gdpr and privacy enhancing technologies shane mcentagart ... · global turnover 72 hours given to...
TRANSCRIPT
![Page 1: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/1.jpg)
9th February 2018
Cyber SecurityGDPR and Privacy Enhancing TechnologiesShane McEntagart ( [email protected] )
![Page 2: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/2.jpg)
Event briefing and overview
Shane McEntagart
(Deloitte)
GDPR alignment with Cyber Security
Liam O’Connor
(Deloitte)
Panel discussion
Chair: Jacky Fox
(Deloitte – Cyber Security Lead )
Presenters
Nicola Flannery
(Deloitte – Data Privacy)
Mark Oldroyd (Sailpoint)
David Higgins
(CyberArk)
Clive Finlay (Symantec)
Agenda and Welcome
![Page 3: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/3.jpg)
Headline Verdana BoldCyber SecurityGDPR and Privacy Enhancing TechnologiesLiam O’Connor ( [email protected] )
![Page 4: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/4.jpg)
Facts & figures
What changes does the GDPR bring?
4%Potential fines as a percentage of global turnover
72Hours given to
report a data breach7
Core individual rights afforded
under the GDPR
28,000Estimated number
of new Data Protection Officers required in Europe (IAPP study 2016)
80+New
requirements in the GDPR
190+Countries
potentially in scope of the regulation
€203mCost of 4% fine for a typical FTSE 100
company
![Page 5: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/5.jpg)
What changes does the GDPR bring?
Changes compared to the 1995 Directive (95/46/EC)
Broader territorial scope
Enforcement
Accountability
Expanded definitions
Data subjects rights
Consent
Data breach notification
One-stop shop
International data transfers
General
Data
Protection
Regulation
Applies to players not established in the EU but whose activities consist of targeting data subjects in the EU
Data Protection Authorities will be entitled to impose fines ranging between 2% to 4% of annual turnover, or 10 – 20 million euros
Explicit obligation to the controller as well as the processor to be able to demonstrate their compliance to the GDPR
Personal data now might include location data, IP addresses, online and technology identifiers
Reinforced rights: Access, rectification, restriction, erasure, portability,objection to processing; no automated processing and profiling
Spelled out more clearly and focus on ability of individuals to distinguish a consent
Report a personal data breach to the Data Protection Authority within 72 hours
Data Protection Authorities (DPA) of main establishment can act as lead DPA, supervising processing activities throughout the EU
![Page 6: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/6.jpg)
Processing Inventory
Data
Management
Data
Transfers
Strategy
Policies &
procedures
Auditand Certification
Privacy by Design
Organisation and
Accountability
Communication,
Training, Awareness
Privacy Impact
Assessment
GDPR Transformation Programme
A best practice privacy programme distinguishes six main focus areas. This can help to formulate key objectives:
StrategyLayer 1
Organisation and accountabilityLayer 2
Policy, process & dataLayer 3
Culture, training & awarenessLayer 4
Privacy operations Layer 5
Processing inventoryLayer 6
![Page 7: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/7.jpg)
GDPR: Implementation Challenges ?
The GDPR presents a number of challenges:
Under Article 32 of the GDPR - Security of Processing – “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate”
![Page 8: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/8.jpg)
GDPR Alignment With Your Cyber Security Strategy
Data Breaches
Risk Based Approach
Security Best Practice
Identity & Protect Crown Jewels
Threat Landscape
Data Protection & Cyber Security Interconnected
Technology As An Enabler
GDPR & Cyber Security Alignment
Governance
Secure
Vigilant
Resilient
Maintaining Compliance After May
![Page 9: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/9.jpg)
Complying with the GDPR requires the management of privacy risks. Implementing industry leading tools can assist privacy governance, risk, and compliance management.
GDPR – Privacy Enabling Technologies
9
Sample of tool classification types:
Identity Access Management
Unstructured Data Management
Data Loss Prevention
Governance, Risk & Compliance Management
DPIA Automation & Management
Data Breach Management & Reporting
Reporting & Record Keeping
Anonymisation & Pseudonymisation
Vulnerability Management
eDiscovery
Monitoring – SIEM / SOC
Training & Awareness
1. Establish Governance
2. Define & Implement Controls & Processes
3. Define Requirements For Supporting Technologies
4. Discover Existing Tools That Satisfy
Requirements
5. Assess PET Vendors Based On Requirement
Gaps
Key elements to consider:
Before adopting and implementing privacy technology, companies should go through prerequisite steps
![Page 10: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/10.jpg)
Business-Focused Identity GovernanceThe Power of Identity
![Page 11: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/11.jpg)
11
![Page 12: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/12.jpg)
12
$158 is the
average cost per
lost or stolen
record
2016 Cost of Data Breach Study: Global Analysis -Ponemon Institute© Research Report
Do you know WHERE your
(Sensitive) data is?
Do you know WHO has access?
Is the access APPROPRIATE?
Can you PROVE it?
![Page 13: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/13.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 13
71%of staff have
access to data they should not see
Ponemon Institute Report
89%believe they are now at risk from
insider threat
IT Governance Report
1 in 7employees will sell their credentials for
$150
SailPoint Survey
80%of company data is held in unstructured
content
Forbes Report
![Page 14: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/14.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 14Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 14
Employee
Contractor
Vendor
Partner
![Page 15: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/15.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 15
SECURITY PARADIGMS HAVE SHIFTED
FROM NETWORK-CENTRIC…
Copyright © SailPoint Technologies, Inc. 2016 All rights reserved.
![Page 16: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/16.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 16
TO USER-CENTRIC
Copyright © SailPoint Technologies, Inc. 2016 All rights reserved.
![Page 17: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/17.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 17
Sanctions & litigation risk
• Fines: 4% of annual revenue or
€20m
• Breaches notified to regulator
within 72 hours
• Citizen compensation lawsuits
• Audit, Clean up, reputation
What is it?
• Homogenous Data privacy law
• All organizations processing EU
citizen data
• Live date May 2018
• Unstructured data in scope
• 28 PII conventions
Data Access Governance
• Privacy Policies
• Data Discovery
• Need to know basis access
• Retention Policies
• Breach detection & Disclosure
Governance & Compliance
• Data Protection Officers
• Data owner accountability
• Least privilege principle
• Breach disclosure
• Fine grained audit trails
GDPR Highlights
![Page 18: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/18.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 18
SailPoint’s Relevance to GDPR
Technology (15 Articles)People
(18 Articles)
Process
(66 Articles)
SailPoint Relevant (12 Articles)
Identity Governance
for Files
(11 Articles)
Identity Governance
for Applications(6 Articles)
80%
Coverage
![Page 19: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/19.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 19
40% International
Business
850+Customers and
Growing
IAM Market Leader
Gartner IGA MQ 2017, Continued Leader
Forrester IMG Wave 2016, Continued Leader
Kuppinger Cole IDaaS Compass 2017, Leader
Founded
in 2005
by IAM
veterans 95% Customer
Satisfaction
World’s
LARGESTDedicated Identity
& Access
Management
Vendor
![Page 20: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/20.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 20
Customers by Vertical
Insurance Manufacturing Energy/UtilitiesBanking/Financial Services Health/Pharma Other
![Page 21: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/21.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 21
Guaranteeing the Appropriateness of Access
Sustainable Identity
Governance
Process
FULFILLMENTProvisioning
Management
Identity Lifecycle
Management Process
VALIDATIONBehaviour,
