O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Windstream Cloud Security Checklist

233 visualizações

Publicada em

Checklist created for Windstream highlighting the importance of cloud security and how to keep your data protected.

Publicada em: Marketing
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Windstream Cloud Security Checklist

  1. 1. KEEPING THREATS AT BAY “A secure storage solution is one that reliably stores data and allows authorized users to quickly access that data, while also preventing those unauthorized from doing so...Ultimately, the solution must protect the confidentiality, integrity, and availability of all data.”1 - Leviathan Security Group 1 Leviathan Security Group, “Value of Cloud Security: Vulnerability” 2 OECD, Economic oUtlook No. 95, May 2014, eMarketer, Smartphone Users Worldwide will Total 1.75 Billion in 2014, January 16, 2014; “The Global State of Information Sercurity” Survey 2015 3 Data Center Knowledge, “Data Center Security: Controlling Threat in Your Facility,” March 3, 2015 COMPREHENSIVE CLOUD SECURITY Is your data secure? “To sum up, there are three things any CSO or CIO should keep top of mind: the perimeter is gone, visibility is key, and current security practices are obsolete.”3 Security incidents outpace GDP and mobile phone growth2 Year-over-year growth, 2013-2014 Global security incidents (GSISS 2015) Global smartphone users (eMarketer) Global GDP (OECD) 48% 22% 21%
  2. 2. 4 PWC, Regulatory and Compliance Reporting, http://www.pwc.com/gx/en/audit-services/regulatory-compliance/index.html 5 Bureau Van Dijk, “Spread of regulatory action outside US 'the top compliance issue of 2014” http://www.bvdinfo.com/industrynews/compliance-and-due-diligence/spread-of-regulatory-action-outside-us-the-top-compliance-issue-of-2014-/801768161#sthash.XyASNoN0.dpuf 6 Bloomberg, “A Regulatory Compliance Program Should be Top Concern, Advisors Say COMPLIANCE – LIMITING RISKS “Compliance is about more than prevention. It’s also about navigating opportunities.”4 Are you confident you’re compliant? Are you certain of all of your compliance obligations? “[The compliance plan] is not a document that you create and put on the shelf and never deal with again. It needs to be a living, breathing document that is tested and updated.”6 - Brian C. Ong, Sr. Managing Director, FTI Consulting, New York 28%35% COMPREHENSIVE CLOUD SECURITY spread of regulatory action outside of the US.5 anti-money laundering rules.5 Top compliance issues of 2014:
  3. 3. 7 Dept. of Homeland Security, “Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information 8 PRNewsire, “Raytheon-commissioned Ponemon Institute Survey: 88 percent believe privileged user abuse will increase” POTENTIAL THREATS WITHIN “There has been an increase in computer network exploitation and disruption by disgruntled and/or former employees. The FBI and DHS assess that disgruntled and former employees pose a significant cyber threat to US businesses due to their authorized access to sensitive information and the networks businesses rely on.”7 stated their security tools don't provide enough contextual information to determine intent behind reported incidents.8 COMPREHENSIVE CLOUD SECURITY recognize insider threats as a cause for alarm but have difficulty identifying specific threatening actions by insiders.8 How easy is it for users to abuse access privileges? say it is likely social engineers from outside the organization will target privileged users to obtain their access rights.845% 69% 88%
  4. 4. PROCESSES AND PRACTICES “Having a regularly scheduled internal or external vulnerability assessment and penetration test performed is a good way to inform executive leadership of the threats facing the company, determine the Company’s adherence to industry standards and best practices, and to test ITs ability to respond to intrusion attempts and other incidents.”9 9 Protivity, “Cybersecurity Concerns Rise as a Risk Factor for Board Members and Senior Executives in 2015” http://www.prnewswire.com/news-releases/cybersecurity-concerns-rise-as-a-risk-factor-for-board-members-and-senior-executives-in-2015-300032571.html 10 SSAE – 16, “Vulnerability Assessment and Penetration Testing” 11 ITproportal, “New cloud survey reveals shadow IT dangers, and cloud policy adoption levels. 12 TechTarget, “Report finds poor security communication among executives” COMPREHENSIVE CLOUD SECURITY Do you track and report shadow I.T. and other vulnerabilities? Compliance regulations that require regular vulnerability assessments include SOX; SSAE 16/SOC 1; PCI DSS; HIPAA, GLBA; FISCAM10 What IT professionals say: Almost 1/3indicated that their organizations’ IT security teams never discuss security with executives, and another 23% only communicate with executives on an annual basis.12 72% didn’t know the number of shadow IT apps running in their company.11