Cloud Visibility & Cloud Data Loss Prevention Approaches
•Transferir como PPTX, PDF•
0 gostou•1,028 visualizações
This presentation covers CipherCloud for Cloud Discovery including application visibility, cloud application risk rating and risk intelligence.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Cloud Visibility & Cloud Data Loss Prevention Approaches
Semelhante a Cloud Visibility & Cloud Data Loss Prevention Approaches (20)
Mais de CipherCloud
Mais de CipherCloud (8)
Último
Último (20)
Cloud Visibility & Cloud Data Loss Prevention Approaches
- 1. © 2015 CipherCloud | All rights reserved. 1© 2014 CipherCloud | All rights reserved. © 2015 CipherCloud | All rights reserved CloudVisibility and Data Loss Prevention Steps tomanagingShadowITandlowering theriskofdata lossinthecloud
- 2. © 2015 CipherCloud | All rights reserved. 2 Agenda Trends and Challenges • Mobile, Cloud, Social • Novisibility, unknown risks Cloud Visibility and DLP Steps ① Cloud application inventory • Block risky clouds ② Cloud application consolidation • Using cloud security risk scoring and intelligence ③ Compliance scanning and monitoring • Proactive data discovery in sanctioned clouds Solution Overview About CipherCloud
- 3. © 2015 CipherCloud | All rights reserved. 3 Trends and Challenges
- 4. © 2015 CipherCloud | All rights reserved. 4 IT must play catch-up with users and business lines “bring your own” trend Seeing user activity across cloudapplications Measuring therisk profile of cloud applications Understandingwhat factors make cloud applicationsrisky Converting user activityand cloud risk factors into actionableintelligence TrendsTransforming Enterprises Mobile Cloud Social 90% use public networks for work access 100+ cloud apps per enterprise 15+ passwords per employee Key concerns 50% of Users BYOD 67% LOB Sanction BYOA 75% of Users want to BYOI
- 5. © 2015 CipherCloud | All rights reserved. 5© 2015 CipherCloud | All rights reserved.5 Apps and People on the Move = NoVisibility,Unknown Risks ? ?User adopted and mission critical applications increasingly reside outside the enterprise narrowing visibility and introducing unknown cloud computing risks On-site applications IT Staff 4 Home-based Users SaaS Mobile Users IaaS/PaaS
- 6. © 2015 CipherCloud | All rights reserved. 6 CloudVisibility and DLP Approaches
- 7. © 2015 CipherCloud | All rights reserved. 7© 2015 CipherCloud | All rights reserved.7 Step 1:CloudApplication Inventory Challenge • Easy forusers to adopt multiple cloud applications • IT can’tsee whois doing what What applications are used? How many usersaccess each app? What is the level of activity? • Maintain security of sensitive logs • Block high risk clouds • Aggregates log analysis across all locations and devices Multiple log formatsfrom multiple sources Continuous and automated scheduling of log scans • Logsfiles never leave enterprise • Discovers all cloud applications • Tracks relevant user and activity patterns • Generate blocking scripts CipherCloud Approach
- 8. © 2015 CipherCloud | All rights reserved. 8© 2015 CipherCloud | All rights reserved.8 Step 2:CloudApplicationConsolidation Challenge • Measure and compare cloud application risk Acrossall cloud applications and application categories Content sharing, collaboration, CRM, IT Infrastructure etc. • Establish cloud security risk metrics suitable foryour industry and governance policy • Consolidate users onto low risk clouds • Dashboards enables aggregate analysis • Accurate risk scores forthousands of applications • Transparent, standards aligned methodology • Supports cloud app selection, consolidation • Adjust risk weightings forspecific risk factors across: Security Privacy Environment Compliance CipherCloud Approach
- 9. © 2015 CipherCloud | All rights reserved. 9© 2015 CipherCloud | All rights reserved.9 Step 3:ComplianceScanning and Monitoring Challenge • Limited visibility into data flows, sharing • Policy violations • Noconsistent monitoring of user activity • Corporate Data Loss Prevention controls don’t address cloud data • Preserve user experience • Oneplatform across apps forcloud DLP, UAM and anomaly detection
- 10. © 2015 CipherCloud | All rights reserved. 10© 2015 CipherCloud | All rights reserved.10 CipherCloudApproach • Proactive data discovery for multiple clouds • Scanning forcloud data compliance violations • Notify, Delete, Quarantine or Encrypt • Granular visibility into all user activity Tracking of all object types, users,IPs, files • Integration with corporate Data Loss Prevention • Flexible anomaly detection Alerts on unusual behavior Thresholds for downloads, logins, work hours and more • Intuitive dashboards with easy drill-down • Works seamlessly in background
- 11. © 2015 CipherCloud | All rights reserved. 11 SolutionOverview
