data security: best practices in the hybrid cloud | fpwebinar
DESCRIPTION
Presentation from our latest webinar entitled "Data Security: Best Practices in the Hybrid Cloud" with CipherPoint. In this webinar we focused on security in an Office 365/Dedicated hybrid cloud model. Organizations need to consider the confidentiality and availability implications of SharePoint when offered by a private hosting provider as opposed to a public Cloud offering. These differences include data residency, your ability to perform due diligence, and confidentiality/availability guarantees. Restricted information, however, needs to be secured no matter where it’s stored and processed. Watch our discussion of private and public hosted SharePoint offerings and the strategies you can use to architect a hybrid approach to meet both your business and security objectives.TRANSCRIPT
![Page 1: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/1.jpg)
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
Data Security:Best Practices in the Hybrid Cloud
#fpwebinar
![Page 2: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/2.jpg)
![Page 3: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/3.jpg)
#fpwebinar
Data Security:Best Practices in the Hybrid Cloud
![Page 4: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/4.jpg)
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
We want to hear from you!
#fpwebinar
![Page 5: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/5.jpg)
What’s in this Fpwebinar?
A Strategy for Data Security
Cloud Adoption
Cloud Security Challenges
Closing the Gaps
#fpwebinar
![Page 6: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/6.jpg)
Jesse RocheVice President, SalesFpweb.net
#fpwebinar
Mike FleckCEOCipherPoint
![Page 7: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/7.jpg)
POLL:Which deployment option is your organization currently
using or planning to use in the next 12 months?
On-Prem, Private Cloud Only, Public Cloud Only, Hybrid
#fpwebinar
![Page 8: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/8.jpg)
Data Security transcends the Cloud.
Restricted information needs security wherever
it resides.
#fpwebinar
![Page 9: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/9.jpg)
POLL:Do you have a strategy for securing data?
Yes, No, or Not Sure
#fpwebinar
![Page 10: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/10.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
![Page 11: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/11.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
DATA
DEVICE
• LEAST PRIVILEGE DESIGN
• SEPARATION OF DUTIES PRINCIPLE
• UNIQUE USER IDENTITIES, NO SHARED ACCOUNTS
• COMPLEX PASSWORDS, NEVER SENT AS CLEAR
TEXT
![Page 12: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/12.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
• NETWORK FIREWALLS AND SEGMENTATION
• NETWORK MONITORING
• PENETRATION TESTING & VULNERABILITY SCANNING
• INTRUSION DETECTION
• PATCH MANAGEMENT
• ANTI-VIRUS, ANTI-MALWARE
![Page 13: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/13.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• BUILDING ACCESS CONTROL, VISITOR LOGS
• PHYSICAL DATA CENTER SECURITY
• EMPLOYEE SCREENING
• EMPLOYEE AWARENESS TRAINING, JOB DESCRIPTIONS
![Page 14: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/14.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• INCIDENT RESPONSE POLICY, ANNUAL TESTING
• CORPORATE INFORMATION SECURITY POLICY
• THIRD PARTY AUDITING AND ACCREDITATION
• DESIGNATED COMPLIANCE OFFICER/TEAM
![Page 15: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/15.jpg)
#fpwebinar
Ownership of Controls
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application Shared
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
![Page 16: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/16.jpg)
#fpwebinar
Cloud as Anti-Security
• Data Loss Prevention
• Network Access Control
• Network Perimeter
![Page 17: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/17.jpg)
Trust but verify.
Always perform your due diligence on the Cloud
Service Provider
#fpwebinar
![Page 18: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/18.jpg)
#fpwebinar
Topics for Due Diligence
Maturity of controls and principles
Uptime statistics and Service Level Agreements
Third party access: Subcontractors & Foreign and domestic
governments
Data destruction and remanence
Privileged user controls and monitoring
![Page 19: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/19.jpg)
Facts of Public Cloud Providers
• Superior economies of scale achieved through cookie
cutter offering
• Highly limited ability to perform due diligence
• Highly limited ability to customize
• Lower service levels
• High volume of compelled disclosures
#fpwebinar
![Page 20: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/20.jpg)
Beware of CSP Spin
#fpwebinar
![Page 21: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/21.jpg)
Microsoft does it too
#fpwebinar
![Page 22: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/22.jpg)
Point by PointMicrosoft provided information for 79% of requests for data from
foreign and domestic law enforcement agencieshttp://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/03/06/microsoft-releases-2013-law-enforcement-requests-
report.aspx
Microsoft database administrators, by definition, have access to all the resources on a database, including customer data
http://www.microsoft.com/online/legal/v2/?docid=24
Microsoft honored legal orders for data belonging to 15 businesseshttp://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
US ordered MS to hand over customer data stored in Irelandhttp://www.bbc.co.uk/news/technology-27191500
#fpwebinar
![Page 23: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/23.jpg)
So, what do we do?
#fpwebinar
![Page 24: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/24.jpg)
Triage the Data
#fpwebinar
COST EFFICIENCIES
TRUST
On-Premises Hosted / Private Cloud Public Cloud
![Page 25: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/25.jpg)
The Gaps
#fpwebinar
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
![Page 26: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/26.jpg)
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
#fpwebinar
Q&A
Data Security:Best Practices in the Hybrid Cloud
![Page 27: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.vdocument.in/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/27.jpg)
Thank you!Twitter @fpweb • [email protected] • www.fpweb.net
Please fill out the survey as you exit the webinar and help us choose the next topic!
Also, CipherPoint is giving away $5 gift cards to the first 50 people to complete their survey
and everyone is entered to win a $50 gift card.
Link to survey will be in the webinar recording email you will receive and in the chat pane.
#fpwebinar