Protecting Sensitive Data in the Cloud. Presented by: Eric Wolff Thales e-security

Similar documents
Thales esecurity Cloud Data Protection

2018 THALES DATA THREAT REPORT

Healthcare and the Cloud:

CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

THALES DATA THREAT REPORT

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

The Challenge of Cloud Security

Azure SQL Database Basics

Cloud Security Frameworks. GITI May 8, 2014

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

The Business of Security in the Cloud

Driving Cloud Governance and Avoiding Cloud Chaos

THALES DATA THREAT REPORT

Security and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

How to Establish Security & Privacy Due Diligence in the Cloud

Building a Resilient Security Posture for Effective Breach Prevention

Cloud Customer Architecture for Securing Workloads on Cloud Services

Best Practices in Securing a Multicloud World

How to ensure control and security when moving to SaaS/cloud applications

Compliance & Security in Azure. April 21, 2018

GLOBAL PKI TRENDS STUDY

Supporting the Cloud Transformation of Agencies across the Public Sector

Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing

Agency Guide for FedRAMP Authorizations

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

CLOUD SECURITY CRASH COURSE

SoftLayer Security and Compliance:

Third Party Security Review Process

Information Security Risk Strategies. By

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Building Trust in the Era of Cloud Computing

Click to edit Master title style

SOC Lessons Learned and Reporting Changes

COMPLIANCE IN THE CLOUD

HITRUST CSF: One Framework

Security as a Service (Implementation Guides) Research Sponsorship

Peer Collaboration The Next Best Practice for Third Party Risk Management

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Security Readiness Assessment

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

locuz.com SOC Services

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Securing Data in the Cloud: Point of View

IT Attestation in the Cloud Era

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

GLOBAL ENCRYPTION TRENDS STUDY

Exploring Emerging Cyber Attest Requirements

The Etihad Journey to a Secure Cloud

10 Considerations for a Cloud Procurement. March 2017

Microsoft Azure Security, Privacy, & Compliance

SOARING THROUGH THE CLOUDS IT S A BREEZE

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

Cloud Security Myths Paul Mazzucco, Chief Security Officer

Cloud Security Alliance Quantum-safe Security Working Group

2017 THALES DATA THREAT REPORT

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Virtual Machine Encryption Security & Compliance in the Cloud

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

ISACA Cincinnati Chapter March Meeting

Security Models for Cloud

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Auditing the Cloud. Paul Engle CISA, CIA

Cloud Transformation Program Cloud Change Champions June 20, 2018

Secure & Unified Identity

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Shaping the Cloud for the Healthcare Industry

GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments

A Repeatable Cloud-First Deployment Process Model

CAN MICROSOFT HELP MEET THE GDPR

Enhanced Threat Detection, Investigation, and Response

HITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance.

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

IOWA STATE UNIVERSITY OF SCIENCE AND TECHNOLOGY

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

GLOBAL ENCRYPTION TRENDS STUDY

Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA)

CompTIA CASP (Advanced Security Practitioner)

Data Security and Privacy Principles IBM Cloud Services

Perfecto mobilizes your brand by perfecting the digital experiences that define it.

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

VMware, SQL Server and Encrypting Private Data Townsend Security

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

TRACKVIA SECURITY OVERVIEW

Modern Database Architectures Demand Modern Data Security Measures

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Iso Controls Checklist File Type S

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

THREE COLOCATION MYTHS HEALTHCARE PROVIDERS SHOULD LEAVE BEHIND. Exploring Security, Compliance, and Performance in Healthcare IT

Transcription:

Protecting Sensitive Data in the Cloud Presented by: Eric Wolff Thales e-security

Topics IT Perspectives on Cloud Security Tools for Security in the Cloud XaaS Encryption/Key Management Strategies Tweet along: #Sec360 www.secure360.org

IT Perspectives on Cloud Security

Recent Research IT Perspectives on Cloud Security 2017 Thales Data Threat Report Conducted by 451 Research Over 1100 IT Executives surveyed Tweet along: #Sec360 www.secure360.org

Recent Research IT Perspectives on Cloud Security 2017 Thales Global Encryption Trends Conducted by Ponemon Research Almost 5000 IT Practitioners surveyed Tweet along: #Sec360 www.secure360.org

