developing a secure and compliant cloud strategy for financial services
TRANSCRIPT
![Page 1: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/1.jpg)
webinarjune 29
2016
developing a secure and compliant
cloud strategy for financial
services
![Page 2: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/2.jpg)
STORYBOARDS
the traditional approach to
security is inadequate
![Page 3: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/3.jpg)
STORYBOARDS
security must evolve to
protect data in the cloud
ungoverned access to
corporate data in the cloud
data-at-rest in the cloud
sensitive cloud data on
unmanaged devices
![Page 4: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/4.jpg)
STORYBOARDS
enterprise(CASB)
end-user devicesvisibility & analytics
data protectionidentity & access control
applicationstorageserversnetwork
native security features can’t be relied upon:the data blind spot
app vendor
![Page 5: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/5.jpg)
STORYBOARDS
CASB: a better approach to cloud security
identity
cloud encryption
data-centric protection
audit + visibility
![Page 6: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/6.jpg)
STORYBOARDS
protecting cloud data end-to-end
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility and control over data in the cloud
■ Solution must also protect data on end-user devices
■ Leverage contextual access controls
![Page 7: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/7.jpg)
STORYBOARDS
access controlsthe new data reality requires a new security architecture
■ Secure access from any unmanaged device
■ Protect data in “unwrappable” native mobile apps
■ Full data control and visibility for IT
■ Granular DLP applied to data at download time
![Page 8: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/8.jpg)
STORYBOARDS
data leakage preventiona complete set of data controls
■ Apply granular DLP to sensitive data with spectrum of actions from watermarking to outright blocking
■ Context-aware engine can distinguish between users, managed and unmanaged devices, and more
■ Easily modify sharing permissions and quarantine files for review
![Page 9: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/9.jpg)
STORYBOARDS
audit and visibility
■ Detailed logging for compliance and audit.
■ Identify sensitive data at rest and external sharing
■ Easily modify permissions and quarantine files
![Page 10: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/10.jpg)
STORYBOARDS
identity
■ Cloud app identity management should maintain the best practices of on-prem identity
■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication
![Page 11: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/11.jpg)
STORYBOARDS
cloud encryptionencrypt data-at-rest while retaining app functionality
■ Necessary for data that is subject to regulatory mandates (e.g. PII, PCI)
○ Only encrypt what’s necessary
■ Structured data
■ Sensitive fields (SSNs, addresses, etc.)
![Page 12: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/12.jpg)
STORYBOARDS
cloud encryptionwhere some solutions fall short
■ Competitors limit the number of Initialization Vectors to support search
■ Ex: search Salesforce for every ciphertext value of “Bob”
○ As number of IVs increases, search time increases exponentially
![Page 13: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/13.jpg)
STORYBOARDS
cloud encryptionencrypt data-at-rest while retaining app functionality
■ Encryption must be at full strength, using industry standard encryption
■ Customer managed keys provide an additional layer of security
■ Solution should be easy to deploy and cost-effective
![Page 14: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/14.jpg)
STORYBOARDS
managed devices
application access access control data protection
unmanaged devices /
byod
in the cloud
Forward ProxyActiveSync Proxy
Device Profile: Pass● Email● Browser● OneDrive Sync
● Full Access
Reverse Proxy + AJAX VMActiveSync Proxy
● DLP/DRM/encryption ● Device controls
API Control External Sharing Blocked
● Block external shares● Alert on DLP events
Device Profile: Fail● Mobile Email● Browser● Contextual multi-factor auth
typical use case:real-time data protection on any device
![Page 15: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/15.jpg)
STORYBOARDS
our mission
total data
protection est. jan
2013
100+ custome
rs
tier 1 VCs
![Page 16: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/16.jpg)
STORYBOARDS
harbor: secure data in the cloudsearchable encryptionpublic cloud app with private cloud data■ searchable, sortable true AES-256 + 256-bit IV■ crypto-independent implementation■ US Patent 9,047,480■ endorsed by leading cryptographers
competition■ maximum 20-bit IVs to support search■ search performance drops with IV length■ no wild-card search, partial-word search...
![Page 17: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/17.jpg)
STORYBOARDS
secure salesforce
+ office 365
financial servicesgiant
17
challenge■ Needed complete CASB for enterprise-wide
migration to SaaS■ Encryption of data-at-rest in Salesforce ■ Security for Office 365
solution■ Searchable true encryption of data in
Salesforce■ Preserve SOQL API integrations■ Full control of encryption keys■ Real-time inline DLP on any device
(Citadel)■ Contextual access control on managed &
unmanaged devices (Omni)■ API control in the cloud■ Discover breach & Shadow IT
![Page 18: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/18.jpg)
STORYBOARDS
client:■ 15,000 employees in 190+
locations globallychallenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored in the cloud
■ Limit data access based on device risk level
■ Govern external sharingsolution:
■ Inline data protection for unmanaged devices/BYOD
■ Bidirectional DLP■ Real-time sharing control
secure google apps +
byod
business data
giant
![Page 19: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/19.jpg)
resources:more info about cloud security
■ whitepaper: the definitive guide to casbs
■ infographic: cloud adoption in financial services
■ case study: financial services firm secures salesforce and o365
![Page 20: Developing a Secure and Compliant Cloud Strategy for Financial Services](https://reader035.vdocument.in/reader035/viewer/2022070518/58d1d3581a28ab66108b48df/html5/thumbnails/20.jpg)
STORYBOARDS
bitglass.com@bitglass