Evidence-based protection of web resources a must under the GDPR. How the Akamai Intelligent Platform helps customers to mitigate risks
|
|
- Whitney Martin
- 6 years ago
- Views:
Transcription
1 AKAMAI WHITE PAPER Evidence-based protection of web resources a must under the GDPR How the Akamai Intelligent Platform helps customers to mitigate risks
2 Table of Contents GDPR: What is it? 1 How can Akamai help with GDPR compliance? 2 Work Risk-based 2 Build Evidence 3 Use state-of-the-art Technology 3 Implement a Zero Trust Enterprise Security Strategy 5 Conclusion 6
3 Evidence-based protection of web resources a must under the GDPR 1 GDPR is a game changer. State-of-the-art solutions are necessary. Akamai s security services will help minimize the risks associated with your personal data processing activities. Dr. Anna Schmits, EU Data Protection Officer, Akamai GDPR: What is it? The EU General Data Protection Regulation (GDPR) is a new EU regulation that replaces the existing Data Protection Directive 95/46/EC, as well as many local laws implementing the Directive. The GDPR harmonizes data privacy laws across Europe to protect all EU citizens data privacy rights. Under the new rules of the GDPR, the impact of non-compliance (e.g., failing to prove that the personal data processed has been adequately protected in case of breach) can have a material impact on the financial status of an organization, as well as severe consequences for its business leaders. Ultimately, the reputation of the organization is at stake. The GDPR will be equally enforced by all European member states and will go into effect beginning 25 May Among its many requirements, the GDPR requires that companies, in order to minimize risks to the rights and freedoms of individuals, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These security measures must be in place before the May 2018 deadline. Given the significant volume of personal and sensitive data that is accessible via Internet-facing websites and web-facing applications, this is no small task. In addition, the GDPR requires that organizations processing personal data be able to demonstrate that appropriate security measures are effectively and efficiently protecting the personal data processed. Meeting this obligation is complicated by the fact that organizations often utilize many third parties to provide specific data processing activities. While there may be a chain of data processing activities spread among a number of separate parties, the original organization the so-called Data Controller remains responsible for the protection of the personal data processed. Given the accountability established under the GDPR, it is an absolute must that Data Controllers have appropriate security measures in place and be able to provide evidence, especially in the unfortunate event of a data loss or breach, that these measures are effective. What exactly is an appropriate security measure and what required evidence is expected to be delivered in a timely manner? According to the GDPR, appropriate security measures will be those that take into account the state of the art, the cost of implementation, and the scope, context, and purposes of processing, and balance these against the risks and impacts to the rights and freedoms of individuals. Of course, the perception of what is appropriate or in balance will be determined by the Data Protection Authority (DPA), who will no doubt look to industry best practice as a guide. One tool for arriving at the required balance discussed above is the data protection impact assessment (DPIA), a process required in some cases under the GDPR to determine the potential impact of data processing activities. When conducting a DPIA, an organization must document in detail a number of factors, including: Envisaged data processing operations; The necessity and proportionality of these operations; An assessment of the risks of data breach associated with the operations; The measures envisaged to address these risks, including safeguards and security measures, and mechanisms to ensure protection of personal data. 1
4 Evidence-based protection of web resources a must under the GDPR 2 The GDPR mandates a risk-based approach to data protection. Security obligations are not stated in a vacuum, but rather are to be developed based upon a thorough analysis and understanding of the risks that each processing activity may have for the individuals whose data is being processed. While this approach offers the necessary flexibility to allow organizations to apply reasonable measures in light of costs, system architecture, and related factors, it nevertheless requires a rigorous cost-benefit/risk review of everything that the organization does with personal data. In many cases, this is a significant task. How successfully an organization can provide sufficient evidence of effective risk mitigation will depend upon its understanding of the relevant privacy risks as well as the strengths of the state-of-the-art security measures it chooses to implement in response to perceived risks. Of course, an organization s success also will depend upon the selection of partners that understand security and data protection obligations and take the necessary steps to protect their own systems. Akamai is committed to protecting the security of all data transmitted over its platform, and has adopted an enterprise-wide information security program in accordance with the International Standard ISO/IEC ISO 2700x standard for information security management. Akamai is assessed annually against the ISO and the U.S. federal government s FedRAMP standard. In addition, Akamai s Secure CDN platform is assessed annually for compliance with the Payment Card Industry s Data Security Standards and the Health Insurance Portability and Accountability Act. Akamai also undergoes annual Service Organization Control 2 Type 2 auditing and reporting. How can Akamai Help with GDPR Compliance? Under the GDPR, evidence must be documented to show that that personal data processed by an organization is appropriately and sufficiently protected. In an interconnected world, where many web applications and websites contain or access personal data, this can be a big challenge. This challenge encompasses people, process, and technology. Akamai s Intelligent Platform can be leveraged to help meet this challenge and offers a strong security strategy based on the best security professionals in the market, flexible and high-quality processes, and recognized state-of-the-art technology. Akamai provides four principles for approaching the security requirements under the GDPR. We will describe below how Akamai Security Solutions can help organizations address major data processing risks. Work Risk-based Significant volumes of personal data are processed through Internet-facing applications. Companies and organizations are required under the GDPR to implement appropriate technical and organizational measures 2 to secure the personal data under their control. Such measures should include security technologies designed to protect Internet-facing applications and websites from attacks intended to access personal data. The Akamai Web Application Firewall () combines industry best practices such as those set out by the Open Web Application Security Project (OWASP) with intelligent scoring mechanisms to identify attack traffic. In addition, first-class security experts continuously monitor the web for new attacks. The Akamai is by design a risk-based threat protection service. It is built upon risk groups that can be used to immediately, effectively, and efficiently mitigate risks associated with the most sophisticated application layer attacks. By implementing the Akamai, customers can demonstrate that they have taken reasonable steps to prepare themselves against many known and unknown threats.
