Data Security: Best Practices in the Hybrid Cloud | Fpwebinar
-
Upload
fpweb -
Category
Technology
-
view
245 -
download
1
description
Transcript of Data Security: Best Practices in the Hybrid Cloud | Fpwebinar
![Page 1: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/1.jpg)
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
Data Security:Best Practices in the Hybrid Cloud
#fpwebinar
![Page 2: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/2.jpg)
![Page 3: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/3.jpg)
#fpwebinar
Data Security:Best Practices in the Hybrid Cloud
![Page 4: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/4.jpg)
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
We want to hear from you!
#fpwebinar
![Page 5: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/5.jpg)
What’s in this Fpwebinar?
A Strategy for Data Security
Cloud Adoption
Cloud Security Challenges
Closing the Gaps
#fpwebinar
![Page 6: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/6.jpg)
Jesse RocheVice President, SalesFpweb.net
#fpwebinar
Mike FleckCEOCipherPoint
![Page 7: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/7.jpg)
POLL:Which deployment option is your organization currently
using or planning to use in the next 12 months?
On-Prem, Private Cloud Only, Public Cloud Only, Hybrid
#fpwebinar
![Page 8: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/8.jpg)
Data Security transcends the Cloud.
Restricted information needs security wherever
it resides.
#fpwebinar
![Page 9: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/9.jpg)
POLL:Do you have a strategy for securing data?
Yes, No, or Not Sure
#fpwebinar
![Page 10: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/10.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
![Page 11: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/11.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
DATA
DEVICE
• LEAST PRIVILEGE DESIGN
• SEPARATION OF DUTIES PRINCIPLE
• UNIQUE USER IDENTITIES, NO SHARED ACCOUNTS
• COMPLEX PASSWORDS, NEVER SENT AS CLEAR
TEXT
![Page 12: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/12.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
• NETWORK FIREWALLS AND SEGMENTATION
• NETWORK MONITORING
• PENETRATION TESTING & VULNERABILITY SCANNING
• INTRUSION DETECTION
• PATCH MANAGEMENT
• ANTI-VIRUS, ANTI-MALWARE
![Page 13: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/13.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• BUILDING ACCESS CONTROL, VISITOR LOGS
• PHYSICAL DATA CENTER SECURITY
• EMPLOYEE SCREENING
• EMPLOYEE AWARENESS TRAINING, JOB DESCRIPTIONS
![Page 14: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/14.jpg)
Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• INCIDENT RESPONSE POLICY, ANNUAL TESTING
• CORPORATE INFORMATION SECURITY POLICY
• THIRD PARTY AUDITING AND ACCREDITATION
• DESIGNATED COMPLIANCE OFFICER/TEAM
![Page 15: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/15.jpg)
#fpwebinar
Ownership of Controls
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application Shared
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
![Page 16: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/16.jpg)
#fpwebinar
Cloud as Anti-Security
• Data Loss Prevention
• Network Access Control
• Network Perimeter
![Page 17: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/17.jpg)
Trust but verify.
Always perform your due diligence on the Cloud
Service Provider
#fpwebinar
![Page 18: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/18.jpg)
#fpwebinar
Topics for Due Diligence
Maturity of controls and principles
Uptime statistics and Service Level Agreements
Third party access: Subcontractors & Foreign and domestic
governments
Data destruction and remanence
Privileged user controls and monitoring
![Page 19: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/19.jpg)
Facts of Public Cloud Providers
• Superior economies of scale achieved through cookie
cutter offering
• Highly limited ability to perform due diligence
• Highly limited ability to customize
• Lower service levels
• High volume of compelled disclosures
#fpwebinar
![Page 20: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/20.jpg)
Beware of CSP Spin
#fpwebinar
![Page 21: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/21.jpg)
Microsoft does it too
#fpwebinar
![Page 22: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/22.jpg)
Point by PointMicrosoft provided information for 79% of requests for data from
foreign and domestic law enforcement agencieshttp://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/03/06/microsoft-releases-2013-law-enforcement-requests-
report.aspx
Microsoft database administrators, by definition, have access to all the resources on a database, including customer data
http://www.microsoft.com/online/legal/v2/?docid=24
Microsoft honored legal orders for data belonging to 15 businesseshttp://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
US ordered MS to hand over customer data stored in Irelandhttp://www.bbc.co.uk/news/technology-27191500
#fpwebinar
![Page 23: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/23.jpg)
So, what do we do?
#fpwebinar
![Page 24: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/24.jpg)
Triage the Data
#fpwebinar
COST EFFICIENCIES
TRUST
On-Premises Hosted / Private Cloud Public Cloud
![Page 25: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/25.jpg)
The Gaps
#fpwebinar
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
![Page 26: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/26.jpg)
Please direct any questions to usvia Twitter using hashtag
#fpwebinar
#fpwebinar
Q&A
Data Security:Best Practices in the Hybrid Cloud
![Page 27: Data Security: Best Practices in the Hybrid Cloud | Fpwebinar](https://reader038.fdocuments.us/reader038/viewer/2022110115/54b3ade74a7959a6388b462c/html5/thumbnails/27.jpg)
Thank you!Twitter @fpweb • [email protected] • www.fpweb.net
Please fill out the survey as you exit the webinar and help us choose the next topic!
Also, CipherPoint is giving away $5 gift cards to the first 50 people to complete their survey
and everyone is entered to win a $50 gift card.
Link to survey will be in the webinar recording email you will receive and in the chat pane.
#fpwebinar