making the cloud rock: 5 strategies from a leading ciso
DESCRIPTION
Recently featured as a “Chief Enablement Officer” by SC Magazine, Arthur Lessard, CISO of Universal Music Group, makes cloud a strategic advantage for UMG while solving some of today’s most complex security challenges. Arthur, along with Sanjay Beri, CEO of Netskope, Ben Haines, CIO of Box, and David Baker, CSO of Okta, discussed in a webinar the top 5 strategies leading IT and security professionals rely on to safely adopt – and get the most out of – cloud technologies. View the slides and the on-demand video to learn to: - Map cloud services to business objectives - Discover and triage Shadow IT - Choose and standardize on your existing cloud applications - Make your business stakeholders security championsTRANSCRIPT
![Page 1: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/1.jpg)
![Page 2: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/2.jpg)
2
![Page 3: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/3.jpg)
3
Five things you can do
right now
![Page 4: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/4.jpg)
4
1. KNOW WHAT YOU’RE
DEALING WITH
![Page 5: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/5.jpg)
Perform periodic security reviews
5
Your Risk Rating
HIGH
Number of Apps
Discovered
461
Number of Users
Discovered
8,062
% Apps Rated
“Medium” or Below
85%
% Usage in “Med” or
Below Apps
79%
% Data Uploaded to
“Med” or Below Apps
69%
% of High
Risk Users
53%
% Usage in Apps
Blocked at Perim.
78%
Number of High
Risk Apps
288
(Sample data set)
![Page 6: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/6.jpg)
6
URL URL URL
URL
URL
App
URL
URL
URL
![Page 7: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/7.jpg)
2. Understand your
business and strategy
7
![Page 8: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/8.jpg)
8
Understand use cases: what the business is doing and WHY
![Page 9: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/9.jpg)
9
Best practice
• User-First vs. Tech-First
• Productivity vs. Cost Efficiency
• Easy to Share vs. Locked Down
• Open Standards vs. Proprietary
• IT Enables vs. IT Dictates
![Page 10: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/10.jpg)
10
We take possession of it… we’re
responsible for it.
![Page 11: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/11.jpg)
11
Accounting for
“Home from Work”
![Page 12: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/12.jpg)
12
3. Quantify and advise on
the business risk
![Page 13: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/13.jpg)
1st Party Cloud Services
LDAP
Sign In
Username
Password
3rd Party Cloud Apps
3rd Party On-Premises Apps
Authentication / Authorization
SAM
L-En
able
3rd Party Identity Stores
Enterprise Identity Providers
HOSTED/CLOUD SERVICE
User Management
MANAGEDAPP INTEGRATIONS (SPs)
FLEXIBILEAUTHENTICATION METHODS
Organization Management
3rd Party Identity Sources
Individuals
Social ID / OpenID
1st Party Apps
Enterprise /VPC
How can Security weigh-in with real risks?
EVERYTHING AS A SERVICE
![Page 14: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/14.jpg)
14
Best practice
• Allow download from cloud storage with basic security
• Only allow upload/share from sanctioned app(s)
![Page 15: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/15.jpg)
15
4. Take the heat out
of the discussion
![Page 16: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/16.jpg)
16
Have a line of
business partner.
For
UMG,
it’s the
CFO
![Page 17: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/17.jpg)
17
5. Systematically
measure and share
![Page 18: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/18.jpg)
18
• Know where the content is sitting and who’s accessing
• Great access hygiene
• Forensics and logging data
• Clear definition of good and bad behavior
• Reporting
• Clear escalation process
![Page 19: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/19.jpg)
19
The stage is set
1. Know what you’re dealing with
2. Lean forward into your business strategy
3. Quantify and advise on the business risk
4. Take the heat out of the discussion
5. Systematically measure and share
![Page 20: Making the Cloud Rock: 5 Strategies from a Leading CISO](https://reader034.vdocument.in/reader034/viewer/2022052623/559dfd161a28ab6b098b4669/html5/thumbnails/20.jpg)
Thank You
20