Recent Research Breaches Continue Tweet along: #Sec360 www.secure360.org

Recent Research Encryption Growing as a Solution Record numbers for companies with an enterprise-wide encryption strategy Encryption is recognized for protecting data Tweet along: #Sec360 www.secure360.org

Recent Research Why Encrypt? Compliance has always been the top driver Information protection is close to reaching the same level Increasing focus on specific data types Tweet along: #Sec360 www.secure360.org

Resources for Cloud Security

Cloud Security Resources Cloud Security Alliance Global, nonprofit Building best practices for next generation IT security Mission: Become the authoritative source for trust in the cloud

Poll I have heard of the Cloud Security Alliance

Poll q I like what CSA does J q I use what CSA creates J q CSA is vendor marketing L

Key CSA Resources to Make You Smarter

CSA Security Guidance Educational Narrative feels like a book Preparation for Cloud Controls Matrix Version 4.0 is almost complete

Cloud Controls Matrix Cloud services risk management Delineates control ownership Denotes applicability to cloud provider type Anchor for security and compliance posture measurement use for RFP s Common Language for SLAs Maps to global regulations and standards NIST, ISO 27001, COBIT, PCI, HIPAA, FISMA, FedRAMP Mapped to Security Guidance

Consensus Assessment Initiative Questionnaire Cloud Controls Matrix companion Binary questions assess CCM compliance Create consistent cloud provider assessment processes Enables cloud providers to selfassess security posture

Encryption is recognized for protecting data

Encryption in the CCM / CAI Platform and data-appropriate encryption shall be required. [Encryption] Keys Shall not be stored in the cloud but Shall be maintained by the cloud consumer or trusted key management provider. Yes Yes We re coming back to this in a moment

White Paper: Best Practices for Assessing Your Cloud Security Services vormetric.com/bpacss Cloud Control Matrix Requirements Mapped to Vormetric Capabilities

Understanding IaaS, PaaS, and SaaS Encryption and Key Management

Cloud Classified Traditional Cloud Service Providers Type Encryption Key Management Colo Bring Your Own You Managed Many Provide Cooperative Encryption and Key Management Generally Easy IaaS, PaaS, SaaS Providers

IaaS PaaS SaaS Shared Responsibility Model Customer Responsibility Provider Responsibility Infrastructure as a Service (laas) Platform as a Service (PaaS) Software as a Service (SaaS) Data Data Data Application Application Application Runtime Runtime Runtime Middleware Middleware Middleware O/S O/S O/S Virtualization Virtualization Virtualization Servers Servers Servers Storage Storage Storage Networking Networking Networking

Poll q My organization uses SaaS providers q I am aware of shadow IT in my environment q My SaaS provider(s) encrypt data at rest q Why should I care?

If They re Providing Data-at-Rest Encryption And they hold the keys

It s not quite as bad as that!

Data Protection with Encryption Varies by Cloud Model Cloud Model Encryption Mechanism Considerations IaaS Native Bring Your Own If native, seek BYOK Consider BYOE (Why?) PaaS SaaS Native Some CASB s provide If native, seek BYOK CASB potential limitations

CSA Cloud Controls Matrix Let s go back to Key Management for a sec

Understanding Bring Your Own Keys Your Key Vault Cloud Key Vault Your Data Protect & manage your keys Facilitate compliance with data security regulations Many solutions FIPS 140-2 certified Cloud HSMs Holds your keys Secures your data Encrypted in the cloud Uses your own keys You can revoke Data in your control

A Hierarchy of SaaS Security SaaS Vendor 3 Encrypted with Customer Keys SaaS Vendor 2 Encrypted with Vendor Keys SaaS Vendor 1 Clear Text Peter Johnson 233 44 255 46 Sally Peterson 418 22 418 31 maq0%oqtp D$0u5Yy&E MX #U2pEk5!W *4sGmLBYt 1% Key Manager Customer Premises maq0%oqtp D$0u5Yy&E MX #U2pEk5!W *4sGmLBYt 1%

BYOK Recommendations Study CSA Security Guidance v3 Join CSA and contribute to CSA Guidance v4 When purchasing or re-subscribing to IaaS, PaaS, or SaaS Submit CSA Consensus Assessment Initiative Questionnaire Focus their attention on encryption key management Work with a key management or encryption vendor to assist

Questions?

Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback