EDITION CLOUD REPORT HEALTHCARE AND LIFE SCIENCES LEAD IN FINDING AND PREVENTING SENSITIVE DATA LOSS
|
|
- Paula Fox
- 7 years ago
- Views:
Transcription
1 Fall 205 WORLDWIDE EDITION CLOUD REPORT HEALTHCARE AND LIFE SCIENCES LEAD IN FINDING AND PREVENTING SENSITIVE DATA LOSS
2 Report Highlights Healthcare and life sciences enterprises account for 76.2 percent of DLP policy violations for both content en route to or at rest in cloud apps. Within this industry group, 2. percent of files in sanctioned apps constitute a DLP policy violation. Protected health information (PHI) is the most common DLP policy violation type, accounting for 68.5 percent of all such violations. Personally-identifiable information (PII) accounts for 3.7 percent. Technology and IT services have the highest cloud app consumption, with an average of,57 apps per enterprise. Overall, the average number of cloud apps per enterprise has increased from 75 in our last report, to percent of these apps are not enterpriseready, lacking in the areas of security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation. Data-exposing activities such as share and download are alive and well in Cloud Storage apps and beyond, with download as the fourth most common activity in HR apps and share as the top activity in Business Intelligence apps. JOHN SMITH PATIENT NO
3 EXECUTIVE SUMMARY In this Netskope Cloud Report, we ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform. Report findings are based on usage seen across millions of users in hundreds of accounts in the global Netskope Active Platform, and represent usage trends from June through August 3, 205. For the first time, this report breaks down trends by industry group, focusing on five key groupings with similar usage characteristics. They are: Healthcare and life sciences; Financial services, banking, and insurance; Retail, restaurants, and hospitality; Manufacturing; and Technology and IT services A key area of focus for this report is Data Loss Prevention (DLP) in the cloud. Healthcare and life sciences enterprises have the highest number of DLP policy violations in content at rest in sanctioned apps, with 2. percent of files scanned matching at least one DLP profile, such as personally-identifiable information (PII), payment card industry information (PCI), protected health information (PHI), source code, profanity, and confidential or top secret information. The second highest is Technology and IT services, with 4.2 percent. Healthcare and life sciences enterprises account for the vast majority of total DLP policy violations (for both content at rest and en route to and from cloud apps), at 76.2 percent of the total. Not surprisingly, when we drill deeper into violation type, PHI makes up the bulk of such violations in cloud apps, at 68.5 percent. That is followed by PII, at 3.7 percent. We saw the average number of cloud apps per enterprise climb from 75 in the last report to percent of those apps are not enterpriseready, lacking in the areas of security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation that enterprises require for safe enablement. Technology and IT services saw the highest number of cloud apps, with an average of,57 apps per enterprise. Healthcare and life sciences is a close second, with an average of,07. The top five cloud app activities include send, post, login, download, and view. Activities associated with data leakage or exposure, such as share and download, are alive and well in key app categories such as Cloud Storage, HR, and Business Intelligence. In Cloud Storage, for every login, there are four shares. Within HR, download is the fourth most common activity. And within Business Intelligence, share an activity many don t expect even to be available in this category is the top activity. Finally, the top activities that constituted a policy violation in the Netskope Active Platform were download, upload, post, view, and login. We were encouraged to see login in the number five spot (versus at the top). To us, this means that IT is getting more granular and addressing risky behavior rather than blocking apps. 3
4 HEALTHCARE AND LIFE SCIENCES ACCOUNTS FOR THREE-QUARTERS OF DLP POLICY VIOLATIONS In this report, we drill down into Data Loss Prevention (DLP) policy violations in the cloud. In the Netskope Active Platform, we identify such violations by discovering sensitive content at rest in sanctioned cloud apps and en route to or from a variety of sanctioned and unsanctioned ones. Enterprises discover cloud content against predefined and custom DLP profiles such as personally-identifiable information (PII), payment card industry information (PCI), protected health information (PHI), source code, profanity, and confidential or top secret information. Healthcare and life sciences enterprises have the highest number of DLP policy violations in content at rest in sanctioned apps, with 2. percent of files scanned matching at least one DLP profile, such as PII, PCI, PHI, source code, profanity, and confidential or top secret information. The second highest is technology and IT services, with 4.2 percent. Overall, 9.4 percent of all scanned files in sanctioned apps have triggered a DLP policy violation, down from 7.9 percent in last season s report. Anecdotally, organizations are becoming more proactive about both detecting and protecting sensitive data in the cloud using a combination of e-discovery, encryption, and quarantine workflows, so this dip in violations is expected. Healthcare and life sciences enterprises (accounting for 27.6 percent of the user base in the Netskope Active Platform) account for the vast majority Percent of DLP violations in content at rest in sanctioned apps, by industry group Healthcare & Life Sciences Technology & IT Services Financial Services, Banking, & Insurance Retail, Manufacturing Restaurants, & Hospitality 4
5 of total DLP policy violations (for content that s both at rest and en route to and from cloud apps), at 76.2 percent of the total. That s a high number, considering this industry group only makes up 27.6 percent of the user base in the Netskope Active Platform. Retail, restaurants, and hospitality enterprises (accounting for 6.5 percent of users) are next in the DLP policy violation line-up, accounting for 6.7 percent of all violations. Not surprisingly, when we drill deeper into violation type, PHI makes up the bulk of such violations in cloud apps across our population, at 68.5 percent. That is followed by PII, at 3.7 percent. include Collaboration, Customer Relationship Management and Salesforce Automation (CRM and SFA), Social, Electronic Signatures, and Business Intelligence. The most common activity associated with such violations is download, followed by upload, send, and post. We believe that, as enterprises get their arms around the first-order concern about unmanaged file sharing in the cloud, they will begin to turn their attention more to detecting and protecting sensitive data in line-of-business apps like Human Resources (HR), Finance/Accounting, and more. In what app categories do cloud DLP violations occur? 94.2 percent of such violations occur in Cloud Storage, with an additional 4.6 percent occurring in Webmail. Other categories PHI 68.5% PII 3.7% PCI 7.5% Confidential, top secret, or other regular expression 5.9% Source Code 4.4% 5
6 TECHNOLOGY AND IT SERVICES LEAD IN CLOUD APPS PER ENTERPRISE The average number of cloud apps per enterprise rose from 75 in the last report to 755 in this season s report. Because the majority of enterprises on the Netskope Active Platform have deployed the solution in-line, this figure is more reflective of true enterprise user cloud app activity. This is different from reports based entirely on firewall or proxy log data, in which app counts are over-reported because they detect advertising platforms and other services activated when users visit websites, view videos, or download content. 9.2 percent of the cloud apps that remain in use are not enterprise-ready, lacking in the areas of security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation that enterprises require for safe enablement. Technology and IT services saw the highest number of cloud apps, with an average of,57 apps per enterprise. Healthcare and life sciences came in a close second, with an average of,07. In addition to the consumer and prosumer apps that organizations expect to find in use such as Twitter and Evernote line-of-business apps are actually the most prevalent. Marketing remains the most prevalent app category, followed by Collaboration, Finance/Accounting, HR, and Productivity. Below are the top 0 categories in terms of number of apps per enterprise. The vast majority of these apps are not enterpriseready, with 9.2 percent scoring a medium or below in Netskope Cloud Confidence Index (CCI), an objective measure of cloud apps security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation attributes that has been adapted from the Cloud Security Alliance ,57, CLOUD APP CATEGORY Marketing Collaboration Finance / Accounting Human Resources AVERAGE APPS per ENTERPRISE % that are not ENTERPRISE-READY 97.