quantifying cloud risk for your corporate leadership
Post on 11-Jan-2017
1.166 Views
Preview:
TRANSCRIPT
Netskope © 2015, Optiv Security Inc. © 2015
Quantifying Cloud Risk forYour Corporate Leadership
Scott Hogrefe, Sr. Director, Netskope
Netskope © 2015, Optiv Security Inc. © 2015
‣ Strong technology and services partnerships
‣ Discover cloud apps and assess risk‣ Govern all apps and data‣ Safely enable sanctioned cloud apps
‣ $131.4M from top Silicon Valley VCs‣Accel, Lightspeed, Iconiq,
Social+Capital‣Customers include
‣ 250+ employees globally, including North America, throughout Europe, and Asia-Pacific
‣ Early architects/executives from Palo Alto Networks, NetScreen, Cisco, McAfee, VMware
‣ 40+ patent claims across four categories
Netskope © 2015, Optiv Security Inc. © 2015
Confessions of “Dr. No”
Netskope © 2015, Optiv Security Inc. © 2015
I really likeVISIBILITY AND CONTROL
Netskope © 2015, Optiv Security Inc. © 2015
40 to 50
Netskope © 2015, Optiv Security Inc. © 2015
Actual:
1,017
IT estimate:
40-50 Cloud procurement in many healthcare organizations
happens outside of IT
More than just Dropbox and Evernote. EHR, billing,
healthcare consultation…not to mention HR,
finance, CRM, etc.No visibility or control
Source: Netskope Cloud Report
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
There known knowns… known unknowns… unknown unknowns
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
Why do people rob banks?
There known knowns… known unknowns… unknown unknowns
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
People aren’t evil, people are reckless
Why do people rob banks?
There known knowns… known unknowns… unknown unknowns
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
People aren’t evil, people are reckless
Why do people rob banks?
There known knowns… known unknowns… unknown unknowns
What are the risks of not using cloud?
Netskope © 2015, Optiv Security Inc. © 2015
IT estimates 30% business data is in cloud…
With ⅓“unknown”
Source: Ponemon
Netskope © 2015, Optiv Security Inc. © 2015
IT estimates 30% business data is in cloud…
With ⅓“unknown”
Source: Ponemon
Is this your quantifiable risk?
Netskope © 2015, Optiv Security Inc. © 2015
28 “Ecosystem” apps on average connected to Box alone
Netskope © 2015, Optiv Security Inc. © 2015
28 “Ecosystem” apps on average connected to Box alone
Should we factor these in to your equation?
Netskope © 2015, Optiv Security Inc. © 2015
Nearly Halfof all cloud app activities originate from a mobile device
One Thirdof all DLP policy violations occur on a mobile device
Netskope © 2015, Optiv Security Inc. © 2015
Nearly Halfof all cloud app activities originate from a mobile device
One Thirdof all DLP policy violations occur on a mobile device
Is this part of your cloud risk?
Netskope © 2015, Optiv Security Inc. © 2015
+ +Cloud App Risk
=
We could say…
Netskope © 2015, Optiv Security Inc. © 2015
+ +Cloud App Risk
=
We could say…
Right?
Netskope © 2015, Optiv Security Inc. © 2015
Just Block!In 2005 we said…
Netskope © 2015, Optiv Security Inc. © 2015
Just Block!Sanction one app and
then…
In the last few years we’ve said…
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?Me too!
Me too!
Don’t forget about me!
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?Me too!
Me too!
Don’t forget about me!
90% of cloud usage is in apps blocked by the firewall
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?Me too!
Me too!
Don’t forget about me!
90% of cloud usage is in apps blocked by the firewall
Not me… I found
another app!