Policy, Roles and
Risk Analysis
REQUESTBusiness Interface
Management
![Page 22: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/22.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 22
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Get Visibility
Authoritative
Sources
Applications
And Services
![Page 23: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/23.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 23
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Validate Current State
AnalyticsReporting
Access CertificationGovernance Insights
Get Clean
Authoritative
Sources
Applications
And Services
![Page 24: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/24.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 24
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Validate Current State
AnalyticsReporting
Access CertificationGovernance Insights
Define Desired State
Policy EnforcementBusiness Role Modelling
Risk AnalysisOwner Identification
Stay Clean
Authoritative
Sources
Applications
And Services
![Page 25: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/25.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 25
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Validate Current State
AnalyticsReporting
Access CertificationGovernance Insights
Define Desired State
Policy EnforcementBusiness Role Modelling
Risk AnalysisOwner Identification
Manage & Secure
Lifecycle ProcessesSelf-Service
Identity Context Distribution
Manage & Secure
Authoritative
Sources
Applications
And Services
![Page 26: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/26.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 26
Mainframes Databases
ApplicationsCRM/HR/
Financial
Applications & infrastructure
Identity Governance
Access
File storage systems
File servers Cloud storage
Collaboration
systems
NAS
SailPoint Vision: Comprehensive Governance
![Page 27: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/27.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 27
Identity Governance
File storage systems
File servers Cloud storage
Collaboration
systems
NAS
Mainframes Databases
ApplicationsCRM/HR/
Financial
Applications & infrastructure
Access
SailPoint Vision: Comprehensive Governance
![Page 28: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/28.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 28
SailPoint Identity+ Alliance Partnership
SailPoint Platform: The “Business” of Identity
Certification
& RemediationData
Classification
Role & Risk
Modeling
Analytics
& Reporting
Policy
EnforcementAutomated
Lifecycle EventsSelf-Service
Business Process
Management
Provisioning
Connectors
Aggregation & Provisioning Broker
Manual
Work
Items
Business
Functionality
Flexible
Change
Fulfillment
and
Data
Collection
Identity
Analytics
Change
Automation
Password
Management
Activity
Monitoring
Service Desk
Integration
Security/
GRC
Integration
Specialist
Integration
Mainframe
Provisioning
Integration
PUM
Integration
Unstructured
Data
Management
SailPoint Open Identity Platform
Mobile
Integration
![Page 29: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/29.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 29
Ground to Cloud Deployment Options
On Premise Public CloudManaged Service
SaaS
![Page 30: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/30.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 30
Azure AD Access Management + SailPoint
Access Certification
Access Request
Fine-grained & Life Cycle Provisioning
Compliance & Audit Reporting
Password Reset Extension
Policy-based Workflow & Approvals
Conditional Access and Multi-factor Authentication
Self-Service Password Reset
Single Sign-On
User and Group Management and Provisioning
B2B Collaboration
Risk-based Identity Protection
![Page 31: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/31.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 31
GovernanceWorkflow
Access
Provisioning
Provisioning
Modeling
Directory
• Groupm, Entitlementx
• Groupn, Entitlementy
• …
Azure Solution Architecture
End User
Change
Notification
Authentication
Cloud and On-Premises Applications
HR Application(Authoritative Source)
![Page 32: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/32.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 32Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 32
“By 2021, organizations with
complementary/integrated
IGA and DAG capabilities will
suffer 60% fewer data breaches.”
