Quantifying Cloud Risk for Your Corporate Leadership
-
Upload
netskope -
Category
Technology
-
view
1.166 -
download
1
Transcript of Quantifying Cloud Risk for Your Corporate Leadership
![Page 1: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/1.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Quantifying Cloud Risk forYour Corporate Leadership
Scott Hogrefe, Sr. Director, Netskope
![Page 2: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/2.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
‣ Strong technology and services partnerships
‣ Discover cloud apps and assess risk‣ Govern all apps and data‣ Safely enable sanctioned cloud apps
‣ $131.4M from top Silicon Valley VCs‣Accel, Lightspeed, Iconiq,
Social+Capital‣Customers include
‣ 250+ employees globally, including North America, throughout Europe, and Asia-Pacific
‣ Early architects/executives from Palo Alto Networks, NetScreen, Cisco, McAfee, VMware
‣ 40+ patent claims across four categories
![Page 3: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/3.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Confessions of “Dr. No”
![Page 4: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/4.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
I really likeVISIBILITY AND CONTROL
![Page 5: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/5.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
40 to 50
![Page 6: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/6.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Actual:
1,017
IT estimate:
40-50 Cloud procurement in many healthcare organizations
happens outside of IT
More than just Dropbox and Evernote. EHR, billing,
healthcare consultation…not to mention HR,
finance, CRM, etc.No visibility or control
Source: Netskope Cloud Report
![Page 7: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/7.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
There known knowns… known unknowns… unknown unknowns
![Page 8: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/8.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
Why do people rob banks?
There known knowns… known unknowns… unknown unknowns
![Page 9: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/9.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
People aren’t evil, people are reckless
Why do people rob banks?
There known knowns… known unknowns… unknown unknowns
![Page 10: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/10.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
What are the risks of cloud?
People aren’t evil, people are reckless
Why do people rob banks?
There known knowns… known unknowns… unknown unknowns
What are the risks of not using cloud?
![Page 11: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/11.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
IT estimates 30% business data is in cloud…
With ⅓“unknown”
Source: Ponemon
![Page 12: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/12.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
IT estimates 30% business data is in cloud…
With ⅓“unknown”
Source: Ponemon
Is this your quantifiable risk?
![Page 13: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/13.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
28 “Ecosystem” apps on average connected to Box alone
![Page 14: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/14.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
28 “Ecosystem” apps on average connected to Box alone
Should we factor these in to your equation?
![Page 15: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/15.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Nearly Halfof all cloud app activities originate from a mobile device
One Thirdof all DLP policy violations occur on a mobile device
![Page 16: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/16.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Nearly Halfof all cloud app activities originate from a mobile device
One Thirdof all DLP policy violations occur on a mobile device
Is this part of your cloud risk?
![Page 17: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/17.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
+ +Cloud App Risk
=
We could say…
![Page 18: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/18.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
+ +Cloud App Risk
=
We could say…
Right?
![Page 19: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/19.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Just Block!In 2005 we said…
![Page 20: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/20.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Just Block!Sanction one app and
then…
In the last few years we’ve said…
![Page 21: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/21.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?
![Page 22: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/22.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?Me too!
Me too!
Don’t forget about me!
![Page 23: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/23.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?Me too!
Me too!
Don’t forget about me!
90% of cloud usage is in apps blocked by the firewall
![Page 24: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/24.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
But I need to use that app, can I get
an exception?Me too!
Me too!
Don’t forget about me!
90% of cloud usage is in apps blocked by the firewall
Not me… I found
another app!