5 Evidence-based protection of web resources a must under the GDPR 3 An increasing amount of traffic traveling through the Akamai Intelligent Platform is API-based. The risk caused by APIs being under-protected is explicitly called out in the OWASP Top 10 of 2017 as an increasing risk that needs special attention. Akamai Kona Site Defender is focused on protecting API traffic. Kona Site Defender: protects RESTful APIs and traditional XML-based web services; mitigates DDoS attacks and data theft caused by excessive rate, slow post, parameter, and MITM attacks; is offered as a cloud solution and scales to the needs of the largest business asset owners and API publishers; provides analytics and value confirmation reports; provides SIEM integration. Hard evidence that high-reputation best practices are effectively and efficiently implemented as part of an Information Security Management System forms an essential part of an organization s risk mitigation, and will help to satisfy a Data Protection Authority by showing that appropriate security measures have been taken. Build Evidence In the event of a security breach requiring the reporting of the loss of personal data to a DPA, it is extremely important that evidence is supplied to the DPA of the mitigation steps taken historically and the mitigation steps that will be taken in the future to ensure the impact is minimized. For security measures to be effective, they must constantly be reviewed against new and changing threats. Akamai Security Optimization Assistance helps organizations to respond to the ever-changing threat landscape and provides evidence that they have actively anticipated and mitigated risks by creating and maintaining effective and efficient rules. Extensive reporting and evaluation is delivered containing the type, quantity, and probability of attacks in a given time period. As part of the Akamai Managed Kona Site Defender service, an Akamai security expert will proactively review security policies and make suggestions for ongoing adjustments of the rules. Use State-of-the-Art Technology According to the GDPR, appropriate security measures will be those that consider the state of the art 3, the cost of implementation, and the scope, context and purposes of processing and balance these against the risks and impacts to the rights and freedoms of individuals. Of course, the perception of what is appropriate or in balance will be determined by the appropriate Data Protection Authority (DPA) who will no doubt look to industry best-practice as a guide. Distributed Denial of Service (DDoS) attacks combined with application layer attack vectors like SQL injection (SQLi), Local File Inclusion (LFI), Remote File Inclusion (RFI), and Cross-Site-Scripting (XSS) are an extremely dangerous combination when it comes to the theft and leakage of personal data. Often, separate and siloed solutions from different vendors that are unaware of each other s existence are installed in your (cloud) datacenter. This approach is suboptimal and leads to delays and ineffective responses. While applications and personnel are kept busy and many incidents are created, a very targeted attack can be launched at the same time, stealing specific sensitive information. Personal data can only be effectively protected by a solution that protects against both DDoS and application layer attacks in a harmonized and coordinated way. Gerhard Giese, Manager Enterprise Security Architects EMEA, Akamai
6 Evidence-based protection of web resources a must under the GDPR 4 Where Scale Matters! Delivering Performance and Security from the Edge Node. FastDNS Application Origin Client Reputation As the Akamai Web Application Firewall is part of the Akamai Intelligent Platform, it is designed to deliver customer content via the best available Edge Node for the user requesting certain web content (the is part of Akamai s core Content Delivery Network infrastructure). The best available Akamai Edge Node is, in many cases, the Edge Node that is physically closest to the user requesting your web content. The Akamai Intelligent Platform consists of a worldwide fine-grained network of more than 230,000 Edge Nodes that run in more than 1,600 networks in more than 130 countries. The result is that attackers are stopped as soon as they try to reach corporate websites or web applications via the Akamai Edge Node not just before the attack hits your corporate website or application server in your datacenter, where it becomes cumbersome to absorb all the load and to detect and mitigate the attack. Expensive oversized equipment needs to be bought and managed, or hybrid solutions need to be implemented with uncertain costs associated. The Akamai is installed on thousands of Edge Nodes and absorbs the entire load smoothly while mitigating the attack at no extra capital cost to the organization. Application layer DDoS attacks, and attacks using ports other than ports 80 or 443, are immediately stopped at the Akamai Edge Node. Specific customers rules are quickly rolled out across thousands of relevant Edge Nodes protecting all the organizations web-facing resources all over the globe. This unique and innovative approach means that Akamai is better positioned than any