Netskope © 2015, Optiv Security Inc. © 201525
Netskope © 2015, Optiv Security Inc. © 201526
Netskope © 2015, Optiv Security Inc. © 2015
BESIDES…THESE APPS ARE
GOODFOR BUSINESS
Netskope © 2015, Optiv Security Inc. © 201528
Even Customer Supportis in the cloud…“ ”
Netskope © 2015, Optiv Security Inc. © 2015
LEADING BIOTECH‣ Leverages the cloud to
process petabytes of clinical trial data at a fraction of the time
‣ Results: Faster time to approval
LARGE HMO‣ Securely stores health
records‣ Collaborates on patient
data via workflows‣ Coordinates care via
cloud
TEACHING HOSPITAL‣ Ensure that medical
students and staff safely collaborate in the cloud
‣ Find and secure PHI en route to or at rest in cloud apps
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
How Are YouAddressing
Risk?
Netskope © 2015, Optiv Security Inc. © 2015
FIND UNDERSTAND SECURE
Netskope © 2015, Optiv Security Inc. © 2015
FIND
Bob Jones in IT
Ashok Kumar in Marketing
Amy Bishop in Finance
Pierre Bonaparte in Research
Side-by-sidecomparisons
Netskope © 2015, Optiv Security Inc. © 2015
UNDERSTAND
✔ Who? What group/OU? Where?
✔ What app/category? From what device?
✔ To whom? What content?Dr. Porter sent a patient’s MRI to a
counterpart via Box
Netskope © 2015, Optiv Security Inc. © 2015
SECURE✔ Block and coach
✔ Encrypt
✔ Prevent sharing outside of co.
✔ Require justification
✔ Perform “quiet” legal hold
Activity- and data-level
policies
✔ Quarantine and alert users
Netskope © 2015, Optiv Security Inc. © 2015
76.2% Of Cloud DLP Violations occur in healthcare and life sciences
68.5% Of DLP violations are protected health information (PHI)
Netskope © 2015, Optiv Security Inc. © 2015
Is Your Leadership Paying Attention?
Do They Care?
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Sample NACD QuestionsQuestions Directors Can Ask to Assess the Board’s “Cyber Literacy”
#2 Do we think there is adequate protection in place if someone wanted to get at or damage our corporate “crown jewels?” What would it take to feel comfortable that those assets were protected?
From the National Association of Corporate Director’s Cyber-Risk Oversight Director’s Handbook Series 2014 Edition, page 17: http://www.aig.com/Chartis/internet/US/en/Financial%20Lines_Cybersecurity_Handbook_Global_tcm3171-639223.pdf.
Netskope © 2015, Optiv Security Inc. © 2015
So, What’s YourStrategy for Talkingto Your Leadership?
Netskope © 2015, Optiv Security Inc. © 2015
1. CURRENT STATE OF AFFAIRS
Apps, users, devices, data, risk
Netskope © 2015, Optiv Security Inc. © 2015
2. CLOUD’S ROLE IN YOUR
SUCCESS
Time to value for on-premises
Time to value for cloud
Best tools, lack of in-house talent, speed and ease of deployment and use, user preferences
Netskope © 2015, Optiv Security Inc. © 2015
3. YOUR CLOUDVISION
How, when, and under what circumstances, you’re in SaaS, PaaS, and IaaS…
Finance
HR
Software Development
Storage CRM
ResearchRisk Management
Trading
Analysis
Netskope © 2015, Optiv Security Inc. © 2015
4. SAFE CLOUD
ENABLEMENT PLAN
Requirements, plan, policies (e.g., vendor assurance)
Netskope © 2015, Optiv Security Inc. © 2015
5. STRATEGIC ROADMAP,
RESOURCES, AND
OWNERS
Roadmap, stakeholders, sequence, resources…
Netskope © 2015, Optiv Security Inc. © 2015
6. PLAN FOR TRANSPAREN
CYAND
GOVERNANCE
Ongoing reporting to leadership and lines of business
Netskope © 2015, Optiv Security Inc. © 2015
In Summary…
Current State of Affairs
Cloud’s Role in Your Success
Your Cloud Vision
Safe Cloud Enablement Plan
Strategic Roadmap
Ongoing Governance, Transparency
Netskope © 2015, Optiv Security Inc. © 2015
So, “Dr. No” became a “Yes Man”
(and Vicken and Clark lived happily ever after)
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
THANK YOU!
top related