–Gartner (2017)
WHAT ARE ANALYSTS SAYING
![Page 33: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/33.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 33Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 33
Identity at the Center of Security
Security Incident &
Event Management
Data Loss
Prevention
Privileged User
Management
Data
Governance
IT Service
Management
Mobile Device
Management
Governance, Risk,
& Compliance
Applications &
Infrastructure
![Page 34: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/34.jpg)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 34
Beyond GDPR: Enterprise Identity Governance
Protect access to all applications and data – on-premises and in the cloud
Applications
& Systems
Data stored
in files
• Greater visibility into access risks
• Centralize all access to applications and data
• Reduced complexity by providing a consistent set of controls
Benefits
Access Request
Access Certification
Provisioning Workflow
Access Policies
User Risk-based Modeling
Password Management
Data Classification
Activity Monitoring
Permission Analysis
![Page 35: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/35.jpg)
Thank You
![Page 36: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/36.jpg)
The Privileged Pathway…
…to Critical Data
David Higgins, Director of Customer Development, EMEA
![Page 37: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/37.jpg)
37
Agenda
• The Human Element
External:
• The Privileged Pathway
• Isolating the Attack
Internal:
• The forgotten Data Access Vector
![Page 38: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/38.jpg)
38
PROTECT ACCESS to sensitive personal data
Detect and RESPOND RAPIDLY to breaches early in the attack lifecycle
ASSESS RISK and test the effectiveness of data protection processes
DEMONSTRATE COMPLIANCE and prove you have the necessary security controls in place
Data protection by design and by default
Security of processing
Notification of a personal data breach
Data protection impact assessment
Protection from non-compliance
Article 25
Article 32 (2)
Article 33
Article 35
Article 82
Key GDPR Requirements and Privileged Security
![Page 39: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/39.jpg)
39
CyberArk: Proactive Protection, Detection & Response
PROTECT
ACCESS
Secure the privileged pathway
and privileged access to systems
containing personal data
RESPOND
RAPIDLY
Monitor, detect, alert, and respond to high-risk activity
and enable security teams to
stop attackers before they can access personal
data
DEMONSTRATE
COMPLIANCE
Have the operational
controls to prove compliance and protect yourself from litigation
ASSESS RISK
Improve your security posture by identifying all privileged user and application accounts and
conduct penetration
testing to ensure the right security
controls are in place
![Page 40: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/40.jpg)
40
External
![Page 41: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/41.jpg)
41
ENDPOINT INFRASTRUCTURE DATA LOCATION
Data Breach – Attackers: The Privileged Pathway
![Page 42: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/42.jpg)
42
The Starting Position
Because many existing implementations of Active Directory Domain Services have been operating for years at risk of credential theft,
organisations should assume breach and consider the very
real possibility that they may have an undetected compromise of domain or enterprise administrator credentials
—MICROSOFT,“MITIGATING PASS-THE-HASH AND OTHERCREDENTIAL THEFT, VERSION 2,” 2014
…doesn’t matter how much you train and educate your users…
![Page 43: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/43.jpg)
43
![Page 44: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/44.jpg)
44
PAS Hygiene Program Goals
Step 1 Focus first on eliminating irreversible network takeover attacks (e.g., Kerberos Golden Ticket).
Step 2 Control & secure infrastructure backdoor accounts.
Step 3 Limit lateral movement.
Step 4 Protect 3rd party privileged accounts.
Step 5 Manage SSH keys on critical Unix servers.
Step 6 Defend cloud & DevOps backdoors.
Step 7 Secure shared IDs for business users (integrate and accelerate adoption of MFA).
![Page 45: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/45.jpg)
45
Step 1: Irreversible Network Takeover Attacks
ENDPOINT
Kerberos Attack Detection
Manage Domain Admin and Enterprise Admin Credentials
Enforce Tiered Account Model
Enforce Application Control on Domain Controllers
Session Isolation
INFRASTRUCTURE DOMAIN CONTROLLERS
1
![Page 46: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/46.jpg)
46
Step Two: Control & Secure Infrastructure and End Point
Well-known Infrastructure Accounts
ENDPOINT
Manage Local Administrator Accounts on Windows
Manage Root Accounts on UNIX/Linux Kerberos Attack Detection
Manage Domain Admin and Enterprise Admin Credentials
Enforce Tiered Account Model
Enforce Application Control on Domain Controllers
Session Isolation
INFRASTRUCTURE DOMAIN CONTROLLERS
Session Isolation
Manage Local Administrator Accounts
2
![Page 47: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/47.jpg)
47
Step Three: Limit Lateral Movement
ENDPOINT
Manage Local Administrator Accounts on Windows
Manage Root Accounts on UNIX/Linux Kerberos Attack Detection
Manage Domain Admin and Enterprise Admin Credentials
Enforce Tiered Account Model
Enforce Application Control on Domain Controllers
Session Isolation
INFRASTRUCTURE DOMAIN CONTROLLERS
Session Isolation
Manage Local Administrator Accounts
3
Manage 3rd Party Application Accounts
Application Control
Least Privilege
Block Credential Theft
![Page 48: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/48.jpg)
48
Secure the Eco-System
Cᵌ Alliance
Authentication
IT Service
Management
(ITSM)
Malware
Analytics
IAMSIEM
Monitoring &
Discover
Threat
Response
Authentication
HSMDirectory
Services
Validated
Secured
Solutions
Secure &
Manage COTS
App Cred.
