SlideShare a Scribd company logo

Data Security: Best Practices in the Hybrid Cloud | Fpwebinar

Download as PPTX, PDF
Fpweb
Fpweb

This document discusses best practices for data security in hybrid cloud environments. It begins with an introduction and outlines the topics that will be covered, including a strategy for data security, cloud adoption, challenges, and closing security gaps. There is a discussion of ownership and responsibilities for security controls across on-premises, private cloud, and public cloud deployment options. The presentation cautions that public cloud providers have limitations for security customization and control. It suggests triaging data and considering costs and trust when deciding on deployment strategies. The discussion concludes with a question and answer section.

Related slideshows

Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy Program
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020
 
1 of 27
Please direct any questions to us via Twitter using hashtag #fpwebinar Data Security: Best Practices in the Hybrid Cloud #fpwebinar
Data Security: Best Practices in the Hybrid Cloud | Fpwebinar
#fpwebinar Data Security: Best Practices in the Hybrid Cloud
Please direct any questions to us via Twitter using hashtag #fpwebinar We want to hear from you! #fpwebinar
What’s in this Fpwebinar? A Strategy for Data Security Cloud Adoption Cloud Security Challenges Closing the Gaps #fpwebinar
Jesse Roche Vice President, Sales Fpweb.net #fpwebinar Mike Fleck CEO CipherPoint
POLL: Which deployment option is your organization currently using or planning to use in the next 12 months? On-Prem, Private Cloud Only, Public Cloud Only, Hybrid #fpwebinar
Data Security transcends the Cloud. Restricted information needs security wherever it resides. #fpwebinar
POLL: Do you have a strategy for securing data? Yes, No, or Not Sure #fpwebinar
Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING APPLICATION DATA DEVICE PHYSICAL HUMAN COMPLIANCE INCIDENT RESPONSE
Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS DATA DEVICE • LEAST PRIVILEGE DESIGN • SEPARATION OF DUTIES PRINCIPLE • UNIQUE USER IDENTITIES, NO SHARED ACCOUNTS • COMPLEX PASSWORDS, NEVER SENT AS CLEAR TEXT
Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING APPLICATION DATA DEVICE • NETWORK FIREWALLS AND SEGMENTATION • NETWORK MONITORING • PENETRATION TESTING & VULNERABILITY SCANNING • INTRUSION DETECTION • PATCH MANAGEMENT • ANTI-VIRUS, ANTI-MALWARE
Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING PHYSICAL HUMAN COMPLIANCE INCIDENT RESPONSE • BUILDING ACCESS CONTROL, VISITOR LOGS • PHYSICAL DATA CENTER SECURITY • EMPLOYEE SCREENING • EMPLOYEE AWARENESS TRAINING, JOB DESCRIPTIONS
Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING PHYSICAL HUMAN COMPLIANCE INCIDENT RESPONSE • INCIDENT RESPONSE POLICY, ANNUAL TESTING • CORPORATE INFORMATION SECURITY POLICY • THIRD PARTY AUDITING AND ACCREDITATION • DESIGNATED COMPLIANCE OFFICER/TEAM
#fpwebinar Ownership of Controls Controls On-Premises Private Cloud Public Cloud Network Hosting Application Shared Data Shared Device Physical Human Compliance Shared Shared Incident Response Shared Shared
#fpwebinar Cloud as Anti-Security • Data Loss Prevention • Network Access Control • Network Perimeter
Trust but verify. Always perform your due diligence on the Cloud Service Provider #fpwebinar
#fpwebinar Topics for Due Diligence Maturity of controls and principles Uptime statistics and Service Level Agreements Third party access: Subcontractors & Foreign and domestic governments Data destruction and remanence Privileged user controls and monitoring
Facts of Public Cloud Providers • Superior economies of scale achieved through cookie cutter offering • Highly limited ability to perform due diligence • Highly limited ability to customize • Lower service levels • High volume of compelled disclosures #fpwebinar
Beware of CSP Spin #fpwebinar
Microsoft does it too #fpwebinar
Point by Point Microsoft provided information for 79% of requests for data from foreign and domestic law enforcement agencies http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/03/06/microsoft-releases-2013-law-enforcement-requests-report.aspx Microsoft database administrators, by definition, have access to all the resources on a database, including customer data http://www.microsoft.com/online/legal/v2/?docid=24 Microsoft honored legal orders for data belonging to 15 businesses http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/ US ordered MS to hand over customer data stored in Ireland http://www.bbc.co.uk/news/technology-27191500 #fpwebinar
So, what do we do? #fpwebinar
Triage the Data #fpwebinar COST EFFICIENCIES TRUST On-Premises Hosted / Private Cloud Public Cloud
The Gaps #fpwebinar Controls On-Premises Private Cloud Public Cloud Network Hosting Application Data Shared Device Physical Human Compliance Shared Shared Incident Response Shared Shared
Please direct any questions to us via Twitter using hashtag #fpwebinar #fpwebinar Q&A Data Security: Best Practices in the Hybrid Cloud
Thank you! Twitter @fpweb • Marketing@fpweb.net • www.fpweb.net Please fill out the survey as you exit the webinar and help us choose the next topic! Also, CipherPoint is giving away $5 gift cards to the first 50 people to complete their survey and everyone is entered to win a $50 gift card. Link to survey will be in the webinar recording email you will receive and in the chat pane. #fpwebinar

