Please direct any questions to usvia Twitter using hashtag
#fpwebinar
Data Security:Best Practices in the Hybrid Cloud
#fpwebinar
#fpwebinar
Data Security:Best Practices in the Hybrid Cloud
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
We want to hear from you!
#fpwebinar
What’s in this Fpwebinar?
A Strategy for Data Security
Cloud Adoption
Cloud Security Challenges
Closing the Gaps
#fpwebinar
Jesse RocheVice President, SalesFpweb.net
#fpwebinar
Mike FleckCEOCipherPoint
POLL:Which deployment option is your organization currently
using or planning to use in the next 12 months?
On-Prem, Private Cloud Only, Public Cloud Only, Hybrid
#fpwebinar
Data Security transcends the Cloud.
Restricted information needs security wherever
it resides.
#fpwebinar
POLL:Do you have a strategy for securing data?
Yes, No, or Not Sure
#fpwebinar
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
DATA
DEVICE
• LEAST PRIVILEGE DESIGN
• SEPARATION OF DUTIES PRINCIPLE
• UNIQUE USER IDENTITIES, NO SHARED ACCOUNTS
• COMPLEX PASSWORDS, NEVER SENT AS CLEAR
TEXT
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
• NETWORK FIREWALLS AND SEGMENTATION
• NETWORK MONITORING
• PENETRATION TESTING & VULNERABILITY SCANNING
• INTRUSION DETECTION
• PATCH MANAGEMENT
• ANTI-VIRUS, ANTI-MALWARE
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• BUILDING ACCESS CONTROL, VISITOR LOGS
• PHYSICAL DATA CENTER SECURITY
• EMPLOYEE SCREENING
• EMPLOYEE AWARENESS TRAINING, JOB DESCRIPTIONS
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• INCIDENT RESPONSE POLICY, ANNUAL TESTING
• CORPORATE INFORMATION SECURITY POLICY
• THIRD PARTY AUDITING AND ACCREDITATION
• DESIGNATED COMPLIANCE OFFICER/TEAM
#fpwebinar
Ownership of Controls
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application Shared
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
#fpwebinar
Cloud as Anti-Security
• Data Loss Prevention
• Network Access Control
• Network Perimeter
Trust but verify.
Always perform your due diligence on the Cloud
Service Provider
#fpwebinar
#fpwebinar
Topics for Due Diligence
Maturity of controls and principles
Uptime statistics and Service Level Agreements
Third party access: Subcontractors & Foreign and domestic
governments
Data destruction and remanence
Privileged user controls and monitoring
Facts of Public Cloud Providers
• Superior economies of scale achieved through cookie
cutter offering
• Highly limited ability to perform due diligence
• Highly limited ability to customize
• Lower service levels
• High volume of compelled disclosures
#fpwebinar
Beware of CSP Spin
#fpwebinar
Microsoft does it too
#fpwebinar
Point by PointMicrosoft provided information for 79% of requests for data from
foreign and domestic law enforcement agencieshttp://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/03/06/microsoft-releases-2013-law-enforcement-requests-
report.aspx
Microsoft database administrators, by definition, have access to all the resources on a database, including customer data
http://www.microsoft.com/online/legal/v2/?docid=24
Microsoft honored legal orders for data belonging to 15 businesseshttp://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
US ordered MS to hand over customer data stored in Irelandhttp://www.bbc.co.uk/news/technology-27191500
#fpwebinar
So, what do we do?
#fpwebinar
Triage the Data
#fpwebinar
COST EFFICIENCIES
TRUST
On-Premises Hosted / Private Cloud Public Cloud
The Gaps
#fpwebinar
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
#fpwebinar
Q&A
Data Security:Best Practices in the Hybrid Cloud
Thank you!Twitter @fpweb • [email protected] • www.fpweb.net
Please fill out the survey as you exit the webinar and help us choose the next topic!
Also, CipherPoint is giving away $5 gift cards to the first 50 people to complete their survey
and everyone is entered to win a $50 gift card.
Link to survey will be in the webinar recording email you will receive and in the chat pane.
#fpwebinar
