Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation
-
Upload
accellion -
Category
Technology
-
view
289 -
download
2
description
Transcript of Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation
![Page 1: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/1.jpg)
MIS Training Institute Session # - Slide 1© COMPANY NAME
Do You Know Where Your Data Is?InfoSec World 2013 Conference & ExpoJohn Pincus, Senior VP Products.
![Page 2: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/2.jpg)
2
Key points• Public cloud file sharing has risks as well as
advantages• Private cloud and hybrid solutions can be
good alternatives• Whether public or private, some key
considerations for evaluation
![Page 3: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/3.jpg)
3
The Problem: Sharing Enterprise Content Securely in the iPad Era
![Page 4: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/4.jpg)
4
What Does BYOD Look Like?
![Page 5: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/5.jpg)
5
What Does BYOD Feel Like?
![Page 6: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/6.jpg)
6
The BYOD Challenge
How to make enterprise content accessible on mobile devices while maintaining control and security?
![Page 7: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/7.jpg)
7
Definitions• Cloud computing• Public cloud • Private cloud • Hybrid
![Page 8: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/8.jpg)
8
What IT needs …
LDAP/AD IntegrationSSO (SAML, Kerberos, …)Access controlEncryption in transit, at restLogging & ReportingAV and DLP IntegrationAccess to Enterprise Content Archival Integration
![Page 9: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/9.jpg)
9
File sharing in context
Enterprise Content
DLPAnti-virus
Archiving
MDM
File Sharing
![Page 10: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/10.jpg)
10
… and what users want
Mobile AccessCollaborationFile CommentingFile Version TrackingSynced Files/FoldersFile TransferNotification
![Page 11: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/11.jpg)
11
Why users love the public cloud
“It just works”
“Can get at it from anywhere”
“Can use whatever device I want”
“Can share with anybody”
“Don’t have to work with IT!”
![Page 12: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/12.jpg)
12
Dropbox has become “problem child” of cloud security
iCloud Hacking Could Tarnish Apple’s Image
Patriot Act can “obtain” data in Europe, Researchers Say
Gmail, Google Drive, Chrome experience outages
Feds Tell Megaupload Users to Forget About Their Data
Safe Harbor not Safe Enough for EU Cloud Data
![Page 13: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/13.jpg)
13
Why do you believe that public cloud computing services will have little or no impact on your organization’s IT
strategy over the next five years?
Souce: Evaluating Cloud File Sharing and Collaboration Solutions, ESG, 2012
![Page 14: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/14.jpg)
14
Security concerns• Public cloud sites are big targets• You’re at the mercy of their operation
security• Who has access to the data?• Some sites don’t encrypt data or restrict
additional sharing
• But …• Public cloud security is generally
improving• Some sites do pay a lot of attention to
security• Have to weigh risks …
![Page 15: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/15.jpg)
15
Legal and privacy concerns• Third-party doctrine• Data location
– Country-of-origin rules– Article 29 Working Party– PATRIOT Act concerns
• Will you get notified (and have a chance to fight) about any court orders?
• What rights does the service provider claim with respect to your data?
![Page 16: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/16.jpg)
16
Terms of Service: Google Drivehttp://www.google.com/intl/en/policies/terms/
"When you upload or otherwise submit content to our Services, you give Google Drive (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services…”
![Page 17: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/17.jpg)
17
Terms of Service: Google Drivehttp://www.google.com/intl/en/policies/terms/
"When you upload or otherwise submit content to our Services, you give Google Drive (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services…”
![Page 18: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/18.jpg)
18
All about control• Our must-have feature checklist:
• Proven functionality that “works”• Tight security controls:
• File tracking and reporting• Access permissions• Encryption at rest and transit• LDAP/Active Directory integration
• Around-the-clock reliability• BYOD support
• Multiple OSs and devices• File synchronization• Remote wiping
• Support for all file sizes and formats• We wanted control within our own datacenter
![Page 19: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/19.jpg)
19
Private cloud as an alternative
• Hosted in your own data center
• Under your control
![Page 20: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/20.jpg)
20
Why users love the private cloud
“It just works”
“Can get at it from anywhere”(subject to corporate policies)
“Can use whatever device I want”(subject to corporate policies)
“Can share with anybody”(subject to corporate policies)
“Don’t have to work with IT!”(once the system’s up and running)
![Page 21: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/21.jpg)
21
Private Cloud or Public Cloud?• Mininimize investment? Achieve
excellence? Investment in IT and operational security?
• CFO preference?CapEx vs OpEx?
• Patriot Act, Safe Harbor PrivacyData Physical
Location?
• No solution is 100% secureCorporate DNA and tolerance for risk?
![Page 22: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/22.jpg)
22
Enterprise Considerations for File Sharing and Collaboration
• Security controls
• Compliance and reporting
• Scalability and availability
• Leverage existing content stores
• Enterprise integrations
Whether public or private cloud …
![Page 23: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/23.jpg)
23Accellion Confidential
Compliance and ReportingReporting
Granularity of auditing and reporting
Export to 3rd party reporting
Log formatting for export
SNMP (Monitoring)
![Page 24: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/24.jpg)
Accellion Confidential 24
Security ControlsEnterprise Security•Anti-Virus•Data Loss Prevention•Restricted Admin Access to Content•Hardened Server Appliance•Data Residency
Authentication / Authorization•SSO with SAML / OAuth / Kerberos•Multi-LDAP and AD integration•Two-Factor Authentication•Password Policies•RBAC•Granular Authorization
Encryption•Encryption – Data at Rest and in Motion•Encryption Strength•Ownership of Encryption Keys•FIPS 140-2 Certification
Mobile Security•Secure Mobile Container•Whitelisted Helper Applications•Server Side Viewing•Remote Wipe•Offline PIN
![Page 25: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/25.jpg)
Accellion Confidential 25
And don’t forget about the users!“It just works”
“Can get at it from anywhere”(subject to corporate policies)
“Can use whatever device I want”(subject to corporate policies)
“Can share with anybody”(subject to corporate policies)
![Page 26: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/26.jpg)
26
Conclusion
• No one right answer • Public cloud has risks along with benefits• Private cloud is a viable alternative• Hybrid approaches (mix of public and private
cloud) may be the best answer
• Security evaluation criteria apply no matter whether it’s public or private
![Page 27: Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation](https://reader034.fdocuments.us/reader034/viewer/2022052620/5575c7b2d8b42a312a8b4f43/html5/thumbnails/27.jpg)
Accellion provides enterprise-class mobile file sharing solutions that enable secure anytime, anywhere access to information while ensuring enterprise security and compliance.
The world’s leading corporations and government agencies select Accellion to protect intellectual property, ensure compliance, improve business productivity and reduce IT cost.
Learn more about Accellion here: www.accellion.com
Connect with Accellion here:
About Accellion