![Page 49: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/49.jpg)
49
Internal
![Page 50: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/50.jpg)
50
FILE
SHARES
Data Access – Infra Admins: The Forgotten Vector
APPLICATION
DATABASE
OPERATING SYSTEM
Applic
atio
n E
nviro
nm
ent
Application User
DBA Access
Infrastructure Admin Access
STORAGE
Business
User
IT Admins
3RD
PARTY
![Page 51: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/51.jpg)
51
Session Management for Critical Assets / Accounts
Privileged User
ITSM
IAM
HSM
MFA
SIEMNative Support for RDP and SSH Based
Clients
![Page 52: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/52.jpg)
52
Identifying Key Risks – Lateral Movement
![Page 53: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/53.jpg)
53
Identifying Key Risks – Domain Compromise
![Page 54: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/54.jpg)
Get Your Head in the Cloud A Practical Model for Enterprise Cloud Security
![Page 55: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/55.jpg)
Technology Considerations for the GDPR
Know your Personal data
Process Data Lawfully
Embed privacy
Protect Personal Data
PROTECT PERSONAL INFORMATION THROUGH ITS LIFECYCLE
![Page 56: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/56.jpg)
Copyright © 2016 Symantec Corporation56
![Page 57: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/57.jpg)
Copyright © 2016 Symantec Corporation57
What is the one word you need to be wary of when talking about the cloud
![Page 58: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/58.jpg)
Copyright © 2016 Symantec Corporation58
CONTROL
![Page 59: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/59.jpg)
Copyright © 2016 Symantec Corporation59
All the benefits you receive from moving to the cloud: agility, elasticity, and low cost are received by giving up…
![Page 60: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/60.jpg)
Copyright © 2016 Symantec Corporation60
CONTROL
![Page 61: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/61.jpg)
Copyright © 2016 Symantec Corporation61
All the challenges you face in the cloud: security, compliance, data residency, data privacy and management are rooted in your lack of…
![Page 62: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/62.jpg)
Copyright © 2016 Symantec Corporation62
CONTROL
![Page 63: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/63.jpg)
Copyright © 2016 Symantec Corporation63
The only reason you have not moved your critical workloads to the cloud is because you cannot afford to give up…
![Page 64: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/64.jpg)
Copyright © 2016 Symantec Corporation64
CONTROL
![Page 65: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/65.jpg)
Copyright © 2016 Symantec Corporation65
CONTROLHow do you give it away and keep it at the same time?
