SlideShare a Scribd company logo

SharePointlandia 2013: SharePoint and Compliance

Download as PPTX, PDF
M
Matthew R. Barrett

How does security compliance translate into the sharepoint world? Presentation outlines security basics, specific compliance requirements, and real-time application of that compliance to sharepoint.

Technology
1 of 35
SharePoint and Compliance… Oil and Water or Milk and Cookies?
Agenda Permissions o About o Security Redux o Permissions o Authentication o Content/Access Control o Compliance o Alphabet Soup o The road to Compliance o Compliance Specifics o Review Security Complianc e
Matt Barrett Senior Solutions Engineer - Axceler - 6 years in security, 2 in SharePoint - Worked on the Metasploit project - Security Evangelist - Compliance Expert Twitter: @mrbarrett LinkedIn: www.linkedin.com/mrb08 Obligatory Self Promotion
Axceler Overview liberating collaboration in the social enterprise through visibility and control • - Have been delivering award-winning administration and migration software since 1994 • - 3000 Customers Globally Dramatically improve SharePoint Management • - Innovative products that improve security and scalability • - Making IT more effective and efficient and lower the total cost of ownership • 3000 Customers Globally Focus on solving specific SharePoint problems • - Coach enterprises on SharePoint best practices • - Give administrators the most innovative tools available • - Deliver “best of breed” offerings
Security Redux Governance How are you using SharePoint? • Document Repo vs. Core Business • Few select users or everybody? What secure content do you have? • Where is it? Permissions
Security Redux Governance Authentication Methods • Windows Authentication • NTLM – Kerberos – Digest – Basic • SP Groups • Claims • SAML tokens • Forms-based – AD DS – LDAP Permissions
Security Redux Governance What can be secured? • Sites • Libraries/Lists • Folders • Documents/Items Permissions
Security Redux Governance Management Challenges • Distributed vs. Centralized Permissions
Security Redux Centralized? Management Challenges • Distributed vs. Centralized • Who’s responsibility is it? Distributed?
Security Redux Security Typical Best Practices vs. Compliance Best Practices • Visitors • Members • Read only? Compliance
Security Redux Security Typical Best Practices vs. Compliance Best Practices • Sites, Lists, Libraries share most permissions • Sensitive data is separated from normal data (typically this is all you need) Compliance
Compliance Changes Things… Plan your work, work your plan
Compliance – Alphabet Soup HIPAA o Sarbanes-Oxley Act (SOX Compliance) o Healthcare Services (HIPAA) o GLBA o California Senate Bill No. 1386 o NERC Cyber Security Standards o Financial Services (GLBA) o Visa Cardholder Information Security Program o MasterCard Site Data Protection Program o American Express Data Security Standard SOX PCI
Compliance Fact Sheet HIPAA SOX PCI • 45 states (including CA) have some form of data breach law • All different, but require protection of PII (Personally Identifyable Information)
What is PII? HIPAA SOX PCI • Full Name • National ID number • IP address (in some cases) • License Plate Number • Driver’s License Number • Face, Fingerprints or Handwriting • Credit Card Numbers!! • Date of Birth • Birthplace • Genetic information
Where Does This Come From? NIST NIST (National Institute of Standards and Technology) • Access Enforcement • Separation of Duties • Least Privilege • Limitign Remote Access • Protecting information at rest through the use of encryption SP800-53
Breaches are Costly! HIPAA SOX PCI • Sony – 77 million credit numbers (april, 2011), cost $171m to fix • Fortune 50 leader in Aerospace – fined $75m for leaking helicopter part information • Breaches are on average $6m+* Source: Ponemon institute
Compliance Changes Things… It’s far more expensive to certify than secure... • Best Advice: Limit your scope!
Step 1: Define Your (forced) Compliance Goals! Security Efficiency Verify • Security vs. Effeciency Paradox • Trust but Verify
Step 1: Define Your Compliance Goals! Benchmarks Ripples Compliant? Understand your Benchmarks • What current business processes could potentially be affected? • Optimization ”ripples” • Effeciency theories • Collaboriation? Is it compliant?
Step 1: Define Your Compliance Goals! Breaches Are Sad Quickest is not always best • Take your time • Far cheaper in the long run • Shortcuts lead to breaches • Breaches lead to sad
Step 2: Commit Pilot Review Deploy Building from Scratch vs. Adaptation • ”You can tailor a framework to a regulation, but you can’t tailor a regulation to a framework”
Step 2: Commit Dev Build Your Pilot • Separate server • No real data • Study! • Gap Analysis Staging
Step 2: Commit Dev Bring More Cooks in the Kitchen • Legal • Security Team • Consultants (if necessary) Staging
Step 3: Assimilate
Step 3: Assimilate Test Once You’re Sure... • After Gap Analysis • Dev to Staging • Typically single-server • Introduce Pilot Users (try to break it) • Penetration Test • Production Verify
Step 4: Maintain Server SharePoint Users Compliance one day doesn’t guarantee compliance the next... • Monitor • Service Packs • User Activity • Confirmation of Permissions • Monitor Regulations • They Change!
Step 4: Maintain Server SharePoint Users Every new element needs to be vetted • One insecure element makes EVERYTHING insecure
Compliance Generalities CIA Triad • Confidentiality • Integrity • Availability Compliance follows common themes...
Compliance Specifics: HIPAA Data must always be encrypted • In transit, at rest • SSL Data must never be lost • DR Plan Data must only be accessible by authorized personnel • Access Control/Authentication • User Security • Password Policies • New Employee Procedures
Compliance Specifics: HIPAA Data must never be tampered with or altered • Audit controls/integrity • Unauthorized modification prevention Data should be encrypted if being stored/archived • Transparent SQL DB encryption Can be permanenty disposed of when no longer needed • Remember: Heath records must be stored for 6 years • Document retention policies
Compliance Specifics: SOX All data must be... • Stored • Retained • Secured • Audited Proof of internal controls • Plans • Framework Disclosure
Compliance Specifics: PCI “if it touches something that stores or processes credit cards, it falls into the compliance” • Pen Testing • External environment scanning • Gap Analysis (PCI DSS) • Document management system
Conclusion Compliance changes things slightly... • Fines are off the charts • More work • More dilligence
Thank You! Learn more about Axceler Solutions • www.axceler.com • Matthew.barrett@axceler.com

