Df2012 securing information_assets_in_saa_s_clouds_3_0

•Download as PPTX, PDF•

0 likes•314 views

debbanerjee

Technology

Shared Responsibility for Security in SaaS Clouds

SAAS
Enterprise
Responsibility

PAAS

IAAS

Dreamforce 2012 2

Shared Security Model: Enterprise Responsibilities

Dreamforce 2012 4

Sensitive Information Assets
•Applications

-Standard
•Documents -Custom

• Database Tables

Asset Discovery is a Foundational Capability.

Dreamforce 2012 6

SaaS Information Asset Classification
• PII

• PCI

Data Classification
Force.com Apex agents
• Context-based: DLP-Lite
• Content Inspection: Traditional DLP

Dreamforce 2012 7

SaaS Information Asset Classification: Context-
Based
Identifies data owners based on activity streams

Enables Data Classification based on sensitivity of owner roles
Dreamforce 2012 8

Polling Question

Which sensitive data do you have in the Cloud?
•PCI – Credit card data

•PII/EU DP privacy-related

•HIPAA – Health Care

•FERPA - Education

•Other Company Sensitive

Dreamforce 2012 9

Configuration Vulnerability: External Service
Integrations

External Service Integration

Dreamforce 2012 1

Configuration Vulnerability: Application Permissions

Application Permissions

Presentation Identifier Goes Here 1

SaaS Asset Configuration Assessment: Sharing
Rules

Dreamforce 2012 1

SaaS Asset Configuration Assessment: User
Permissions

Dreamforce 2012 1

SaaS Asset Configuration Assessment: User
Permissions

Presentation Identifier Goes Here 1

PLAYING DEFENSE
Best Practices/Solutions

Presentation Identifier Goes Here 1

Data Classification

Content-Based Classification
Context-based Classification
Multiple Deployment Models
 Agents as Salesforce Apps
 Activity Monitoring
 Cloud Security Brokers

Presentation Identifier Goes Here 1

User Management

User Provisioning/De-Provisioning
Access Control
 Context-aware e.g. location-based, data sensitvity-aware
 Strong Authentication

Presentation Identifier Goes Here 1

Configuration Assessment

Permissions
 Applications, Users, Roles/Profiles
Configuration Change Assessments
 Did someone’s permission to sensitive data increase “unusually”?
Applications
 Which apps, What data, What users, What external services?

Presentation Identifier Goes Here 1

Encryption/Tokenization

Geo-Residency and Privacy Requirements
Defense in Depth
Encryption
 Key Management
 Impact on hosted application
Network Deployment Model
 Cloud Security Brokers

Dreamforce 2012 2

SaaS Activity Monitoring for Insider Threat Detection
Activity Logs:

Activity Logs:

Dreamforce 2012 2

Solution Architecture: Extending Out From The Security Ops
Cloud
Enterprise Security
End User
Brokers
Control Asset Compliance
Assessment View
SFDC Config
Checks

Information
DLP Classification View Security &
Remediation DLP Agent Content & Compliance
Agent(APEX) (APEX) Context Admin
SFDC SFDC
API API

Activity-based
Remediation Asset Feed Asset Metadata FeedActivity Feed SIEM/DI Threat detection
SFDC Security Ops
Asset Asset Activity Asset Feeds Collector
Remediation
Discovery Classification Log
API Orchestration

Dreamforce 2012 2

Polling Question

Which Security Solutions are you using today?
•Data Classification

•User Provisioning and Access Management

•Encryption/Tokenization

•Configuration Assessment

•Activity Monitoring

Dreamforce 2012 2

Deb Banerjee
Technical Director
@banerjeesec

Df2012 securing information_assets_in_saa_s_clouds_3_0

What's hot

Gartner iam 2011-analytics-aj-orig-recordednp-finalOracleIDM

Round table guideOracleIDM

Oracle security-formulaOracleIDM

Enterprise Strategy for Cloud SecurityBob Rhubart

Manpower group idm-platformOracleIDM

Overview of Identity and Access Management Product LineNovell

2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA

How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell

Innovations in Grid Computing with Oracle CoherenceBob Rhubart

Identity and Request Management Using Novell Identity Manager: Identity Manag...Novell

Oracle a TBIZ2011TechnologyBIZ

Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.

21st Century SOABob Rhubart

Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik

Securing and Governing Cloud APIsCA API Management

Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Systems, Inc.

