Data Security: Best Practices in the Hybrid Cloud | Fpwebinar
- 1. Please direct any questions to us
via Twitter using hashtag
#fpwebinar
Data Security:
Best Practices in the Hybrid Cloud
#fpwebinar
- 4. Please direct any questions to us
via Twitter using hashtag
#fpwebinar
We want to hear from you!
#fpwebinar
- 5. What’s in this Fpwebinar?
A Strategy for Data Security
Cloud Adoption
Cloud Security Challenges
Closing the Gaps
#fpwebinar
- 7. POLL:
Which deployment option is your organization currently
using or planning to use in the next 12 months?
On-Prem, Private Cloud Only, Public Cloud Only, Hybrid
#fpwebinar
- 12. Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
APPLICATION
DATA
DEVICE
• NETWORK FIREWALLS AND
SEGMENTATION
• NETWORK MONITORING
• PENETRATION TESTING & VULNERABILITY
SCANNING
• INTRUSION DETECTION
• PATCH MANAGEMENT
• ANTI-VIRUS, ANTI-MALWARE
- 13. Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• BUILDING ACCESS CONTROL, VISITOR LOGS
• PHYSICAL DATA CENTER SECURITY
• EMPLOYEE SCREENING
• EMPLOYEE AWARENESS TRAINING, JOB DESCRIPTIONS
- 14. Information Security Program
#fpwebinar
OVERALL PRINCIPLES & CONTROLS
NETWORK
HOSTING
PHYSICAL
HUMAN
COMPLIANCE
INCIDENT RESPONSE
• INCIDENT RESPONSE POLICY, ANNUAL TESTING
• CORPORATE INFORMATION SECURITY POLICY
• THIRD PARTY AUDITING AND ACCREDITATION
• DESIGNATED COMPLIANCE OFFICER/TEAM
- 15. #fpwebinar
Ownership of Controls
Controls On-Premises Private Cloud Public Cloud
Network
Hosting
Application Shared
Data Shared
Device
Physical
Human
Compliance Shared Shared
Incident Response Shared Shared
- 18. #fpwebinar
Topics for Due Diligence
Maturity of controls and principles
Uptime statistics and Service Level Agreements
Third party access: Subcontractors & Foreign and domestic governments
Data destruction and remanence
Privileged user controls and monitoring
- 19. Facts of Public Cloud
Providers
• Superior economies of scale achieved through cookie cutter offering
• Highly limited ability to perform due diligence
• Highly limited ability to customize
• Lower service levels
• High volume of compelled disclosures
#fpwebinar
- 22. Point by Point
Microsoft provided information for 79% of requests for data from foreign and domestic
law enforcement agencies
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/03/06/microsoft-releases-2013-law-enforcement-requests-report.aspx
Microsoft database administrators, by definition, have access to all the resources on a
database, including customer data
http://www.microsoft.com/online/legal/v2/?docid=24
Microsoft honored legal orders for data belonging to 15 businesses
http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
US ordered MS to hand over customer data stored in Ireland
http://www.bbc.co.uk/news/technology-27191500
#fpwebinar
- 26. Please direct any questions to us
via Twitter using hashtag
#fpwebinar
#fpwebinar
Q&A
Data Security:
Best Practices in the Hybrid Cloud
- 27. Thank you!
Twitter @fpweb • Marketing@fpweb.net • www.fpweb.net
Please fill out the survey as you exit the webinar and help us choose the next topic!
Also, CipherPoint is giving away $5 gift cards to the first 50 people to complete their survey
and everyone is entered to win a $50 gift card.
Link to survey will be in the webinar recording email you will receive and in the chat pane.
#fpwebinar