SlideShare a Scribd company logo

Data Protection & Shadow IT in a cloud era

David De Vos
David De Vos

The slides that were used @infosecurity 2019 when speaking for Computable. A vendor independent session where I shared some of the experiences of the last year.

1 of 20
Download to read offline
Data Protection Shadow IT
About me .. @vrykodee MCSE 2003-2018 MCSD MVA founder David De Vos Cybersecurity Evangelist Solutions Architect David@getsecure.today MCPS MCNPS MCTS CCSP 2018 CEH 2018 MCTEM
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
What is the weakest block in the chain? Executives Deskless WorkersInformation Workers
Adversaries research ...  job roles  private life  whereabouts  hobbies  pets Customer Service Agent Finance Administrator CIO Methodology has evolved
Typical attack example USER Anonymous user behavior Unfamiliar sign-in location ATTACKER Phishing attack User account is compromised # Attacker attempts lateral movement Attacker accesses sensitive data Privileged account compromised Anonymous user behavior Lateral movement attacks Escalation of privileges Account impersonation Data exfiltration Attacker steals sensitive data Cloud data & SaaS apps Zero-day / brute-force attack
What defines Shadow IT today? Cloud Applications
Sensitive data is at risk 88 % of organizations no longer have confidence to detect and prevent loss of sensitive data of employees use non-approved SaaS apps at work60% 85 % of enterprise organizations keep sensitive information in the cloud 58 % Have accidentally sent sensitive information to the wrong person
GDPR Data Classification & Protection
Scan & detect sensitive data based on policy MonitorDiscover Classify Classify and label data based on sensitivity Protect Apply protection actions, including encryption, access restrictions Audit data access and adjust/revoke where applicable Apps On-premisesCloud servicesDevices Across
The real challenge? Remote working policy Bring your own device policy
Do you know where your sensitive data resides and where it’s going? Do you have control of your data as it travels inside and outside of your organization? Can you revoke access to data in cloud applications? Did you train key users on the subject? Do you have a strategy for protecting and managing sensitive information?
CASB Cloud Application Security Broker
Cloud Access Security Brokers Cloud Access Security Brokers (CASBs) are defined by Gartner as: On-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security polices as the cloud- based resources are accessed. CASBs consolidate multiple types of security policy enforcement. of large enterprises will use CASBs By 2020
On-premises abnormal behavior and advanced threat detection Identity-based attack and threat detection Behavioral analytics detect & prevent data leakage and breaches Anomaly detection for cloud apps ! ! !
User Adoption is an important element. Train your end-users. There is no protection if you use one vendor/solution. Use many security solutions and vendors as layers of protection. Link them together and establish Zero Trust environment. If you have a remote working force or unmanaged devices, look into a CASB solution. Implement it on top of what you are already using: multiple layers are best! Properly classify your sensitive data and monitor access to your sensitive data Inform users on these aspects, so they don’t feel their privacy is violated. Key Takeaways
Focus on protecting the data in your environment, not only on protecting access to data. People can produce sensitive data starting from an empty document as well. Classification of files is something most companies have been looking into. Did you also classify and protect data inside databases? Classify row, column and tables as well! Protect your backups, they are copies of all your data. Restore processes should be reviewed and adapted where necessary. Learn when you should report a breach to the privacy commission and when you should not. Practice & Learn
QUIZ Is a ransomware attack (eg: wannacry) a data breach that should be reported?
Data Protection & Shadow IT in a cloud era

More Related Content

Data Protection & Shadow IT in a cloud era

  • 2. About me .. @vrykodee MCSE 2003-2018 MCSD MVA founder David De Vos Cybersecurity Evangelist Solutions Architect David@getsecure.today MCPS MCNPS MCTS CCSP 2018 CEH 2018 MCTEM
  • 5. What is the weakest block in the chain? Executives Deskless WorkersInformation Workers
  • 6. Adversaries research ...  job roles  private life  whereabouts  hobbies  pets Customer Service Agent Finance Administrator CIO Methodology has evolved
  • 7. Typical attack example USER Anonymous user behavior Unfamiliar sign-in location ATTACKER Phishing attack User account is compromised # Attacker attempts lateral movement Attacker accesses sensitive data Privileged account compromised Anonymous user behavior Lateral movement attacks Escalation of privileges Account impersonation Data exfiltration Attacker steals sensitive data Cloud data & SaaS apps Zero-day / brute-force attack
  • 8. What defines Shadow IT today? Cloud Applications
  • 9. Sensitive data is at risk 88 % of organizations no longer have confidence to detect and prevent loss of sensitive data of employees use non-approved SaaS apps at work60% 85 % of enterprise organizations keep sensitive information in the cloud 58 % Have accidentally sent sensitive information to the wrong person
  • 11. Scan & detect sensitive data based on policy MonitorDiscover Classify Classify and label data based on sensitivity Protect Apply protection actions, including encryption, access restrictions Audit data access and adjust/revoke where applicable Apps On-premisesCloud servicesDevices Across
  • 12. The real challenge? Remote working policy Bring your own device policy
  • 13. Do you know where your sensitive data resides and where it’s going? Do you have control of your data as it travels inside and outside of your organization? Can you revoke access to data in cloud applications? Did you train key users on the subject? Do you have a strategy for protecting and managing sensitive information?
  • 15. Cloud Access Security Brokers Cloud Access Security Brokers (CASBs) are defined by Gartner as: On-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security polices as the cloud- based resources are accessed. CASBs consolidate multiple types of security policy enforcement. of large enterprises will use CASBs By 2020
  • 16. On-premises abnormal behavior and advanced threat detection Identity-based attack and threat detection Behavioral analytics detect & prevent data leakage and breaches Anomaly detection for cloud apps ! ! !
  • 17. User Adoption is an important element. Train your end-users. There is no protection if you use one vendor/solution. Use many security solutions and vendors as layers of protection. Link them together and establish Zero Trust environment. If you have a remote working force or unmanaged devices, look into a CASB solution. Implement it on top of what you are already using: multiple layers are best! Properly classify your sensitive data and monitor access to your sensitive data Inform users on these aspects, so they don’t feel their privacy is violated. Key Takeaways
  • 18. Focus on protecting the data in your environment, not only on protecting access to data. People can produce sensitive data starting from an empty document as well. Classification of files is something most companies have been looking into. Did you also classify and protect data inside databases? Classify row, column and tables as well! Protect your backups, they are copies of all your data. Restore processes should be reviewed and adapted where necessary. Learn when you should report a breach to the privacy commission and when you should not. Practice & Learn
  • 19. QUIZ Is a ransomware attack (eg: wannacry) a data breach that should be reported?