LANE SCRIPT:
As many of you are aware enterprise IT organizations are facing disruptive trends, driven by users and business units adopting their own mobile devices, cloud applications and social networks to increase productivity and ease of use. This Shadow IT trend creates visibility gaps for IT and introduces unknown risks including the breach of sensitive data that resides on a device, is moved to a cloud application or shared via social networks without IT ‘s knowledge. The bottom line is organizations can’t manage and protect what they can’t see.
Key concerns enterprises have when discussing Shadow IT are:
- Seeing user activity across cloud applications
- Measuring the risk profile of cloud applications
- Understanding what factors make cloud applications risky
- Converting user activity and cloud risk factors into actionable intelligence
LANE SCRIPT:
And as business applications and infrastructure services move outside the enterprise the ability for IT to understand potential risks and maintain visibility narrows.
LANE SCRIPT:
Let’s review the some basic steps your organization can take to increase cloud application visibility and lower the risk of data loss.
LANE SCRIPT:
Challenge
New cloud accounts are easy for users to activate so, the first step for any enterprise is to inventory the all cloud applications in use, approved and unapproved, and the level of user activity. This process requires the analysis of sensitive log data from multiple devices and device types – enterprises are correctly concerned about handing over logs to a cloud provider for analysis and want to maintain the security of these logs at all times. In addition, enterprises require a mechanism to quickly block access to the highest risk clouds when they are identified.
Solution
CipherCloud deploys on-site so sensitive log data never leaves the enterprise. Log data from multiple log sources and formats are aggregated to ensure a complete picture of all the cloud applications in use from inside and outside the organization. And the log scans can be scheduled to continuously analyze and track new clouds and activity patterns.
LANE SCRIPT:
Challenge
A logical next step after generating a cloud application inventory is to understand and compare risk scores and the factors that contribute to a high risk score to support cloud application consolidation. For example, IT organizations need to help their business counterparts understand which cloud storage applications are risky and which low risk cloud storage applications can be approved for use. They also need to adjust risk weightings and risk thresholds that define high, medium and low risk to match their own risk tolerance and the requirements for their industry.
Solution
The CipherCloud approach makes it easy for IT and business staff to compare cloud application risk. Our discovery capabilities incorporate CloudSource, a knowledgebase with thousands of cloud applications measuring security, privacy, environment and compliance and other risk factors. The knowledgebase supports standards including Cloud Security Alliance CCM, TRUSTe and PCI. Enterprises can align the risk profiling to their needs by adjusting risk factor weightings and change risk thresholds to match their own definition of high, medium and low risk.
Our platform provides granular drill-down dashboards for analytics and reporting that enables enterprises to see which clouds, users, groups and time periods they need to focus on to reduce risk and demonstrate compliance. In addition, our dedicated staff of cloud security and privacy experts use proven research methods to ensure that new cloud risk information is constantly enhancing the knowledge base.
LANE SCRIPT:
Challenge
Once cloud applications are discovered organizations need to protect the sensitive data in their approved cloud applications. These requirements include compliance scanning, DLP and monitoring user activity for anomalous behavior.
Solution
The CipherCloud platform supports a complete lifecycle for discovery, protection and monitoring of cloud applications and data. Our platform provides cloud application visibility, risk intelligence, user activity monitoring, compliance scanning and DLP for structured and unstructured data across multiple clouds. In addition, CipherCloud is the leader in cloud encryption and tokenization.
Here’s a functional view of the elements of the CipherCloud platform we covered today. Discovery, DLP , and Monitoring capabilities are all delivered on a high-performance, highly scalable platform. CipherCloud provides and open framework that integrates seamlessly with network infrastructure including SSO, and corporate DLP systems.
CipherCloud provides a complete platform for cloud visibility and data protection, built around three key terms – Discover, Protect, and Monitor. Within these areas we provide cloud application discovery, cloud data loss prevention, strong searchable encryption, tokenization, activity monitoring and anomaly detection.
Here is a high-level overview of CipherCloud. We are rapidly growing company – going from 100 to almost 500 employees in less than 2 years. Our customer success has been significant with well over 100 enterprises using our solutions in more than 13 industries, in 25 countries.
Key to our success has been tight integration with a growing list of major cloud applications including Salesforce, Force.com, Chatter, Box, ServiceNow, Office 365, and more.
The rapid growth is based on enabling the cloud for many of the world’s top enterprises, including 5 out of 10 top US banks, 3 out of 5 top healthcare providers, top telco, pharmaceuticals, media and government customers.