other security vendor to protect the whole data processing and data distribution chain of personal data of any organization with any kind of Internet presence. The effectiveness of the Akamai can be increased further by adding the reputation of the IP addresses accessing your web resources. Akamai s Client Reputation database sees 1 billion IP addresses each quarter. A small percentage of these are deemed to be malicious and rated on a scale of 1 to 10, and can be blocked by the customer using rules. Every day, hundreds of millions of IP addresses are analyzed for malicious activity. This innovative approach results in a measurable effectiveness,in most cases, with an accuracy of more than 95%. Evaluation of the effectiveness 4 of the implemented security control is an important part of the GDPR compliance process. Credential (username/password) theft can very easily lead to the loss of sensitive personal data. Following a recent large leakage of passwords on the Internet, researchers found that 8.8% of these credentials use one of seven very simple passwords (e.g., , password, etc.). People tend to choose simple passwords that they can easily remember, and people reuse passwords often. Once credentials are hacked, it s possible that multiple data sources are exposed. Attackers use sophisticated botnets to automatically and rapidly access websites worldwide using stolen credentials.
7 Evidence-based protection of web resources a must under the GDPR 5 Akamai is well positioned to mitigate these risks. Akamai Bot Manager Premier installed on Akamai Edge Nodes can inspect and reject traffic to your web resources based on credential abuse-specific reputation. Implement a Zero Trust Enterprise Security Strategy Implementing a Zero Trust enterprise security strategy will make GDPR compliance easier and avoid associated costs. Zero Trust Enterprise Security Strategy Keep Single User Administration Create Audit Trails Internet Enterprise App A User DMZ in the Cloud Software Defined Perimeter App B App C No Attack Footprint Zero Trust isolates applications containing sensitive personal data Zero Trust is based on the concept that there is no distinction made between internal and external network traffic. In fact, nothing and nobody should be trusted in or outside your corporate environment. The first step is that access needs to be explicitly granted and confirmed by a central management system to all resources and all the traffic needs to be monitored and inspected all the time. Secondly the classical network design based on a DMZ is transformed into an isolated services approach. The access of applications via a cloud perimeter means the applications are isolated from the Internet and users are kept off your network. The application and personal data cannot be accessed other than via the Akamai Intelligent Platform, which obfuscates corporate infrastructure and resources. The result is that personal data, whether in a corporate datacenter or IaaS, can be protected much more effectively. The segmentation and isolation of applications and data combined with full access logging makes audits and/or Data Protection Impact Assessments less time consuming. In times of challenges, it is much clearer where to search. Additionally, part of a Zero Trust strategy is the principle that you don t trust users or their respective devices. Inline inspection is needed, and every action users take must be monitored and logged. Audit trails of employee and contractor activity can be secured in an appropriate way, which eases the documentation for any required Data Protection Impact Assessment or audit. In addition, since the vast majority of malicious attacks use DNS across the entire cyber kill chain, it is important to not only get visibility into Internet-bound DNS requests, but also use DNS as an enterprise control point. Utilizing the Akamai Cloud Perimeter to achieve Zero Trust means all DNS requests are inspected and evaluated. If untrustworthy links are clicked in phishing or ransomware attempts, the cloud perimeter would block the DNS request and protect your users. Leverage the Akamai Cloud Perimeter to: Only deliver apps/data to authn & authz users/devices Proactively prevent malware & DNS-based exfiltration everywhere Never trust and always verify with full visibility
8 Evidence-based protection of web resources a must under the GDPR 6 Conclusion The GDPR requires a risk-based approach to data protection and asks for hard evidence that risks are continuously mitigated sufficiently. All organizations that process in any way the personal data of individuals in the EU must be prepared to demonstrate that they have taken strong steps to protect the personal data under their control. Akamai has developed and operates the world s largest and most advanced cloud-based Intelligent Platform for securely distributing and accelerating web content. Leveraging the security knowledge and expertise of Akamai helps customers to protect their data assets, including personal data protected under the GDPR, against loss and unlawful access. Akamai can help with concrete steps to further customers efforts at GDPR compliance. By implementing the Akamai Web Application Firewall (), customers can demonstrate