![Page 66: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/66.jpg)
Copyright © 2016 Symantec Corporation66
This is your enterprise – your realm of complete
CONTROL
![Page 67: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/67.jpg)
Copyright © 2016 Symantec Corporation67
Before the cloud, you held your infrastructure and applications safe within its walls
---------------
![Page 68: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/68.jpg)
Copyright © 2016 Symantec Corporation68
Then the cloud happened…
---------------
![Page 69: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/69.jpg)
Copyright © 2016 Symantec Corporation69
…your infrastructure started moving over
---------------
CONTROLand you lost some
![Page 70: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/70.jpg)
Copyright © 2016 Symantec Corporation70
---------------
…your applications started moving over too---------------
![Page 71: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/71.jpg)
Copyright © 2016 Symantec Corporation71
---------------
---------------
CONTROLand you lost more
![Page 72: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/72.jpg)
Copyright © 2016 Symantec Corporation72
---------------
---------------
Additionally… cloud endpoint, mobile, BYOD, have all spiraled…
![Page 73: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/73.jpg)
Copyright © 2016 Symantec Corporation73
---------------
---------------
CONTROLout of your
![Page 74: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/74.jpg)
Enterprise Perimeter Regional Office
HomeOffice
CoffeeShop
Mobile IoTPersonal
IoTHome
Cars Aircraft
![Page 75: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/75.jpg)
Copyright © 2016 Symantec Corporation75
CONTROLHow do we regain it?
![Page 76: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/76.jpg)
Copyright © 2016 Symantec Corporation76
---------------
WE NEED A NEW CONTROL POINT
![Page 77: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/77.jpg)
ProtectingInfrastructureCloud Workload
Protection
![Page 78: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/78.jpg)
Copyright © 2016 Symantec Corporation78
Does it really matter, isn’t Amazon (or Microsoft) providing all the security I need ?
Let’s have a quick look under the covers
![Page 79: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/79.jpg)
AWS “Shared Security Model”
Customer Data
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Client Side Data Encryption & Data Integrity Authentication
Server Side Encryption (File system and/or Data)
Network Traffic Protection (Encryption, Integrity, Identity)
Compute Storage Database Networking
Regions
Availability/ZonesEdge Locations
AWS Global Infrastructure
Wo
rklo
ads
Infr
astr
uct
ure
Customer
Who is Responsible?What needs to be Protected?Where?
Security Services includeIAM, MFA, CloudWatch, VPC
CloudTrails, AWS Config,Inspector, Other…
![Page 80: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/80.jpg)
Key Customer Challenges for Security in Public IaaS Cloud
Copyright © 2015 Symantec Corporation80
Shared Responsibility Model For Security in Public Cloud
Physical Infrastruct
ure
AppsDataOS
AWS/Azure responsible for Security
Customer responsible for Security
1
Loss of Control: New network paradigm still requires security with new tools • How can I detect and eliminate rogue instances in Security Implementations?• My old tools do not work as there are no SPAN/TAP ports for Network • How do I ensure AV is deployed and applications are segmented to be compliant?
Loss of Visibility: Infrastructure deployment leaves a blind spot in security• What instances are running? What is deployed on them?• What Regions, VPC, Subnets are they part of?• What if there is a known vulnerability? Should they be In Scope for compliance
Cloud Native Delivery: Need efficient deployment • How can I deploy security technology at cloud speed? • How can I detect my infrastructure scale out and ensure that security is in lock step?
