2 Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric Q and A Slide No: 2 Copyright 2014 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
3 Where s the Perimeter IT is Being Challenged To Embrace The Cloud By % of corporate data traffic will bypass traditional perimeter security defenses - up from 4% today. Public Cloud Growth is 5X that of the IT industry as a whole. Gartner November Copyright 2014 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
4 Cloud Heightens The Need to Protect Data Private, Public, and Hybrid Cloud 4 Copyright 2014 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
5 Data is Increasingly More Difficult to Protect Data Centers Physical Virtual Outsourced Clouds Private, Public, Hybrid Multiple vendors Trial Analysis Research PHI Credit Cards HR Files Finance Files Customer Stats Contracts Call Records Customer Records Plans Source Code Big Data Sources Nodes Results Physical Servers Local offices and retail locations Labs
6 2015 VORMETRIC INSIDER THREAT REPORT % IT DECISION MAKERS US, UK, Germany, Japan, ASEAN Enterprises: $200M + US $100M + UK, Germany, Japan, ASEAN Retail Healthcare Financial Services Other Enterprise Polling by Harris Analysis and Reporting by Ovum 2015 Vormetric Insider Threat Report
7 EVOLVING THREATS INSIDER THREATS HAVE CHANGED TRADITIONAL INSIDERS IN THE PAST COMPANY EMPLOYEES WITH KNOWLEDGE-REQUIRED ACCESS TODAY WE MUST ADD IT PERSONNEL, CONTRACTORS SERVICE PROVIDER EMPLOYEES COMPROMISE OF INSIDER ACCOUNTS HACKERS ACTIVELY TARGET INSIDER ACCOUNTS WITH ACCESS TO DATA REGARDLESS OF LOCATION POROUS PERIMETERS CLOUD/SAAS BIG DATA
8 Sensitive Data at Risk Organizations feel more vulnerable than ever 93% 55% Organizations feel vulnerable to insiders Privileged users most dangerous insider 54% 50% Plan to increase spending next year DATA BREACH Preventing Breach Top Business Priority 2015 Vormetric Insider Threat Report Global Edi<on Slide No: 8 Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
9 Why start protecting your data? Data is exploding Volume Variety Velocity Reasons for encryption multiplying Regulations PCI, HIPPA, Breach Disclosure Contractual Obligation Risk Reduction Breaches FACT: Data can t protect itself
10 New Frontier, Pioneers, and Challenges Many types of clouds IaaS, SaaS, PaaS, BPaaS, etc Many Providers Some large fish, and lots of little fish What s their security philosophy? A great resource is CSA s STAR program and Cloud Controls Matrix(CCM) - https://cloudsecurityalliance.org Who s responsible for the data? 99.99% the customer owns the data, but who is tasked with protecting it?
11 Understanding Cloud Architectures SaaS Software as a Service Presentation Modality APIs Presentation Platform Applications IaaS Infrastructure as a Service APIs Core Connectivity & Delivery Abstraction Hardware Facilities PaaS Platform as a Service Integration Middleware APIs Core Connectivity & Delivery Abstraction Hardware Facilities Infrastructure as a Service (Iaas) Data Metadata Content Integration APIs Core Connectivity & Delivery Abstraction Hardware Facilities Middleware Infrastructure as a Service (Iaas) Platform as a Service (PaaS) 11 Source: Cloud Security Alliance
12 Encryption has moved From a Tax to a Business Enabler Cloud is an Business Enabler Security Remains the #1 Concern as data moves outside the perimeter Cost of encryption no longer a tax on the business, now viewed as an enabler of costs savings and competitive advantage Top Security Concerns With Cloud Computing Data Privacy and Security 41% Access and Control 35% Auditing and Compliance 32% Control of Data 26% Security Models/ Toolsets 18% Contractual/ Legal Issues 15% Internal Issues 11% Network Connection Security 10% Geographical Coverage 4% March 2014 Q. What are the top cloud computing-related security problems that affect your organization? Please describe up to three. N= Copyright 2014 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
13 TOP IT SPENDING PRIORITIES COMPLIANCE IS LAST FOR THE FIRST TIME DATA BREACH 50% 44% 41% 32% 32% PREVENTING A DATA BREACH INCIDENT PROTECTION OF CRITICAL IP PROTECTION OF FINANCES AND OTHER ASSETS FULFILLING REQUIREMENTS FROM CUSTOMERS, PARTNERS AND PROSPECTS FULFILLING COMPLIANCE REQUIREMENTS AND PASSING AUDITS
