Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference presentation

  • 647 views
Uploaded on

Cloud-based file sharing and collaboration solutions are ripe for the picking, but what’s right for one organization might not be right for another. Accellion presented the pros and cons of various......

Cloud-based file sharing and collaboration solutions are ripe for the picking, but what’s right for one organization might not be right for another. Accellion presented the pros and cons of various cloud computing choices at the InfoSec World 2013 Conference & Expo last month. To learn more about the top cloud considerations for file sharing and collaboration and to find out where you stand on the privacy and public cloud debate, check out this presentation entitled ”Do You Know Where Your Data Is?

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
647
On Slideshare
639
From Embeds
8
Number of Embeds
2

Actions

Shares
Downloads
6
Comments
0
Likes
1

Embeds 8

http://pinterest.com 7
http://www.accellion.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • It must offer Secure Mobility. Business users have to take comfort in knowing that the enterprise content they work with is always secure.Everything that a mobile user does with a file, (download, upload, save, edit, send, or just keep locally) should be allowed to happen in a secure environment transparently and w/oburdening the mobile user. And behind the scenes, it should offer the best encryption technology, and support logging and tracking of content required to comply with regularity requirements. Even files that are just at rest in on a device are placed in a container.This is vital, particularly for enterprises in regulated industries.

Transcript

  • 1. MIS Training Institute Session # - Slide 1© COMPANY NAMEDo You Know Where Your Data Is?InfoSec World 2013 Conference & ExpoJohn Pincus, Senior VP Products.
  • 2. 2Key points• Public cloud file sharing has risks as well asadvantages• Private cloud and hybrid solutions can begood alternatives• Whether public or private, some keyconsiderations for evaluation
  • 3. 3The Problem:Sharing Enterprise Content Securely in the iPad Era
  • 4. 4What Does BYOD Look Like?
  • 5. 5What Does BYOD Feel Like?
  • 6. 6The BYOD ChallengeHow to makeenterprise contentaccessible onmobile devices whilemaintaining controland security?
  • 7. 7Definitions• Cloud computing• Public cloud• Private cloud• Hybrid
  • 8. 8What IT needs …LDAP/AD IntegrationSSO (SAML, Kerberos, …)Access controlEncryption in transit, at restLogging & ReportingAV and DLP IntegrationAccess to Enterprise ContentArchival Integration
  • 9. 9File sharing in contextEnterpriseContentDLPAnti-virusArchivingMDMFile Sharing
  • 10. 10… and what users wantMobile AccessCollaborationFile CommentingFile Version TrackingSynced Files/FoldersFile TransferNotification
  • 11. 11Why users love the public cloud“It just works”“Can get at it fromanywhere”“Can use whatever device Iwant”“Can share with anybody”“Don’t have to work with IT!”
  • 12. 12Dropbox has become “problem child” of cloud securityiCloud Hacking Could Tarnish Apple’s ImagePatriot Act can “obtain” data inEurope, Researchers SayGmail, Google Drive, Chrome experienceoutagesFeds Tell Megaupload Users to ForgetAbout Their DataSafe Harbor not Safe Enough for EU Cloud Data
  • 13. 13Why do you believe that public cloud computing serviceswill have little or no impact on your organization’s ITstrategy over the next five years?Souce: Evaluating Cloud File Sharing and Collaboration Solutions, ESG,2012
  • 14. 14Security concerns• Public cloud sites are big targets• You’re at the mercy of their operationsecurity• Who has access to the data?• Some sites don’t encrypt data or restrictadditional sharing• But …• Public cloud security is generallyimproving• Some sites do pay a lot of attention tosecurity• Have to weigh risks …
  • 15. 15Legal and privacy concerns• Third-party doctrine• Data location– Country-of-origin rules– Article 29 Working Party– PATRIOT Act concerns• Will you get notified (and have a chance to fight) about anycourt orders?• What rights does the service provider claim with respect toyour data?
  • 16. 16Terms of Service: Google Drivehttp://www.google.com/intl/en/policies/terms/"When you upload or otherwise submit content to our Services,you give Google Drive (and those we work with) a worldwidelicense to use, host, store, reproduce, modify, create derivativeworks (such as those resulting from translations, adaptations orother changes we make so that your content works better withour Services), communicate, publish, publicly perform, publiclydisplay and distribute such content. The rights you grant in thislicense are for the limited purpose of operating, promoting, andimproving our Services, and to develop new ones. This licensecontinues even if you stop using our Services…”
  • 17. 17Terms of Service: Google Drivehttp://www.google.com/intl/en/policies/terms/"When you upload or otherwise submit content to ourServices, you give Google Drive (and those we work with) aworldwide license to use, host, store, reproduce, modify, createderivative works (such as those resulting fromtranslations, adaptations or other changes we make so that yourcontent works better with ourServices), communicate, publish, publicly perform, publiclydisplay and distribute such content. The rights you grant in thislicense are for the limited purpose of operating, promoting, andimproving our Services, and to develop new ones. This licensecontinues even if you stop using our Services…”
  • 18. 18All about control• Our must-have feature checklist:• Proven functionality that “works”• Tight security controls:• File tracking and reporting• Access permissions• Encryption at rest and transit• LDAP/Active Directory integration• Around-the-clock reliability• BYOD support• Multiple OSs and devices• File synchronization• Remote wiping• Support for all file sizes and formats• We wanted control within our own datacenter
  • 19. 19Private cloud as an alternative• Hosted in your own data center• Under your control
  • 20. 20Why users love the private cloud“It just works”“Can get at it from anywhere”(subject to corporate policies)“Can use whatever device I want”(subject to corporate policies)“Can share with anybody”(subject to corporate policies)“Don’t have to work with IT!”(once the system’s up and running)
  • 21. 21Private Cloud or Public Cloud?• Mininimize investment? Achieveexcellence?Investment in IT andoperational security?• CFO preference?CapEx vs OpEx?• Patriot Act, Safe Harbor PrivacyData PhysicalLocation?• No solution is 100% secureCorporate DNA andtolerance for risk?
  • 22. Enterprise Considerations for FileSharing and Collaboration• Security controls• Compliance and reporting• Scalability and availability• Leverage existing content stores• Enterprise integrations22Whether public or private cloud …
  • 23. Accellion Confidential 23Compliance and ReportingReportingGranularity of auditing andreportingExport to 3rd party reportingLog formatting for exportSNMP (Monitoring)CompliancePCI /SOX / HIPAAFIPS ComplianceArchiving and E-DiscoveryIntegration with SIEM, IT GRC
  • 24. Accellion Confidential 24Security ControlsEnterprise Security•Anti-Virus•Data Loss Prevention•Restricted Admin Access to Content•Hardened Server Appliance•Data ResidencyAuthentication / Authorization•SSO with SAML / OAuth / Kerberos•Multi-LDAP and AD integration•Two-Factor Authentication•Password Policies•RBAC•Granular AuthorizationEncryption•Encryption – Data at Rest and in Motion•Encryption Strength•Ownership of Encryption Keys•FIPS 140-2 CertificationMobile Security•Secure Mobile Container•Whitelisted Helper Applications•Server Side Viewing•Remote Wipe•Offline PIN
  • 25. Accellion Confidential 25And don’t forget about the users!“It just works”“Can get at it from anywhere”(subject to corporate policies)“Can use whatever device I want”(subject to corporate policies)“Can share with anybody”(subject to corporate policies)
  • 26. 26Conclusion• No one right answer• Public cloud has risks along with benefits• Private cloud is a viable alternative• Hybrid approaches (mix of public and privatecloud) may be the best answer• Security evaluation criteria apply no matterwhether it’s public or private
  • 27. Accellion provides enterprise-class mobile file sharingsolutions that enable secure anytime, anywhere access toinformation while ensuring enterprise security andcompliance.The world’s leading corporations and government agenciesselect Accellion to protect intellectual property, ensurecompliance, improve business productivity and reduce ITcost.Learn more about Accellion here: www.accellion.comConnect with Accellion here:About Accellion