Risk & Compliance: Need Security monitoring to meet compliance• Gain insight into the potential known and unknown vulnerability exploits on the software
deployed in you AWS/Azure accounts• Prioritize & Remediate with ample network and asset context
1-2 server releases per
year
6 servers releases per
minute
15,000%increase
100 servers per admin
500 servers per admin
5X increase
Speed and Agility in Public Cloud
Bolted-onBuilt into the
process
Private Cloud Public Cloud
2
Pain Points articulated in customer validation
![Page 81: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/81.jpg)
Cloud Workload Protection – The IaaS Control Point
81
Instances in auto-scaling group with policies applied
Complete instance mapping with real-time protection status
Automatic policy recommendations
Continuous Visibility Across Cloud Workloads
![Page 82: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/82.jpg)
Cloud Workload Protection – The IaaS Control Point
82
Identify potential threats and apply security policies in the same view
RT-FIM
Application Isolation & OS HardeningUser & Process Behavioral Analysis
![Page 83: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/83.jpg)
Cloud Workload Protection – The IaaS Control Point
83
Agent Not Installed
Policy Not Applied
Protected
Discover and view security postures of workloads wherever they are
Shut down rogue instances to reduce attack surfaced
Global Security Dashboard With Drill-Down Capability
![Page 84: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/84.jpg)
ProtectingInformation
![Page 85: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/85.jpg)
Cloud Data Protection & Shadow IT Discovery
Encryption & TokenizationCloud Compliance
Cloud Investigations
Cloud Incident Response & Investigation
Cloud DLP
Enforcing Cloud Policy & Remediation
Cloud Malware DetectionCloud IAM & User Analytics
Extending cyber controls and processes to the cloud
Proxy
CASB Gateway
Events
OutsidePerimeter
EnterprisePerimeter
Cloud API
![Page 86: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/86.jpg)
Extending cyber controls and processes to the cloud
Cloud Data Protection & Shadow IT Discovery
TokenizationCloud Compliance
Cloud Investigations
Cloud Incident Response & Investigation
Cloud DLP
Enforcing Cloud Policy & Remediation
Cloud Malware DetectionCloud IAM & User AnalyticsCASB Gateway
Events
OutsidePerimeter
EnterprisePerimeter
Proxy
Cloud API
![Page 87: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/87.jpg)
DLP Enforce
Endpoint
Web Gateway
Threat Intelligence
Data Protection Sources
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User Analytics Cloud Compliance Cloud Incident Response & Investigation
Enforcing Cloud Policy & Remediation
![Page 88: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/88.jpg)
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User Analytics Cloud Compliance Cloud Incident Response & Investigation
DLP Enforce Management Server
On-premisesDLP Detection
Enforcing Cloud Policy & Remediation
![Page 89: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/89.jpg)
On-premisesDLP Detection
DLP Enforce Management ServerNew Challenges
26% of Cloud Docs are Broadly Shared1
Proliferation of Cloud Apps
Shadow Data Problem
Compromised Accounts
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
![Page 90: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/90.jpg)
Extending DLP into cloud applications
Apply Existing DLP Policies to Cloud
Leverage existing DLP Workflow
Gain Full CASB Functionality• Inline Blocking and Offline
Remediation• Shadow IT Analysis• User Behavior Analytics
Extend DLP to Cloud Apps
On-premisesDLP Detection
DLP Enforce Management Server
Shadow IT Discovery & Controls
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response &Investigation
![Page 91: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/91.jpg)
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
![Page 92: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/92.jpg)
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
![Page 93: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/93.jpg)
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
![Page 94: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/94.jpg)
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
![Page 95: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/95.jpg)
Enterprise Perimeter Regional Office
HomeOffice
CoffeeShop
Mobile IoTPersonal
IoTHome
Cars Drones
![Page 96: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/96.jpg)
External and public content exposures, including compliance risks
Inbound risky content shared with employees (e.g., malware, IP)
Risky users and user activities
Where to start ? Understand what’s important to your business and where it isComplete a Shadow Data Risk Assessment
![Page 97: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/97.jpg)
Copyright © 2016 Symantec Corporation97
There is only one word you need to know when talking about the cloud
![Page 98: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/98.jpg)
Copyright © 2016 Symantec Corporation98
CONTROL
![Page 99: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/99.jpg)
Copyright © 2016 Symantec Corporation99
Bring all that control together
![Page 100: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/100.jpg)
Copyright © 2016 Symantec Corporation100
… to give comprehensive information security with
![Page 101: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/101.jpg)
GDPR – Privacy Enhancing
Technologies
Panel Discussion – Q&A
30 minutes
![Page 102: GDPR and Privacy Enhancing Technologies Shane McEntagart ... · global turnover 72 Hours given to report a data breach 7 Core individual rights afforded under the GDPR ... Identity](https://reader033.vdocument.in/reader033/viewer/2022060321/5f0d37cc7e708231d4394103/html5/thumbnails/102.jpg)
This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street Square, London, EC4A 3BZ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NWE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2017 Deloitte LLP. All rights reserved.