Recommended

Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
Aptera Inc
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
Amazon Web Services
 
apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...
apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...
apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...
apidays
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
Salesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data ProtectionSalesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data Protection
CipherCloud
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
Nextel S.A.
 
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays
 

Recommended

Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
Aptera Inc
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
Amazon Web Services
 
apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...
apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...
apidays LIVE New York 2021 - OWASP cautions against “insufficient logging & m...
apidays
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
Salesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data ProtectionSalesforce Security with Visibility, Control & Data Protection
Salesforce Security with Visibility, Control & Data Protection
CipherCloud
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
Nextel S.A.
 
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
dsapps
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
OWASP Nagpur
 
Expertslive 2018 advanced data governance
Expertslive 2018 advanced data governanceExpertslive 2018 advanced data governance
Expertslive 2018 advanced data governance
Albert Hoitingh
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
Digital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to RealityDigital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to Reality
ForgeRock
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the Cloud
Accellis Technology Group
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
Joanne Klein
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2
Vishwas Manral
 
Office 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataOffice 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your Data
Bitglass
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
 
Hallwaze security snapshot
Hallwaze security snapshotHallwaze security snapshot
Hallwaze security snapshot
hallwaze_1
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
CipherCloud
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet Up
WeAreEsynergy
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
AlgoSec
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud Adoption
CipherCloud
 
O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014
Alexey Vlasenko
 
SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SharePoint and GDPR Compliance
SharePoint and GDPR Compliance
SysKit Ltd
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
Bitglass
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 

More Related Content

What's hot

API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
dsapps
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
OWASP Nagpur
 
Expertslive 2018 advanced data governance
Expertslive 2018 advanced data governanceExpertslive 2018 advanced data governance
Expertslive 2018 advanced data governance
Albert Hoitingh
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
Digital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to RealityDigital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to Reality
ForgeRock
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the Cloud
Accellis Technology Group
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
Joanne Klein
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2
Vishwas Manral
 
Office 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataOffice 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your Data
Bitglass
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
 
