Cloud Storage and Security: Solving Compliance Challenges
-
Upload
eric-vanderburg -
Category
Technology
-
view
121 -
download
0
Transcript of Cloud Storage and Security: Solving Compliance Challenges
![Page 1: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/1.jpg)
CLOUD STORAGE & SECURITY:SOLVING COMPLIANCE CHALLENGES
![Page 2: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/2.jpg)
MEET THE PANEL
Director, Information Systems and
Security, Jurinnov LLC
Eric Vanderburg Partner, DLA
Piper
Giulio Coraggio
Presenters
Director of Cloud & Data
Center Erasure
Solutions, Blancco
Technology Group
Fredrik Forslund
Moderator
![Page 3: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/3.jpg)
WHAT WE’LL EXPLOREThe Realities & Pain Points of Storing Data in the Cloud
How, Where & When Cloud Security Could Be Compromised
Navigating Through Legal & Regulatory Compliance
What to Consider in Deploying the RightCloud Storage Strategy
Recommendations to Store, Manage & Protect Data in the Cloud
![Page 4: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/4.jpg)
THE REALITIES & PAIN POINTS OF STORING DATA IN THE CLOUD
![Page 5: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/5.jpg)
Source: SkyHigh Q4 2015 Cloud Report
![Page 6: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/6.jpg)
15.8% OF FILES IN THE CLOUD CONTAIN SENSITIVE DATA
6
Source: SkyHigh Q4 2015 Cloud Report
SENSITIVE DATA
7.6%
2.3%
1.6% Protected Health Information
Payment Data Documents in File Sharing Services
Personally Identifiable Information
4.3%
![Page 7: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/7.jpg)
MANAGING DATA IN THE CLOUD IS
COMPLICATED & TOUGH
7
Organizations that experienced breaches in the cloud cited malware as the top private cloud attack vector
Cloud Breaches
33%
Cite unauthorized access to data from other tenants as the most pressing concern with public cloud deployments
Unauthorized Access
40%
Store or process sensitive data in the cloud
Sensitive Data
40%
Do not currently have visibility into their public cloud providers’ operations
Lack of Visibility
33%
*Source: SANS Institute, ‘Orchestrating Security in the Cloud’ Paper, 2015
![Page 8: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/8.jpg)
Webinar Audience Poll
Question: What type of cloud strategy does your business implement?
Responses: • Private• Public• Hybrid• I don’t know
![Page 9: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/9.jpg)
Hybrid Cloud
More scalable than private
Requires some higher upfront costs
More control over data flows
Private Cloud
High degree of controlHigher upfront costsMore difficult to scale
Public Cloud
Highly scalablePay for what you useEasy to deploy and
manage
MANY CLOUD STRATEGIES TO CHOOSE
![Page 10: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/10.jpg)
HOW, WHERE & WHEN CLOUD SECURITY COULD BE COMPROMISED
![Page 11: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/11.jpg)
Webinar Audience Poll
Question: Has your company suffered a cloud data breach in the last 12 months?
Responses: • Yes• No• I don’t know
![Page 12: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/12.jpg)
INTERNAL & EXTERNAL THREATS CAN’T BE IGNORED
Source: SkyHigh Q4 2015 Cloud Report
![Page 13: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/13.jpg)
WHEN/WHERE IS DATA MOST AT RISK?
During Data Migration
During Data Use or Storage
Data End-of-Life Equipment End-of-Life
![Page 14: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/14.jpg)
NAVIGATING THROUGH LEGAL & REGULATORY COMPLIANCE
![Page 15: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/15.jpg)
15
ENTERPRISE BUSINESSES MUST GET ON BOARD
National Data Protection Law
EU Data Protection
Regulation 2015
Right to be Forgotten
ISO Standard 27001, 27040
etc.
Sarbanes-Oxley
HIPAA (Health Insurance Portabiltiy
and Accountability
)
Credit Card Industry PCI-
DSS
![Page 16: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/16.jpg)
0102
03
04
ISO/IEC 27001: SETTING THE BAR HIGH FOR SECURITY STANDARDS
16
TOP MANAGEMEN
TMust implement
information security policy
themselves
RISK MANAGEMEN
TRelevant
security risks should be
addressed and mitigated
INTERNAL AUDITS
Must verify all security risks
have been addressed and
operational processes are
set
DATA REMOVAL
Sensitive data and licensed
software must be securely
removed prior to disposal or
reuse
![Page 17: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/17.jpg)
ISO 27018: PROTECTION OF PRIVACY &
PERSONAL DATA IN THE CLOUD
17
Home PCPush SyncBack Up All
Files
Work Laptop
Push SyncWork Files
Notebook
Smart Sync
Select Files
TabletSync LocalStream the
Rest
Smartphone
Sync a FewStream the
Rest
!My
Documents
My Photos
My Music
My Work Files
Special Project
![Page 18: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/18.jpg)
Webinar Audience Poll
Question: How Prepared Is Your Organization for GDPR?