More Related Content

Data Security: Best Practices in the Hybrid Cloud | Fpwebinar

  • 1. Please direct any questions to us via Twitter using hashtag #fpwebinar Data Security: Best Practices in the Hybrid Cloud #fpwebinar
  • 4. Please direct any questions to us via Twitter using hashtag #fpwebinar We want to hear from you! #fpwebinar
  • 5. What’s in this Fpwebinar? A Strategy for Data Security Cloud Adoption Cloud Security Challenges Closing the Gaps #fpwebinar
  • 6. Jesse Roche Vice President, Sales Fpweb.net #fpwebinar Mike Fleck CEO CipherPoint
  • 7. POLL: Which deployment option is your organization currently using or planning to use in the next 12 months? On-Prem, Private Cloud Only, Public Cloud Only, Hybrid #fpwebinar
  • 8. Data Security transcends the Cloud. Restricted information needs security wherever it resides. #fpwebinar
  • 9. POLL: Do you have a strategy for securing data? Yes, No, or Not Sure #fpwebinar
  • 10. Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING APPLICATION DATA DEVICE PHYSICAL HUMAN COMPLIANCE INCIDENT RESPONSE
  • 11. Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS DATA DEVICE • LEAST PRIVILEGE DESIGN • SEPARATION OF DUTIES PRINCIPLE • UNIQUE USER IDENTITIES, NO SHARED ACCOUNTS • COMPLEX PASSWORDS, NEVER SENT AS CLEAR TEXT
  • 12. Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING APPLICATION DATA DEVICE • NETWORK FIREWALLS AND SEGMENTATION • NETWORK MONITORING • PENETRATION TESTING & VULNERABILITY SCANNING • INTRUSION DETECTION • PATCH MANAGEMENT • ANTI-VIRUS, ANTI-MALWARE
  • 13. Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING PHYSICAL HUMAN COMPLIANCE INCIDENT RESPONSE • BUILDING ACCESS CONTROL, VISITOR LOGS • PHYSICAL DATA CENTER SECURITY • EMPLOYEE SCREENING • EMPLOYEE AWARENESS TRAINING, JOB DESCRIPTIONS
  • 14. Information Security Program #fpwebinar OVERALL PRINCIPLES & CONTROLS NETWORK HOSTING PHYSICAL HUMAN COMPLIANCE INCIDENT RESPONSE • INCIDENT RESPONSE POLICY, ANNUAL TESTING • CORPORATE INFORMATION SECURITY POLICY • THIRD PARTY AUDITING AND ACCREDITATION • DESIGNATED COMPLIANCE OFFICER/TEAM
  • 15. #fpwebinar Ownership of Controls Controls On-Premises Private Cloud Public Cloud Network Hosting Application Shared Data Shared Device Physical Human Compliance Shared Shared Incident Response Shared Shared
  • 16. #fpwebinar Cloud as Anti-Security • Data Loss Prevention • Network Access Control • Network Perimeter
  • 17. Trust but verify. Always perform your due diligence on the Cloud Service Provider #fpwebinar
  • 18. #fpwebinar Topics for Due Diligence Maturity of controls and principles Uptime statistics and Service Level Agreements Third party access: Subcontractors & Foreign and domestic governments Data destruction and remanence Privileged user controls and monitoring
  • 19. Facts of Public Cloud Providers • Superior economies of scale achieved through cookie cutter offering • Highly limited ability to perform due diligence • Highly limited ability to customize • Lower service levels • High volume of compelled disclosures #fpwebinar
  • 20. Beware of CSP Spin #fpwebinar
  • 21. Microsoft does it too #fpwebinar
  • 22. Point by Point Microsoft provided information for 79% of requests for data from foreign and domestic law enforcement agencies http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/03/06/microsoft-releases-2013-law-enforcement-requests-report.aspx Microsoft database administrators, by definition, have access to all the resources on a database, including customer data http://www.microsoft.com/online/legal/v2/?docid=24 Microsoft honored legal orders for data belonging to 15 businesses http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/ US ordered MS to hand over customer data stored in Ireland http://www.bbc.co.uk/news/technology-27191500 #fpwebinar
  • 23. So, what do we do? #fpwebinar
  • 24. Triage the Data #fpwebinar COST EFFICIENCIES TRUST On-Premises Hosted / Private Cloud Public Cloud
  • 25. The Gaps #fpwebinar Controls On-Premises Private Cloud Public Cloud Network Hosting Application Data Shared Device Physical Human Compliance Shared Shared Incident Response Shared Shared
  • 26. Please direct any questions to us via Twitter using hashtag #fpwebinar #fpwebinar Q&A Data Security: Best Practices in the Hybrid Cloud
  • 27. Thank you! Twitter @fpweb • Marketing@fpweb.net • www.fpweb.net Please fill out the survey as you exit the webinar and help us choose the next topic! Also, CipherPoint is giving away $5 gift cards to the first 50 people to complete their survey and everyone is entered to win a $50 gift card. Link to survey will be in the webinar recording email you will receive and in the chat pane. #fpwebinar