Hallwaze security snapshot
Hallwaze security snapshotHallwaze security snapshot
Hallwaze security snapshot
hallwaze_1
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
CipherCloud
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet Up
WeAreEsynergy
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
AlgoSec
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud Adoption
CipherCloud
 
O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014
Alexey Vlasenko
 
SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SharePoint and GDPR Compliance
SharePoint and GDPR Compliance
SysKit Ltd
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
Bitglass
 

What's hot (20)

API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 
Expertslive 2018 advanced data governance
Expertslive 2018 advanced data governanceExpertslive 2018 advanced data governance
Expertslive 2018 advanced data governance
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Digital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to RealityDigital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to Reality
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the Cloud
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2
 
Office 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your DataOffice 365 Security: How to Safeguard Your Data
Office 365 Security: How to Safeguard Your Data
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 
Hallwaze security snapshot
Hallwaze security snapshotHallwaze security snapshot
Hallwaze security snapshot
 
CipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution OverviewCipherCloud for Salesforce - Solution Overview
CipherCloud for Salesforce - Solution Overview
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet Up
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud Adoption
 
O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014
 
SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SharePoint and GDPR Compliance
SharePoint and GDPR Compliance
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
 

Similar to SharePointlandia 2013: SharePoint and Compliance

The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
TechSoup
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1
Mike Stone
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Edge Pereira
 
Discover365 Integration Presentation
Discover365 Integration PresentationDiscover365 Integration Presentation
Discover365 Integration Presentation
James Garrett
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
Atif Ghauri
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
Ernest Staats
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Software
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
Precisely
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
Denny Lee
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
Avi Networks
 

Similar to SharePointlandia 2013: SharePoint and Compliance (20)

The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
 
Discover365 Integration Presentation
Discover365 Integration PresentationDiscover365 Integration Presentation
Discover365 Integration Presentation
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 

Recently uploaded

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 

Recently uploaded (20)