% 86.0% 94.2% 97.2% 600 Productivity % Technology & IT Services Healthcare & Life Sciences Retail, Restaurants, & Hospitality Financial Services, Banking, & Insurance 48 Manufacturing Cloud Storage CRM and SFA Infrastructure Software Development IT / Application Management % 90.% 88.2% 92.7% 83.3% The Netskope Cloud Confidence Index is a database of thousands of cloud apps that are evaluated on 40+ objective enterprise-readiness criteria adapted from the Cloud Security Alliance, including security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation. The results of the evaluation are normalized to a 0 00 score and mapped to five levels ranging from poor to excellent. 6
7 TOP USED CLOUD APPS What are the top-used cloud apps? As in past reports, Cloud Storage and Social apps dominate the top 20. Other categories represented in the top 20 include Webmail, Productivity, Collaboration, CRM and SFA, and Finance/Accounting. We define usage as number of distinct app sessions. 2 2 A session is a distinct time period in which a user logs into an app, performs a series of activities, and then ceases to work in the app for a period of time. Existing usage metrics (e.g., HTTP sessions) are often inaccurate because users don t always log out following active usage. Netskope has developed a proprietary heuristic to measure a more accurate period of activity, which we define as a session. Usage is defined as number of discrete sessions. 7
8 TOP CLOUD ACTIVITIES IN THE NETSKOPE ACTIVE PLATFORM The top 0 activities in the Netskope Active Platform include send, post, login, download, view, share, upload, edit, create, and delete. There was no marked difference in activities across regions, so we did not separate them. Netskope normalizes these activities across apps within categories and even across categories, so whether a user shares a file from a Cloud Storage app or a report from a Business Intelligence one, each of those are recognized as a share activity. Finally, we looked at Business Intelligence apps. Many people forget that apps beyond Cloud Storage enable sharing, but in fact, 49 out of the 55 app categories we track have apps that enable sharing. Within Business Intelligence, we found that: Share is also the most common activity For every data upload, there are.6 shares There are as many downloads as there are views Looking at activities such as download or share within the context of category can reveal findings about the risks of data exposure or leakage in business-critical cloud apps. One such category is Cloud Storage, where we found that: Share is the most common activity For every login, there are 4.0 shares For every upload, there are.8 downloads Another category is HR apps. Line-of-business apps like HR are often overlooked, while organizations focus on the risk in Cloud Storage and Webmail. That said, HR apps house some of the most sensitive data in an organization, including employee PII, PHI, salary information, performance reviews, and even disciplinary actions. Within HR apps, we found that: Download is the fourth most common activity There are nearly as many downloads as uploads Share is a top-ten activity The activities are listed here from highest to lowest in occurrence, overall and for the top five categories. SEND POST LOGIN DOWNLOAD VIEW SHARE UPLOAD EDIT CREATE DELETE 8
9 TOP POLICY VIOLATIONS IN THE NETSKOPE ACTIVE PLATFORM Beyond measuring usage and activity, we also look at policy violations within cloud apps. Policies can be enforced based on a number of factors, including user, group, location, device, browser, app, instance, category, enterprise-readiness score, DLP profile, activity, and more. Through data abstraction and normalization of those factors, we re able to discern the apps, categories, and activities surrounding a violation. Policies observed include: blocking the download of personally-identifiable information from an HR app to a mobile device, to alerting when users share documents in Cloud Storage apps with someone outside of the company, to blocking unauthorized users from modifying financial fields in Finance/Accounting apps. The five cloud app categories with the highest volume of policy violations 3 include Cloud Storage, Social, Webmail, Collaboration, and CRM and SFA. The top activities that constituted a policy violation are download, upload, post, view, and login. We were encouraged to see activities other than login in the top four spots, indicating that IT is enforcing policy to mitigate risky behavior rather than blocking apps, which often has the unintended consequences of driving users to even lower-quality apps, not to mention making it harder for them to get their jobs done. Below are the top activities globally that constituted a policy violation per cloud app category, with DLP violations noted where they apply. Just as activities can vary between apps, policy violations involving those activities can vary. For example, a policy violation involving downloading from a Cloud Storage app can be the improper downloading of a non-public press release, whereas in a CRM/SFA app could signal theft of customer data by a departing employee. APP CATEGORY Cloud Storage Collaboration CRM and SFA Finance/ Accounting HR Productivity Social Software Development Webmail Download Upload Post View Login Send Share View All Indicates highest occurrence of policy-violating activity for the category Delete Edit Policy violation included in data loss prevention profile 3 Volume of policy violations is measured as number of times a defined policy or set of policies are triggered by that combination of parameters being met, e.g., a sales user on a mobile device tries to upload content that matches the PCI DLP profile. 9
10 THREE QUICK WINS FOR ENTERPRISE IT Based on this report s findings, here are some quick wins for enterprise IT to enable cloud apps while minimizing risk: THREE THREE quick wins FOR enterprise IT 2 3 Discover and secure sensitive content both at rest in and en route to your cloud apps. Focus on most common DLP violations that carry penalties and can result in negative press, including PHI, PII, and PCI. In defining cloud app policies, consider not just popular Cloud Storage, Social, and Webmail apps, but also focus on business-critical apps like HR, Finance/Accounting, and Business Intelligence. Go beyond coarse-grained allow or block decisions on cloud apps, and enforce contextual policies on risky activities such as download (e.g., to mobile), share (e.g., outside of the company), or delete (e.g., if you re not in the enterprise directory group HR Directors ). 205 Netskope, Inc. All rights reserved. Netskope is a registered trademark and Netskope Active, Netskope Discovery, Cloud Confidence Index, and SkopeSights are a trademarks of Netskope, Inc. All other trademarks are trademarks of their respective holders. 0/5 RS-95-0
SUMMER 2015 WORLDWIDE EDITION CLOUD REPORT. sensitive data in the cloud
CLOUD REPORT SUMMER 2015 WORLDWIDE EDITION sensitive data in the cloud Report Highlights 17.9 percent of all files in enterprise-sanctioned cloud apps constitute a data policy violation. 22.2 percent of
More informationAPRIL CLOUD REPORT. Netskope Cloud Report for Europe, Middle East, and Africa
APRIL 2015 CLOUD REPORT Netskope Cloud Report for Europe, Middle East, and Africa REPORT HIGHLIGHTS Organisations have 511 cloud apps in use on average, 87.0 percent of which aren t enterprise-ready More
More informationCLOUD REPORT OCTOBER 2014
CLOUD REPORT OCTOBER 2014 Report Highlights Organizations have 579 cloud apps in use on average, 88.7% of which aren t enterprise-ready More than one-third of all cloud data leakage policy violations occur
More informationAPRIL CLOUD REPORT. Netskope Cloud Report Worldwide
APRIL 2015 CLOUD REPORT Netskope Cloud Report Worldwide REPORT HIGHLIGHTS 13.6 percent of enterprise users have had their accounts credentials compromised 23.6 percent of access to cloud CRM apps is by
More informationJANUARY CLOUD REPORT 2015
JANUARY CLOUD REPORT 2015 Report Highlights 15 percent of users have had their credentials stolen, and an estimated 13.5 percent of organizations cloud apps are at risk Organizations have 613 cloud apps
More informationOCTOBER 2014 CLOUD REPORT
OCTOBER 2014 CLOUD REPORT Report Highlights Organizations have 579 cloud apps in use on average, 88.7% which aren t enterprise-ready More than one-third cloud data leakage policy violations occur on mobile
More informationNetskope Cloud Report
cloud report JUL 2014 Netskope Cloud Report In this quarterly Netskope Cloud Report, we ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from
More informationNetskope Cloud Report. Report Highlights. cloud report. Three of the top 10 cloud apps are Storage, and enterprises use an average of 26 such apps
cloud report JAN 2014 Netskope Cloud Report In the second Netskope Cloud Report, we ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the
More informationSAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES
SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES Netskope 2015 Enterprises are rapidly adopting Microsoft Office 365. According to the Netskope Cloud Report, the suite is among the top
More informationThe Netskope Active Platform
The Netskope Active Platform Enabling Safe Migration to the Cloud Massive Cloud Adoption Netskope is the leader in safe cloud enablement. With Netskope, IT can protect data and ensure compliance across
More information2H 2015 SHADOW DATA REPORT
2H 20 SHADOW DATA REPORT Shadow Data Defined: All potentially risky data exposures lurking in cloud apps, due to lack of knowledge of the type of data being uploaded and how it is being shared. Shadow
More informationRepave the Cloud-Data Breach Collision Course
Repave the Cloud-Data Breach Collision Course Using Netskope to enable the cloud while mitigating the risk of a data breach BACKGROUND Two important IT trends are on a collision course: Cloud adoption
More informationCloud Usage: Risks and Opportunities Report. September 2014
Cloud Usage: Risks and Opportunities Report September 2014 2014 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print, and link
More informationAssessment & Monitoring
Cloud Services Shadow IT Risk Assessment Report Assessment & Monitoring Shadow IT Analytics & Business Readiness Ratings with Elastica CloudSOC & Audit November, 204 Based on all data sources from October,
More informationThese materials are 2015 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Cloud Security Netskope Special Edition by Lebin Cheng, Ravi Ithal, Krishna Narayanaswamy, and Steve Malmskog Cloud Security For Dummies, Netskope Special Edition Published by John Wiley & Sons, Inc. 111
More informationPREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents
PREVENTIA Forward Thinking Security Solutions Skyhigh Best Practices and Use cases. Table of Contents Discover Your Cloud 1. Identify all cloud services in use & evaluate risk 2. Encourage use of low-risk
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationTop Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering
Top Five Security Must-Haves for Office 365 Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering Today s Agenda Introductions & Company Overview Cloud App Trends, Risks
More informationThe 5 Steps to Cloud Confidence
The 5 Steps to Cloud Confidence CLOUD APPS LET PEOPLE GO FAST Organizations are adopting cloud apps in a big way. Today accounting for 23 percent of IT spend, cloud computing has accelerated because it
More informationAPERTURE. Safely enable your SaaS applications.
APERTURE Safely enable your SaaS applications. Unsanctioned use of SaaS (Software as a Service) applications is creating gaps in security visibility and new risks for threat propagation, data leakage and
More informationWeb Protection for Your Business, Customers and Data
WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationTHE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD
Security Intelligence: THE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD Brought to you by Introduction 3 Data Theft from Cloud Systems of Record 5 6-Step Process to Protect Data from Insider
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationCloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products
Cloud Access Security Broker Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products THERE IS A RAPID ADOPTION OF CLOUD APPS INTRODUCING NEW SET OF RISKS We are rapidly
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationThe Top 7 Ways to Protect Your Data in the New World of
The Top 7 Ways to Protect Your Data in the New World of Shadow IT and Shadow Data Brought to you by Elastica and Centrify Introduction According to research conducted by Elastica, most companies use over
More informationIdentifying Broken Business Processes
Identifying Broken Business Processes A data-centric approach to defining, identifying, and enforcing protection of sensitive documents at rest, in motion, and in use 6/07 I www.vericept.com Abstract The
More informationEmpowering Your Business in the Cloud Without Compromising Security
Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive
More informationSecuring SharePoint 101. Rob Rachwald Imperva
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