that they have taken steps to prepare themselves against many known and unknown threats. The combines industry best practices with intelligent risk-based scoring mechanisms to identify attack traffic. Highly trained Akamai security experts help organizations to respond to the ever-changing threat landscape and provide evidence that organizations have actively anticipated risks by creating and maintaining effective and efficient rules. In addition, the implementation of a harmonized and integrated DDoS and application layer solution mitigates the risk of multi-vector attacks focused on stealing personal data. Last but not least, implementing a Zero Trust security strategy utilizing the Akamai cloud perimeter helps customers to adequately isolate the applications that process personal data. Audit trails are maintained of who accessed which resources when, and proper protection mechanisms protect employees and contractors from infection. Akamai is determined to help business owners manage the risks incurred by the new privacy regulation. Author: Erik van Veen, CISSP, Akamai Technologies Sources 1) See GDPR Article 35 (7) 2) See GDPR Article 24 (1) and Article 32 (1) 3) See GDPR Article 25 (1) and Article 32 (1) 4) See GDPR Article 32 (1d) As the world s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai s massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organizations trust Akamai please visit blogs.akamai.com, on Twitter. You can find our global contact information at Published 12/17.
AKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationOverview of Akamai s Personal Data Processing Activities and Role
Overview of Akamai s Personal Data Processing Activities and Role Last Updated: April 2018 This document is maintained by the Akamai Global Data Protection Office 1 Introduction Akamai is a global leader
More informationTHE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES
THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES TABLE OF CONTENTS 3 Introduction 4 Survey Findings 4 Recent Breaches Span a Broad Spectrum 4 Site Downtime and Enterprise
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationAIRMIC ENTERPRISE RISK MANAGEMENT FORUM
AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business
More informationGeneral Data Protection Regulation (GDPR) and the Implications for IT Service Management
General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection
More informationAKAMAI THREAT ADVISORY. Satori Mirai Variant Alert
AKAMAI THREAT ADVISORY Satori Mirai Variant Alert Version: V002 Date: December 6, 2017 1.0 / Summary / Akamai, along with industry peers, has identified an updated variant of Mirai (Satori) that has activated
More informationakamai s [state of the internet] / security
[Volume 2 / Number 2] akamai s [state of the internet] / security Q2 215 executive summary The Security Report has five research sections: Quarter-over-quarter and year-ago quarterly attack statistics
More informationAKAMAI WHITE PAPER. Security and Mutual SSL Identity Authentication for IoT. Author: Sonia Burney Solutions Architect, Akamai Technologies
AKAMAI WHITE PAPER Security and Mutual SSL Identity Authentication for IoT Author: Sonia Burney Solutions Architect, Akamai Technologies Security and Mutual SSL Identity Authentication for IoT 1 Introduction:
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationAN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers
AN IPSWITCH WHITEPAPER 7 Steps to Compliance with GDPR How the General Data Protection Regulation Applies to External File Transfers Introduction Stolen personal data drives a thriving black market for
More informationPutting security first for critical online brand assets. cscdigitalbrand.services
Putting security first for critical online brand assets cscdigitalbrand.services 2 As the most security conscious digital brand service provider, our clients trust us to take care of their businesses and
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationand indeed live most of our lives online. Whether we are enterprise users or endpoint consumers, our digital experiences are increasingly delivered
1 lchannel Introduction := make(chan ControlMessage);work ercompletechan := make(chan bool); statusp ollchannel Digital security := has make(chan never taken on greater urgency. chan Today we bool); live
More informationQ&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai
TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL An interview with John Summers, Enterprise VP and GM, Akamai Q&A What are the top things that business leaders need to understand about today s cybersecurity
More informationDIGITAL TRANSFORMATION IN FINANCIAL SERVICES
DIGITAL TRANSFORMATION IN FINANCIAL SERVICES Global Priorities, Progress, and Obstacles Insights from business and IT executives at financial services institutions worldwide reveal that while digital transformation
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationTechValidate Survey Report: SaaS Application Trends and Challenges
TechValidate Survey Report: SaaS Application Trends and Challenges TechValidate Survey Report: SaaS Application Trends and Challenges 2 The current growth rates and investments in SaaS are astounding.
More informationSTOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.
Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationGeneral Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!
General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires
More informationDIGITAL TRUST Making digital work by making digital secure
Making digital work by making digital secure MARKET DRIVERS AND CHALLENGES THE ROLE OF IT SECURITY IN THE DIGITAL AGE 2 In today s digital age we see the impact of poor security controls everywhere. Bots
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationUnderstand & Prepare for EU GDPR Requirements
Understand & Prepare for EU GDPR Requirements The information landscape has changed significantly since the European Union (EU) introduced its Data Protection Directive in 1995 1 aimed at protecting the
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationCIO INSIGHTS Boosting Agility and Performance on the Evolving Internet
CIO INSIGHTS Boosting Agility and Performance on the Evolving Internet Boosting Agility & Performance on the Evolving Internet To improve customers web and mobile experiences, organizations must address
More informationMULTIPLAYER GAMING SOLUTION BRIEF
AMERICAS MULTIPLAYER GAMING SOLUTION BRIEF PLAYER-CENTRIC INNOVATION FOR MULTIPLAYER GAMING Multiplayer Gaming, Social Gatherings for Gamers Video-game-related crime is almost as old as the industry itself.
More informationAKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview
AKAMAI WHITE PAPER Enterprise Application Access Architecture Overview Enterprise Application Access Architecture Overview 1 Providing secure remote access is a core requirement for all businesses. Though
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationCyber Security and Data Protection: Huge Penalties, Nowhere to Hide
Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction
More informationData Privacy and Protection GDPR Compliance for Databases
Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationFirst aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018
First aid toolkit for the management of data breaches Mary Deligianni Senior Associate 15 February 2018 What is a personal data breach? Breach of security which leads to the accidental or unlawful destruction,
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationCOST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE
2017 COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE NUMBER OF SECURITY BREACHES IS RISING AND SO IS SPEND Average number of security breaches each year 130 Average
More informationSurvey: Global Efficiency Held Back by Infrastructure Spend in Pharmaceutical Industry
Survey: Global Efficiency Held Back by Infrastructure Spend in Pharmaceutical Industry Akamai Survey Shows Pharmaceutical Industry Looking for Global Employee Efficiency but may be Held Back by Heavy Infrastructure
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationThe Emerging Role of a CDN in Facilitating Secure Cloud Deployments
White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationData Privacy in Your Own Backyard
White paper Data Privacy in Your Own Backyard Staying Secure Under New GDPR Employee Internet Monitoring Rules www.proofpoint.com TABLE OF CONTENTS INTRODUCTION... 3 KEY GDPR PROVISIONS... 4 GDPR AND EMPLOYEE
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationCybersecurity for Service Providers
Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationA Security Admin's Survival Guide to the GDPR.
A Security Admin's Survival Guide to the GDPR www.manageengine.com/log-management Table of Contents Scope of this guide... 2 The GDPR requirements that need your attention... 2 Prep steps for GDPR compliance...
More informationBorderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity
Borderless security engineered for your elastic hybrid cloud Kaspersky Hybrid Cloud Security www.kaspersky.com #truecybersecurity Borderless security engineered for your hybrid cloud environment Data
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationBomgar Discovery Report
BOMGAR DISCOVERY REPORT Bomgar Discovery Report This report is designed to give you important information about the privileged credentials regularly being used to access endpoints and systems on your network,
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationQ&A TALKING CYBER SECURITY WITH THE BOARD OF DIRECTORS. An interview with Josh Shaul, VP, Web Security Products
TALKING CYBER SECURITY WITH THE BOARD OF DIRECTORS An interview with Josh Shaul, VP, Web Security Products Q&A What are the basics that board members need to know about cyber security today? Josh: Board
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationWHITEPAPER. How to secure your Post-perimeter world
How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward
More informationHow the GDPR will impact your software delivery processes
How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCYBERARK GDPR ADVISORY. SECURE CREDENTIALS. SECURE ACCESS. A PRIVILEGED ACCOUNT SECURITY APPROACH TO GDPR READINESS
CYBERARK GDPR ADVISORY. SECURE CREDENTIALS. SECURE ACCESS. A PRIVILEGED ACCOUNT SECURITY APPROACH TO GDPR READINESS 2017 CYBERARK GDPR ADVISORIES: PRACTICAL STEPS TO GDPR READINESS There is no personal
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More information