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 

SharePointlandia 2013: SharePoint and Compliance

  • 1. SharePoint and Compliance… Oil and Water or Milk and Cookies?
  • 2. Agenda Permissions o About o Security Redux o Permissions o Authentication o Content/Access Control o Compliance o Alphabet Soup o The road to Compliance o Compliance Specifics o Review Security Complianc e
  • 3. Matt Barrett Senior Solutions Engineer - Axceler - 6 years in security, 2 in SharePoint - Worked on the Metasploit project - Security Evangelist - Compliance Expert Twitter: @mrbarrett LinkedIn: www.linkedin.com/mrb08 Obligatory Self Promotion
  • 4. Axceler Overview liberating collaboration in the social enterprise through visibility and control • - Have been delivering award-winning administration and migration software since 1994 • - 3000 Customers Globally Dramatically improve SharePoint Management • - Innovative products that improve security and scalability • - Making IT more effective and efficient and lower the total cost of ownership • 3000 Customers Globally Focus on solving specific SharePoint problems • - Coach enterprises on SharePoint best practices • - Give administrators the most innovative tools available • - Deliver “best of breed” offerings
  • 5. Security Redux Governance How are you using SharePoint? • Document Repo vs. Core Business • Few select users or everybody? What secure content do you have? • Where is it? Permissions
  • 6. Security Redux Governance Authentication Methods • Windows Authentication • NTLM – Kerberos – Digest – Basic • SP Groups • Claims • SAML tokens • Forms-based – AD DS – LDAP Permissions
  • 7. Security Redux Governance What can be secured? • Sites • Libraries/Lists • Folders • Documents/Items Permissions
  • 8. Security Redux Governance Management Challenges • Distributed vs. Centralized Permissions
  • 9. Security Redux Centralized? Management Challenges • Distributed vs. Centralized • Who’s responsibility is it? Distributed?
  • 10. Security Redux Security Typical Best Practices vs. Compliance Best Practices • Visitors • Members • Read only? Compliance
  • 11. Security Redux Security Typical Best Practices vs. Compliance Best Practices • Sites, Lists, Libraries share most permissions • Sensitive data is separated from normal data (typically this is all you need) Compliance
  • 12. Compliance Changes Things… Plan your work, work your plan
  • 13. Compliance – Alphabet Soup HIPAA o Sarbanes-Oxley Act (SOX Compliance) o Healthcare Services (HIPAA) o GLBA o California Senate Bill No. 1386 o NERC Cyber Security Standards o Financial Services (GLBA) o Visa Cardholder Information Security Program o MasterCard Site Data Protection Program o American Express Data Security Standard SOX PCI
  • 14. Compliance Fact Sheet HIPAA SOX PCI • 45 states (including CA) have some form of data breach law • All different, but require protection of PII (Personally Identifyable Information)
  • 15. What is PII? HIPAA SOX PCI • Full Name • National ID number • IP address (in some cases) • License Plate Number • Driver’s License Number • Face, Fingerprints or Handwriting • Credit Card Numbers!! • Date of Birth • Birthplace • Genetic information
  • 16. Where Does This Come From? NIST NIST (National Institute of Standards and Technology) • Access Enforcement • Separation of Duties • Least Privilege • Limitign Remote Access • Protecting information at rest through the use of encryption SP800-53
  • 17. Breaches are Costly! HIPAA SOX PCI • Sony – 77 million credit numbers (april, 2011), cost $171m to fix • Fortune 50 leader in Aerospace – fined $75m for leaking helicopter part information • Breaches are on average $6m+* Source: Ponemon institute
  • 18. Compliance Changes Things… It’s far more expensive to certify than secure... • Best Advice: Limit your scope!
  • 19. Step 1: Define Your (forced) Compliance Goals! Security Efficiency Verify • Security vs. Effeciency Paradox • Trust but Verify
  • 20. Step 1: Define Your Compliance Goals! Benchmarks Ripples Compliant? Understand your Benchmarks • What current business processes could potentially be affected? • Optimization ”ripples” • Effeciency theories • Collaboriation? Is it compliant?
  • 21. Step 1: Define Your Compliance Goals! Breaches Are Sad Quickest is not always best • Take your time • Far cheaper in the long run • Shortcuts lead to breaches • Breaches lead to sad
  • 22. Step 2: Commit Pilot Review Deploy Building from Scratch vs. Adaptation • ”You can tailor a framework to a regulation, but you can’t tailor a regulation to a framework”
  • 23. Step 2: Commit Dev Build Your Pilot • Separate server • No real data • Study! • Gap Analysis Staging
  • 24. Step 2: Commit Dev Bring More Cooks in the Kitchen • Legal • Security Team • Consultants (if necessary) Staging
  • 26. Step 3: Assimilate Test Once You’re Sure... • After Gap Analysis • Dev to Staging • Typically single-server • Introduce Pilot Users (try to break it) • Penetration Test • Production Verify
  • 27. Step 4: Maintain Server SharePoint Users Compliance one day doesn’t guarantee compliance the next... • Monitor • Service Packs • User Activity • Confirmation of Permissions • Monitor Regulations • They Change!
  • 28. Step 4: Maintain Server SharePoint Users Every new element needs to be vetted • One insecure element makes EVERYTHING insecure
  • 29. Compliance Generalities CIA Triad • Confidentiality • Integrity • Availability Compliance follows common themes...
  • 30. Compliance Specifics: HIPAA Data must always be encrypted • In transit, at rest • SSL Data must never be lost • DR Plan Data must only be accessible by authorized personnel • Access Control/Authentication • User Security • Password Policies • New Employee Procedures
  • 31. Compliance Specifics: HIPAA Data must never be tampered with or altered • Audit controls/integrity • Unauthorized modification prevention Data should be encrypted if being stored/archived • Transparent SQL DB encryption Can be permanenty disposed of when no longer needed • Remember: Heath records must be stored for 6 years • Document retention policies
  • 32. Compliance Specifics: SOX All data must be... • Stored • Retained • Secured • Audited Proof of internal controls • Plans • Framework Disclosure
  • 33. Compliance Specifics: PCI “if it touches something that stores or processes credit cards, it falls into the compliance” • Pen Testing • External environment scanning • Gap Analysis (PCI DSS) • Document management system
  • 34. Conclusion Compliance changes things slightly... • Fines are off the charts • More work • More dilligence
  • 35. Thank You! Learn more about Axceler Solutions • www.axceler.com • Matthew.barrett@axceler.com