Transcript of "Dr. David Movshovitz - Navajo SaaS"
The Navajo Systems vision: To expand the use of cloud computing by eliminating the entry barriers of data privacy and regulatory compliance. Founded in 2009 by experts in the fields of information security and back by Jerusalem Venture Partners a leading Israeli venture capital fund with over $780 million under management
Navajo Code TalkersAmerica’s secret weapon in WWII
SaaS is all around usThe “traditional” enterprise vendors are coming in
Saas Industry Consensus #2 “Security is the number one issue affecting the adoption of cloud services.” Dan Yachin IDC - 2008 “Privacy concerns and laws or other domestic or foreign regulations may reduce the effectiveness of our solution and adversely affect our business.” SalesForce 2008 Annual Report “The security models being used three or four years go are not the kind well be using in the future.” Steve Purser, deputy director of European Union network security agency
Relevant Data Security Regulations • Health Insurance Portability and Accountability Act (HIPAA) • Sarbanes Oxley (SOX) • Childrens Online Privacy Protection Act (COPPA) • Family Educational Rights and Privacy Act (FERPA) US State Regulations • Californias AB 1950 and SB1386/CC1798 • Nevada NRS 597.970 • Massachusetts 201 CMR 17.00 • Floridas HB 481 • Georgias SB 230 The controller himself needs to • Illinois HB 1633 • New Yorks AB 4254 GUARANTEE compliance with • Pennsylvanias SB 712 • Utahs SB 69 all data protection regulations. International Regulations • The Payment Card Industry Data Security Standard (PCI DSS) and Check 21 Act • UK Data Protection Act • Canadas Personal Information Protection and Electronic Documents Act (PIPEDA) • International government and banking regulations for the European Union, United Kingdom, Israel, South Africa, Australia and Singapore
Cloud ComputingCloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties (CSA Guideline 2.0) What can we do?
VPS: A Revolutionary Concept Customer is in control of its data privacy Real-time encryption of sensitive SaaS data Sensitive data remains encrypted while at rest SaaS application functionality is unaffected Out-of-the-box policy configuration No need to modify the SaaS application*Patent pending technology
Step 3: Receive Data from App 5: Store Encrypted Data 4: Send Encrypted Data Encrypted Data Customer name : eso01992 Social security no : add3441asdad E-mail : firstname.lastname@example.org Address : edqew213ada Parent account : adcae87asf Credit card no : adwew.edwe.eqe.qeqe Phone no : 432-2424-242-234
Step 7: Decrypt and Present Data 6: Detect Encrypted Data