![Page 25: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/25.jpg)
Netskope © 2015, Optiv Security Inc. © 201525
![Page 26: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/26.jpg)
Netskope © 2015, Optiv Security Inc. © 201526
![Page 27: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/27.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
BESIDES…THESE APPS ARE
GOODFOR BUSINESS
![Page 28: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/28.jpg)
Netskope © 2015, Optiv Security Inc. © 201528
Even Customer Supportis in the cloud…“ ”
![Page 29: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/29.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
LEADING BIOTECH‣ Leverages the cloud to
process petabytes of clinical trial data at a fraction of the time
‣ Results: Faster time to approval
LARGE HMO‣ Securely stores health
records‣ Collaborates on patient
data via workflows‣ Coordinates care via
cloud
TEACHING HOSPITAL‣ Ensure that medical
students and staff safely collaborate in the cloud
‣ Find and secure PHI en route to or at rest in cloud apps
![Page 30: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/30.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 31: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/31.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
How Are YouAddressing
Risk?
![Page 32: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/32.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
FIND UNDERSTAND SECURE
![Page 33: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/33.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
FIND
Bob Jones in IT
Ashok Kumar in Marketing
Amy Bishop in Finance
Pierre Bonaparte in Research
Side-by-sidecomparisons
![Page 34: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/34.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
UNDERSTAND
✔ Who? What group/OU? Where?
✔ What app/category? From what device?
✔ To whom? What content?Dr. Porter sent a patient’s MRI to a
counterpart via Box
![Page 35: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/35.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
SECURE✔ Block and coach
✔ Encrypt
✔ Prevent sharing outside of co.
✔ Require justification
✔ Perform “quiet” legal hold
Activity- and data-level
policies
✔ Quarantine and alert users
![Page 36: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/36.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
76.2% Of Cloud DLP Violations occur in healthcare and life sciences
68.5% Of DLP violations are protected health information (PHI)
![Page 37: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/37.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Is Your Leadership Paying Attention?
Do They Care?
![Page 38: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/38.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 39: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/39.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Sample NACD QuestionsQuestions Directors Can Ask to Assess the Board’s “Cyber Literacy”
#2 Do we think there is adequate protection in place if someone wanted to get at or damage our corporate “crown jewels?” What would it take to feel comfortable that those assets were protected?
From the National Association of Corporate Director’s Cyber-Risk Oversight Director’s Handbook Series 2014 Edition, page 17: http://www.aig.com/Chartis/internet/US/en/Financial%20Lines_Cybersecurity_Handbook_Global_tcm3171-639223.pdf.
![Page 40: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/40.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
So, What’s YourStrategy for Talkingto Your Leadership?
![Page 41: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/41.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
1. CURRENT STATE OF AFFAIRS
Apps, users, devices, data, risk
![Page 42: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/42.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
2. CLOUD’S ROLE IN YOUR
SUCCESS
Time to value for on-premises
Time to value for cloud
Best tools, lack of in-house talent, speed and ease of deployment and use, user preferences
![Page 43: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/43.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
3. YOUR CLOUDVISION
How, when, and under what circumstances, you’re in SaaS, PaaS, and IaaS…
Finance
HR
Software Development
Storage CRM
ResearchRisk Management
Trading
Analysis
![Page 44: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/44.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
4. SAFE CLOUD
ENABLEMENT PLAN
Requirements, plan, policies (e.g., vendor assurance)
![Page 45: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/45.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
5. STRATEGIC ROADMAP,
RESOURCES, AND
OWNERS
Roadmap, stakeholders, sequence, resources…
![Page 46: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/46.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
6. PLAN FOR TRANSPAREN
CYAND
GOVERNANCE
Ongoing reporting to leadership and lines of business
![Page 47: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/47.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
In Summary…
Current State of Affairs
Cloud’s Role in Your Success
Your Cloud Vision
Safe Cloud Enablement Plan
Strategic Roadmap
Ongoing Governance, Transparency
![Page 48: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/48.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
So, “Dr. No” became a “Yes Man”
(and Vicken and Clark lived happily ever after)
![Page 49: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/49.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 50: Quantifying Cloud Risk for Your Corporate Leadership](https://reader034.fdocuments.us/reader034/viewer/2022042619/5875da3d1a28ab8f438b731d/html5/thumbnails/50.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
THANK YOU!