- 12. © 2015 CipherCloud | All rights reserved. 12 CloudStorage andCollaboration – Highlights Datalossprevention(DLP)tailoredforfilesharingplatforms • ConfigurableDLPpolicycontrols • Flexiblerangeofenforcementactions • IntegrateswithenterpriseDLPsystems CloudMalwareprotection • Scantriggeredonuploads,deletesinfectedfiles Seamlessintegration • Noimpactonusabilityorfeatures • Scanninghappensseamlesslyinthebackground • Workswithalldesktop&mobileclients Real-timeandon-demand scanning • Allowsforeasyon-boarding, orperiodic scanningofspecificfolders CloudDataProtection • Policybasedencryptionwithcustomermanagedkeys Detailed,granularreporting • Configurabledashboards • Easydrill-downonusers,content,andpolicyviolations
- 13. © 2015 CipherCloud | All rights reserved. 13 CRM – Highlights Proactive discovery of sensitive data • On-demand queries for any organization • Understands all types of objects and data in CRM Extends corporate policies to the cloud • Built-in scanning engine with advanced policies for HIPAA/HITECH, GLBA,PCI,ABA,SWIFT,NDC codes • Integrates with enterprise DLP systemsincluding Symantec and RSA Advanced controls with intuitive dashboards • Easyconfiguration of policies • Comprehensive dashboard views of all scans • Direct drill-down to violation sources in CRM • Exportable data in multiple formats
- 14. © 2015 CipherCloud | All rights reserved. 14© 2015 CipherCloud | All rights reserved.14 CipherCloud PlatformArchitecture CloudDiscovery,ComplianceScanningandUserActivityMonitoring HTTPS Enterprise Boundary Detailed Usage Analytics - Dashboards and Reports Discover and Monitor Unified Management and Visibility ManagementReportingDashboards Cloud Discovery (FW, Web Proxy) User Activity Monitoring Browser CipherCloud Discovery, UAM and DLP Platform Scalable, Big Data Infrastructure Web Proxy Mobile Users and Devices Internal Users Cloud Apps CloudSource™ Knowledge Base Compliance Scanning/DLP Unified Policy and Administration Risk Profiling & Scoring Anomaly Detection Policy Enforcement Measure, Detect and Enforce CipherCloud Risk Intelligence Lab™ Opt. External DLP (via ICAP)
- 15. © 2015 CipherCloud | All rights reserved. 15 HowCipherCloud is Different The only vendor to put it all together • Cloud Application and Data Discovery, Protection, DLP, Monitoring and Anomaly Detection Technology leader in cloud encryption and tokenization • Multiple patents including Searchable Strong Encryption Seamless integration for major cloud applications • Transparent to users, preservers functionality Market leader in an important new space • 100+customers in banking, financial services, healthcare, pharma, hi-tech • Far more customers than all other vendors – combined
- 16. © 2015 CipherCloud | All rights reserved. 16 सঘसळઑগथଏथఒਅਮ ਏইঋ ਏইঋਮદਮ सਅঋ ણयধતટਝઅस ଚଥগਹ ਇय ਏইঋअਪरਙਮউਮ થઍमণଳअঋଆଡ. सਝयধતଥकઅ ਏইঋसਝఊર ଛઅগ agencies are want to do, is remaining tight lipped about its efforts, but considering the far flung and CIA and its control operatives ComprehensiveCloud Information Protection PROTECT
- 17. © 2015 CipherCloud | All rights reserved. 17 500+ Employees Company 3.0+ Million Active Users 13 Industries 25 Countries 7 Languages P 13 Patents AboutCipherCloud Solutions Cloud Discovery Cloud DLP Strong Encryption Tokenization Activity Monitoring Anomaly Detection Customers 5 out of 10 Top US Banks 3 out of 5 Top Health Providers Top 2 Global Telecomm Company 40% of Global Mail Delivery Largest US Media Company 3 out of 5 Top Pharmaceuticals
- 18. © 2015 CipherCloud | All rights reserved. 18 More Information Watch this On-demand Webinar : http://pages.ciphercloud.com/Webinar2015-02- 05PracticalApproachestoCloudVisibilityandDataLossPrevention _OnDemand.html?Slideshare For additional information : • Website: www.ciphercloud.com • Twitter: @ciphercloud • Email: info@ciphercloud.com • LinkedIn: www.linkedin.com/company/ciphercloud • Phone: +1 855-5CIPHER David Berman Cloud Discovery and DLP dberman@ciphercloud.com Twitter: @berman_david Cloud Adoption and Risk Report 2014 North American and European Trends
Notas do Editor
- LANE SCRIPT:
- LANE SCRIPT: As many of you are aware enterprise IT organizations are facing disruptive trends, driven by users and business units adopting their own mobile devices, cloud applications and social networks to increase productivity and ease of use. This Shadow IT trend creates visibility gaps for IT and introduces unknown risks including the breach of sensitive data that resides on a device, is moved to a cloud application or shared via social networks without IT ‘s knowledge. The bottom line is organizations can’t manage and protect what they can’t see. Key concerns enterprises have when discussing Shadow IT are: - Seeing user activity across cloud applications - Measuring the risk profile of cloud applications - Understanding what factors make cloud applications risky - Converting user activity and cloud risk factors into actionable intelligence
- LANE SCRIPT: And as business applications and infrastructure services move outside the enterprise the ability for IT to understand potential risks and maintain visibility narrows.