14 Top Ten Security Challenges for Big Data & Cloud Environments 1. Secure computations in distributed programming frameworks 2. Security best practices for non-relational data stores 3. Secure data storage and transactions logs 4. End-point input validation/filtering 5. Real-time security/compliance monitoring 6. Scalable and composible privacy-preserving data mining and analytics 7. Cryptographically enforced access control and secure communication 8. Granular access control 9. Granular audits 10.Data provenance
15 Security for Big Data & Cloud Environments Should provide protection for big data repositories and the data contained in them. Security strategies for big data include: Sensitive data discovery and classification Data access and change controls Real-time data activity monitoring and auditing Data protection (such as masking or encryption) Data loss prevention Vulnerability management Compliance management
16 IT s Dirty Little Secret Slide No: 16 Copyright 2014 Vormetric, Inc. All rights reserved.
17 Information Technology s Dirty Little Secret Slide No: 17
18 Information Technology s Dirty Little Secret Years super users have been managing our servers, their configurations, and data. Super users have 100% access to all data in the systems they manage. It only takes 1 compromised/rogue user to cause havoc. Slide No: 18
19 Establishing Some Terms Privileged User Employees who use data and systems as part of their jobs Executives who have more access than they should Administrators who are the governors of the systems Super User Account that leverages the ring-0 privilege Examples: root, administrator, SYSTEM Ring-0 The kernel process who has complete access to all resources
20 What is the issue? Superusers control the system, packages, patches, and data permissions The nature of the superuser is that they have full access to data accessible by the system. If a superuser is compromised or goes rogue, the impact can be severe, as they can destroy, steal, and manipulate.
21 Traditional Controls for Super Users Monitoring OS Level auditing, keystroke logging, etc Privileged Account Management Checkout account with single usage password Policy based elevation Tools that allow a user to elevate to the superuser on a per command basis. sudo, powerbroker, etc They are good for saying who can do what as root. But does not control what root can do. None of these controls stop the superuser Just how one becomes the superuser
22 Vormetric Slide No: 22 Copyright 2014 Vormetric, Inc. All rights reserved.
23 World-Class Brands Rely on the Vormetric Data Security Platform Global Customers Over 1,700 customers 17 of the Fortune 30 Cloud Service Providers Trust Vormetric Cloud Managed Services Most Security Conscious Brands Largest financial institutions Largest retail companies Major manufacturers Government agencies Cloud Service Providers OEM Partners IBM Symantec With Vormetric, people have no idea it s even running. Vormetric Encryption also saved us at least nine months of application rewrite effort, and its installation was one of the easiest we ve ever experienced. Karl Mudra, CIO Delta Dental of Missouri 23
24 Vormetric Data Security Platform Solves inefficiencies of point product solutions Best Encryption 24 Best Security & Compliance Virtualized Environments
25 Vormetric Data Security Platform Solves inefficiencies of point product solutions Vormetric Transparent Encryption Vormetric Application Encryption and Tokenization with Dynamic Data Masking Structured Databases Big Data File and Volume Level Encryption Access Control Audit Logs Vormetric Cloud Encryption Gateway S3 and Box Encryption, Control, Audit Trails Unstructured Files Applications Big Data Field Level Data Encryption Field Preserving Tokenization with Dynamic Data Masking Vormetric Security Intelligence Splunk HP ArcSight IBM QRadar LogRhythm PaaS, IaaS, SaaS Intel Security ESM FireEye TAP Vormetric Key Management KMIP Compliant Oracle and SQL Server TDE Certificate Storage Vormetric Data Security Manager Key and Policy Manager
26 Controlling and Securing Data in the Cloud DSM in the cloud or on the customer premise Enterprise Data Center Environment Policies & Logs VPN Link VM VM DSM Keys Vormetric Data Security Manager Virtual or Physical Servers Enforce separation of provider and enterprise responsibilities Extensible to multiple cloud providers and traditional servers Pay as you grow, deploy licenses on demand Customer is always the custodian of policies and keys
27 Vormetric Cloud Partners Cloud Managed Services Vormetric Cloud Partners Proven deployments Bring your own license available for any IaaS Cloud offering Integrated service offerings may be available
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF
2015 VORMETRIC INSIDER THREAT REPORT / CLOUD AND BIG DATA EDITION Research Conducted by Research Analyzed by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security CLOUD AND
WHITE PAPER Securing Your Cloud-Based Data Integration A Best Practices Checklist A Report on Secure Integration Techniques Targeted at the Information Technology Executive Prepared by Mercury Consulting,
The Future of Mobile Enterprise Security Gearing Up for Ubiquitous Computing August 2014 795 Folsom Street, 1 st Floor San Francisco, CA 94107 Tel.: 415.685.3392 Fax: 415.373.3892 Contents Introduction...
1 MOBILITY IN FINANCIAL SERVICES A Checklist Towards Regulatory Compliance Whitepaper Whitepaper Brochure 2 A Checklist Towards Regulatory Compliance Like business leaders in every industry, decision makers
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
Cloud Computing Tutorial CLOUD COMPUTINGTUTORIAL by tutorialspoint.com tutorialspoint.com i ABOUT THE TUTORIAL Cloud Computing Tutorial Cloud Computing provides us a means by which we can access the applications
White Paper Creating and Implementing an Enterprise Cloud Strategy David Linthicum Blue Mountain Labs Introduction Cloud computing is about the ability to share IT resources more efficiently. Thus, the
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
Security Challenges in Hybrid Cloud Infrastructures Koushik Annapureddy Aalto University - School of Science and Technology email@example.com Abstract Cloud computing has the potential to significantly
How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not
White Paper Information Security, Virtualization, and the Journey to the Cloud By Jon Oltsik August, 2010 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG.
IBM Software Group 2014 Cloud, Big Data, Mobile, Social and Security Pairoj Ruamviboonsuk Software Client Architect IBM SWG Thailand Igniting change the transformative power of computing Back-office computing
w h i t e p a p e r : c l o u d s e c u r i t y Securing the Cloud for the Enterprise A Joint White Paper from Symantec and VMware White Paper: Cloud Security Securing the Cloud for the Enterprise Contents
IT@Intel White Paper Intel IT IT Best Practices Cloud Computing and Information Security January 2012 Virtualizing High-Security Servers in a Private Cloud Executive Overview Our HTZ architecture and design
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
Can You Trust The Cloud? Everything you need to know about cloud security. CAN YOU TRUST THE CLOUD? Page 1 Can you trust the cloud?... 2 Understanding the risks of the cloud... 3 Is it all just bad press?...
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
Thought Leadership SERIES AUGUST 2011 Unlocking the Power of Mobile Device Management Mobile device management (MDM) is about more than technology it s also about skillful strategic resource management.
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
CIO Roundtable - Big March 13, 2013 Big and its Dimensions Big refers to internal and external data that is multi-structured, generated from diverse sources in near real-time and in large volumes making
www.pwc.com PwC Advisory Oracle practice 2012 How to drive innovation and business growth Leveraging emerging technology for sustainable growth 1 Heart of the matter Top growth driver today is innovation
5 Critical Considerations for Enterprise Cloud Backup This guide is written for IT professionals who play a part in data protection and governance at their enterprises. It is meant to provide an initial
J U L Y 2 0 1 2 OpenText Enterprise Information Management CIOs are under siege Do more with less is no longer an ideal, it s a mandate. With growing volumes and a host of information formats to manage