Prakhar Sood-Resume-CVPrakhar Sood

Advanced persistent threatsNetwork Intelligence India

Sun2 oracle avea's identity management platform transformationOracleIDM

What's hot (19)

Gartner iam 2011-analytics-aj-orig-recordednp-final

Round table guide

Oracle security-formula

Enterprise Strategy for Cloud Security

Manpower group idm-platform

Overview of Identity and Access Management Product Line

2012-01 How to Secure a Cloud Identity Roadmap

How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...

Innovations in Grid Computing with Oracle Coherence

Identity and Request Management Using Novell Identity Manager: Identity Manag...

Oracle a TBIZ2011

Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...

21st Century SOA

Building a Strong Foundation for Your Cloud with Identity Management

Securing and Governing Cloud APIs

Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...

Prakhar Sood-Resume-CV

Advanced persistent threats

Sun2 oracle avea's identity management platform transformation

Viewers also liked

SaaS as a Security Hazard - Google Apps Security ExampleNewvewm

The security of SAAS and private cloudAzure Group

Moving To SaaSAlistair Croll

Why Software as a Service (SaaS) requires a new approach to Application Manag...Accenture Technology

9 Worst Practices in SaaS MetricsChristoph Janz

Google Accel Report - SaaS India, Global SMB Market, $50B in 2025 #SaaSinIndi...Accel Partners India

Best Practices for Managing SaaS ApplicationsCorrelsense

Viewers also liked (7)

SaaS as a Security Hazard - Google Apps Security Example

The security of SAAS and private cloud

Moving To SaaS

Why Software as a Service (SaaS) requires a new approach to Application Manag...

9 Worst Practices in SaaS Metrics

Google Accel Report - SaaS India, Global SMB Market, $50B in 2025 #SaaSinIndi...

Best Practices for Managing SaaS Applications

Similar to Df2012 securing information_assets_in_saa_s_clouds_3_0

Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark

Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY

Secure Enterprise CloudIndu Kodukula

Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization

Sira insights from cloud vendor risk assessmentsCary Sholer

Securityinsideoutgueste69f645

Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH

SaaS Challenges & Security ConcernsKannan Subbiah

SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran

Security in a Cloudy ArchitectureBob Rhubart

Building a database security programmatt_presson

DATAWEEK KEYNOTE: LARGE SCALE SEARCH, DISCOVERY AND ANALYSIS IN ACTIONivan provalov

Projecting Enterprise Security Requirements on the CloudScientia Groups

Building an Effective Identity Management StrategyNetIQ

Security IntelligenceIBMGovernmentCA

Cloud Computing EssentialsVelocity Technology Solutions

Enterprise Security in CloudLenin Aboagye

Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)

Securing Your Cloud Applications with Novell Cloud Security ServiceNovell

Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management

Similar to Df2012 securing information_assets_in_saa_s_clouds_3_0 (20)

Sådan undgår du misbrug af kundedata og fortrolig information

Integrating Information Protection Into Data Architecture & SDLC

Secure Enterprise Cloud

Enterprise API Security & Data Loss Prevention - Intel

Sira insights from cloud vendor risk assessments

Securityinsideout

Oracle tech fmw-05-idm-neum-16.04.2010

SaaS Challenges & Security Concerns

SunGard Enterprise Cloud Services @ Cloud Connect 2011

Security in a Cloudy Architecture

Building a database security program

DATAWEEK KEYNOTE: LARGE SCALE SEARCH, DISCOVERY AND ANALYSIS IN ACTION

Projecting Enterprise Security Requirements on the Cloud

Building an Effective Identity Management Strategy

Security Intelligence

Cloud Computing Essentials

Enterprise Security in Cloud

Enterprise Security in Hybrid Cloud ISACA-SV 2012

Securing Your Cloud Applications with Novell Cloud Security Service

Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise

Recently uploaded

How to convert PDF to text with Nanonetsnaman860154

IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge

Key Features Of Token Development (1).pptxLBM Solutions

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix

Presentation on how to chat with PDF using ChatGPT code interpreternaman860154

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

Understanding the Laravel MVC ArchitecturePixlogix Infotech

08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community

Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal

How to Remove Document Management Hurdles with X-Docs?XfilesPro

Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard

Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK

Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski

Recently uploaded (20)

How to convert PDF to text with Nanonets

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Key Features Of Token Development (1).pptx

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Swan(sea) Song – personal research during my six years at Swansea ... and bey...