- LANE SCRIPT: Let’s review the some basic steps your organization can take to increase cloud application visibility and lower the risk of data loss.
- LANE SCRIPT: Challenge New cloud accounts are easy for users to activate so, the first step for any enterprise is to inventory the all cloud applications in use, approved and unapproved, and the level of user activity. This process requires the analysis of sensitive log data from multiple devices and device types – enterprises are correctly concerned about handing over logs to a cloud provider for analysis and want to maintain the security of these logs at all times. In addition, enterprises require a mechanism to quickly block access to the highest risk clouds when they are identified. Solution CipherCloud deploys on-site so sensitive log data never leaves the enterprise. Log data from multiple log sources and formats are aggregated to ensure a complete picture of all the cloud applications in use from inside and outside the organization. And the log scans can be scheduled to continuously analyze and track new clouds and activity patterns.
- LANE SCRIPT: Challenge A logical next step after generating a cloud application inventory is to understand and compare risk scores and the factors that contribute to a high risk score to support cloud application consolidation. For example, IT organizations need to help their business counterparts understand which cloud storage applications are risky and which low risk cloud storage applications can be approved for use. They also need to adjust risk weightings and risk thresholds that define high, medium and low risk to match their own risk tolerance and the requirements for their industry. Solution The CipherCloud approach makes it easy for IT and business staff to compare cloud application risk. Our discovery capabilities incorporate CloudSource, a knowledgebase with thousands of cloud applications measuring security, privacy, environment and compliance and other risk factors. The knowledgebase supports standards including Cloud Security Alliance CCM, TRUSTe and PCI. Enterprises can align the risk profiling to their needs by adjusting risk factor weightings and change risk thresholds to match their own definition of high, medium and low risk. Our platform provides granular drill-down dashboards for analytics and reporting that enables enterprises to see which clouds, users, groups and time periods they need to focus on to reduce risk and demonstrate compliance. In addition, our dedicated staff of cloud security and privacy experts use proven research methods to ensure that new cloud risk information is constantly enhancing the knowledge base.
- LANE SCRIPT: Challenge Once cloud applications are discovered organizations need to protect the sensitive data in their approved cloud applications. These requirements include compliance scanning, DLP and monitoring user activity for anomalous behavior. Solution The CipherCloud platform supports a complete lifecycle for discovery, protection and monitoring of cloud applications and data. Our platform provides cloud application visibility, risk intelligence, user activity monitoring, compliance scanning and DLP for structured and unstructured data across multiple clouds. In addition, CipherCloud is the leader in cloud encryption and tokenization.
- Here’s a functional view of the elements of the CipherCloud platform we covered today. Discovery, DLP , and Monitoring capabilities are all delivered on a high-performance, highly scalable platform. CipherCloud provides and open framework that integrates seamlessly with network infrastructure including SSO, and corporate DLP systems.
- CipherCloud provides a complete platform for cloud visibility and data protection, built around three key terms – Discover, Protect, and Monitor. Within these areas we provide cloud application discovery, cloud data loss prevention, strong searchable encryption, tokenization, activity monitoring and anomaly detection.
- Here is a high-level overview of CipherCloud. We are rapidly growing company – going from 100 to almost 500 employees in less than 2 years. Our customer success has been significant with well over 100 enterprises using our solutions in more than 13 industries, in 25 countries. Key to our success has been tight integration with a growing list of major cloud applications including Salesforce, Force.com, Chatter, Box, ServiceNow, Office 365, and more. The rapid growth is based on enabling the cloud for many of the world’s top enterprises, including 5 out of 10 top US banks, 3 out of 5 top healthcare providers, top telco, pharmaceuticals, media and government customers.