Responses: • Fully Prepared • Somewhat Prepared • Early Preparation Stages • Unprepared• Don’t Know
![Page 19: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/19.jpg)
Source: ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016
Somewhat Prepared; Still
Need to Find Right Data Removal
Software
Fully Prepared (Established
Processes, Policies & Technology)
Unprepared; Don’t Know
How or Where to Start
Don’t Know
On Right Track (Currently Researching
& Developing Processes/Policies
![Page 20: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/20.jpg)
WHAT CHANGES WITH THE GENERAL DATA
PROTECTION REGULATION?
20
New Sanctions for Violations & Breaches New Liabilities for Cloud Providers
New Obligations/ Protections
![Page 21: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/21.jpg)
Environmental Protection
Physical Protection
Network Protection
Hardware Protection
Breach Notification
Secure Communications
Computing Security
DATA PROTECTION REGULATION CONSIDERATIONS
Right to be Forgotten
![Page 22: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/22.jpg)
WHAT TO CONSIDER IN DEPLOYING THE RIGHT CLOUD STORAGE STRATEGY
![Page 23: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/23.jpg)
CAPACITY PLANNING• Pre-allocate = Low ROI with
unused space• Grow as you need =
Inconsistent IT spending and potentials for compromise
BACKUP AND RECOVERY• Archiving costs (equipment and
time)• Offsite storage or offsite location• Testing and validation
PRIVATE CLOUD STORAGE HURDLES
DIRECT CAPITAL
EXPENDITURE
MAINTAINENCE AND SUPPORT
![Page 24: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/24.jpg)
ADEQUATE DUE DILIGENCE ON CLOUD PROVIDER AND CONTRACT NEGOTIATION
![Page 25: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/25.jpg)
25
DATA MANAGEMENT CONSIDERATIONS
Specialized Skills
Sets Required
Data Analytics
Data Inventory
Future Scalability
into Hybrid Cloud
Cloud Software
Customization
![Page 26: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/26.jpg)
RECOMMENDATIONS TO STORE, MANAGE & PROTECT DATA IN THE CLOUD
![Page 27: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/27.jpg)
27
Know Your Vendors
Evaluate Cost Benefits
Implement Industry Standards
Prepare for Future (Scalability, Technology, Security)
Establish a Way to Measure ROI
THINGS TO REMEMBER WHEN STORING, MANAGING &
PROTECTING DATA IN THE CLOUD
![Page 28: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/28.jpg)
DATA LIFECYCLE IN THE CLOUD
3. Data Use/Storage
5. Data End-Of-Life
1. Data Creation& Classification
6. Decommissioning of Device/Server
4. Data at Rest
2. Data Migration
![Page 29: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/29.jpg)
Q&A
![Page 30: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/30.jpg)
CONTENT YOU MAY FIND USEFUL:“Cloud & Data Center Erasure: Why Delete Doesn’t Suffice”:
http://www2.blancco.com/en/white-paper/cloud-and-data-center-erasure-why-delete-doesnt-suffice
“The Information End Game: What You Need to Know to Protect Corporate Data Throughout its Lifecycle”: http://www2.blancco.com/en/white-paper/the-information-end-game-what-you-need-to-know-to-protect-corporate-data
“Data Storage Dilemmas & Solutions”:
http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions
“EU GDPR: A Corporate Dilemma”: http://www2.blancco.com/EU-GDPR-Corporate-Dilemma-Research-Study
![Page 31: Cloud Storage and Security: Solving Compliance Challenges](https://reader035.fdocuments.us/reader035/viewer/2022070514/587ce8ca1a28ab564b8b4af7/html5/thumbnails/31.jpg)
Blancco Technology Group is a leading, global provider of mobile device diagnostics and secure data erasure solutions. We help our clients’ customers test, diagnose, repair and repurpose IT devices with the most proven and certified software. Our clientele consists of equipment manufacturers, mobile network operators, retailers, financial institutions, healthcare providers and government organizations worldwide. The company is headquartered in Alpharetta, GA, United States, with a distributed workforce and customer base across the globe.
DLA Piper is a global law firm with lawyers in the Americas, Asia Pacific, Europe, Africa and the Middle East, positioning us to help companies with their legal needs around the world. We strive to be the leading global business law firm by delivering quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake.Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries. We also advise governments and public sector bodies.
JURINNOV works with IT and legal departments in a wide variety of industries and sectors. We become a link, an extension of both departments. We help them adopt the most current standards and tools. We help companies better manage and track electronic information, uncover evidence, plan for data recovery, and relax a little bit like in the good old days when everything was filed neatly in its place.
ABOUT US