Presentation on how to chat with PDF using ChatGPT code interpreter

Advanced Test Driven-Development @ php[tek] 2024

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

Understanding the Laravel MVC Architecture

08448380779 Call Girls In Friends Colony Women Seeking Men

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

Vulnerability_Management_GRC_by Sohang Sengupta.pptx

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

How to Remove Document Management Hurdles with X-Docs?

Maximizing Board Effectiveness 2024 Webinar.pptx

Unblocking The Main Thread Solving ANRs and Frozen Frames

Next-generation AAM aircraft unveiled by Supernal, S-A2

SQL Database Design For Developers at php[tek] 2024

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...

Df2012 securing information_assets_in_saa_s_clouds_3_0

1. Securing Information Assets in SaaS Clouds Deb Banerjee Technical Director, Symantec @banerjeesec Dreamforce 2012 1

2. Shared Responsibility for Security in SaaS Clouds SAAS Enterprise Responsibility PAAS IAAS Dreamforce 2012 2

3. Dreamforce 2012 3

4. Shared Security Model: Enterprise Responsibilities Dreamforce 2012 4

5. ASSETS Dreamforce 2012 5

6. Sensitive Information Assets •Applications -Standard •Documents -Custom • Database Tables Asset Discovery is a Foundational Capability. Dreamforce 2012 6

7. SaaS Information Asset Classification • PII • PCI Data Classification Force.com Apex agents • Context-based: DLP-Lite • Content Inspection: Traditional DLP Dreamforce 2012 7

8. SaaS Information Asset Classification: Context- Based Identifies data owners based on activity streams Enables Data Classification based on sensitivity of owner roles Dreamforce 2012 8

9. Polling Question Which sensitive data do you have in the Cloud? •PCI – Credit card data •PII/EU DP privacy-related •HIPAA – Health Care •FERPA - Education •Other Company Sensitive Dreamforce 2012 9

10. VULNERABILITIES Dreamforce 2012 1

11. Configuration Vulnerability: External Service Integrations External Service Integration Dreamforce 2012 1

12. Configuration Vulnerability: Application Permissions Application Permissions Presentation Identifier Goes Here 1

13. SaaS Asset Configuration Assessment: Sharing Rules Dreamforce 2012 1

14. SaaS Asset Configuration Assessment: User Permissions Dreamforce 2012 1

15. SaaS Asset Configuration Assessment: User Permissions Presentation Identifier Goes Here 1

16. PLAYING DEFENSE Best Practices/Solutions Presentation Identifier Goes Here 1

17. Data Classification Content-Based Classification Context-based Classification Multiple Deployment Models  Agents as Salesforce Apps  Activity Monitoring  Cloud Security Brokers Presentation Identifier Goes Here 1

18. User Management User Provisioning/De-Provisioning Access Control  Context-aware e.g. location-based, data sensitvity-aware  Strong Authentication Presentation Identifier Goes Here 1

19. Configuration Assessment Permissions  Applications, Users, Roles/Profiles Configuration Change Assessments  Did someone’s permission to sensitive data increase “unusually”? Applications  Which apps, What data, What users, What external services? Presentation Identifier Goes Here 1

20. Encryption/Tokenization Geo-Residency and Privacy Requirements Defense in Depth Encryption  Key Management  Impact on hosted application Network Deployment Model  Cloud Security Brokers Dreamforce 2012 2

21. SaaS Activity Monitoring for Insider Threat Detection Activity Logs: Activity Logs: Dreamforce 2012 2

22. Solution Architecture: Extending Out From The Security Ops Cloud Enterprise Security End User Brokers Control Asset Compliance Assessment View SFDC Config Checks Information DLP Classification View Security & Remediation DLP Agent Content & Compliance Agent(APEX) (APEX) Context Admin SFDC SFDC API API Activity-based Remediation Asset Feed Asset Metadata FeedActivity Feed SIEM/DI Threat detection SFDC Security Ops Asset Asset Activity Asset Feeds Collector Remediation Discovery Classification Log API Orchestration Dreamforce 2012 2

23. Polling Question Which Security Solutions are you using today? •Data Classification •User Provisioning and Access Management •Encryption/Tokenization •Configuration Assessment •Activity Monitoring Dreamforce 2012 2

24. Deb Banerjee Technical Director @banerjeesec

Df2012 securing information_assets_in_saa_s_clouds_3_0

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (7)

Similar to Df2012 securing information_assets_in_saa_s_clouds_3_0

Similar to Df2012 securing information_assets_in_saa_s_clouds_3_0 (20)

Recently uploaded

Recently uploaded (20)

Df2012 securing information_assets_in_saa_s_clouds_3_0