA PROTECTION REGULATION CONSIDERATIONS Right to be Forgotten
  22. 22. WHAT TO CONSIDER IN DEPLOYING THE RIGHT CLOUD STORAGE STRATEGY
  23. 23. CAPACITY PLANNING • Pre-allocate = Low ROI with unused space • Grow as you need = Inconsistent IT spending and potentials for compromise BACKUP AND RECOVERY • Archiving costs (equipment and time) • Offsite storage or offsite location • Testing and validation PRIVATE CLOUD STORAGE HURDLES DIRECT CAPITAL EXPENDITURE MAINTAINENCE AND SUPPORT
  24. 24. ADEQUATE DUE DILIGENCE ON CLOUD PROVIDER AND CONTRACT NEGOTIATION
  25. 25. 25 DATA MANAGEMENT CONSIDERATIONS Specialized Skills Sets Required Data Analytics Data Inventory Future Scalability into Hybrid Cloud Cloud Software Customization
  26. 26. RECOMMENDATIONS TO STORE, MANAGE & PROTECT DATA IN THE CLOUD
  27. 27. 27 Know Your Vendors Evaluate Cost Benefits Implement Industry Standards Prepare for Future (Scalability, Technology, Security) Establish a Way to Measure ROI THINGS TO REMEMBER WHEN STORING, MANAGING & PROTECTING DATA IN THE CLOUD
  28. 28. DATA LIFECYCLE IN THE CLOUD 3. Data Use/Storage 5. Data End-Of-Life 1. Data Creation & Classification 6. Decommissioning of Device/Server 4. Data at Rest 2. Data Migration
  29. 29. &
  30. 30. CONTENT YOU MAY FIND USEFUL: “Cloud & Data Center Erasure: Why Delete Doesn’t Suffice”: http://www2.blancco.com/en/white-paper/cloud-and-data-center- erasure-why-delete-doesnt-suffice “The Information End Game: What You Need to Know to Protect Corporate Data Throughout its Lifecycle”: http://www2.blancco.com/en/white-paper/the-information-end-game-what-you-need-to-know-to-protect-corporate-data “Data Storage Dilemmas & Solutions”: http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions “EU GDPR: A Corporate Dilemma”: http://www2.blancco.com/EU-GDPR-Corporate-Dilemma-Research-Study
  31. 31. Blancco Technology Group is a leading, global provider of mobile device diagnostics and secure data erasure solutions. We help our clients’ customers test, diagnose, repair and repurpose IT devices with the most proven and certified software. Our clientele consists of equipment manufacturers, mobile network operators, retailers, financial institutions, healthcare providers and government organizations worldwide. The company is headquartered in Alpharetta, GA, United States, with a distributed workforce and customer base across the globe. DLA Piper is a global law firm with lawyers in the Americas, Asia Pacific, Europe, Africa and the Middle East, positioning us to help companies with their legal needs around the world. We strive to be the leading global business law firm by delivering quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry- leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries. We also advise governments and public sector bodies. JURINNOV works with IT and legal departments in a wide variety of industries and sectors. We become a link, an extension of both departments. We help them adopt the most current standards and tools. We help companies better manage and track electronic information, uncover evidence, plan for data recovery, and relax a little bit like in the good old days when everything was filed neatly in its place. ABOUT US

×