More informationAuthored by: Brought to you by. Jim Reavis, President - Reavis Consulting Group Brandon Cook, Director, Product Marketing Skyhigh Networks
Authored by: Brought to you by Jim Reavis, President - Reavis Consulting Group Brandon Cook, Director, Product Marketing Skyhigh Networks ABSTRACT Shadow IT is a real and growing concern for enterprises
More informationWhite Paper. Managing Risk to Sensitive Data with SecureSphere
Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationA CPA recounts exponential growth in Compliance. Mary Ellen McLaughlin
Compliance TODAY September 2015 a publication of the health care compliance association www.hcca-info.org A CPA recounts exponential growth in Compliance an interview with Patricia Bickel Compliance and
More informationBeyondInsight Version 5.6 New and Updated Features
BeyondInsight Version 5.6 New and Updated Features BeyondInsight 5.6 Expands Risk Visibility Across New Endpoint, Cloud and Firewall Environments; Adds Proactive Threat Alerts The BeyondInsight IT Risk
More informationKEYS TO CLOUD APP SECURITY
KEYS TO CLOUD APP SECURITY Cloud App Security It s About Cloud Confidence Cloud apps they re everywhere these days! They re easy to use and they let people work faster. Forrester predicts the SaaS market
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationOutbound Email Security and Content Compliance in Today s Enterprise, 2005
Outbound Email Security and Content Compliance in Today s Enterprise, 2005 Results from a survey by Proofpoint, Inc. fielded by Forrester Consulting on outbound email content issues, May 2005 Proofpoint,
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationCLOUD ADOPTION & RISK IN FINANCIAL SERVICES REPORT
TITLE CLOUD ADOPTION & RISK IN FINANCIAL SERVICES REPORT Q2 2015 Published Q3 2015 Cloud Adoption & Risk in Financial Services Report - Q2 2015 00 TABLE OF CONTENTS 01 02 04 05 07 10 INTRODUCTION OVERVIEW
More informationA Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway
A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway Table of Contents Introduction... 3 Implementing Best Practices with the Websense Web Security
More informationTop 10 Features: Clearswift SECURE Email Gateway
Top 10 Features: Clearswift SECURE Email Gateway Top 10 Features: Clearswift SECURE Email Gateway Modern business simply couldn t function without email. However, both incoming and outgoing messages can
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More informationSecuring and Monitoring Access to Office 365
WHITE PAPER Securing and Monitoring Access to Office 365 Introduction Enterprises of all sizes are considering moving some or all of their business-critical applications, such as email, CRM, or collaboration,
More informationProtecting Regulated Information in Cloud Storage with DLP
Protecting Regulated Information in Cloud Storage with DLP Protection of Regulated Information in cloud storage can be provided by an appropriate Data Loss Prevention, DLP, solution. The steps involved
More informationOffice 365 Adoption & Risk Report
Office 365 Adoption & Risk Report 2016 Q2 Table of Contents INTRODUCTION...2 MICROSOFT S LAND AND EXPAND STRATEGY...3 A DEEPER LOOK AT CONSUMPTION BY APPLICATION AND INDUSTRY...7 INSIDER THREATS AND COMPROMISED
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More information2015 Cloud Security Alliance All Rights Reserved
How Cloud Being How Cloud is is Being Used Used in in the Financial Sector: the Financial Sector: Survey Report Survey Report March 2015 February 2015 2015 Cloud Security Alliance All Rights Reserved All
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationSymantec DLP Overview. Jonathan Jesse ITS Partners
Symantec DLP Overview Jonathan Jesse ITS Partners Today s Agenda What are the challenges? What is Data Loss Prevention (DLP)? How does DLP address key challenges? Why Symantec DLP and how does it work?
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationSELECTING AN ENTERPRISE-READY CLOUD SERVICE
21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationInformation Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC
Information Risk Management Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Agenda Data Breaches Required Capabilities of preventing Data Loss Information
More informationCASE STUDY. Global Airline Empowers Mobile Workforce for SaaS Apps while Reducing Risk
Global Airline Empowers Mobile Workforce for SaaS Apps while Reducing Risk 1 About the Airline Since its founding, this worldwide airline has led the industry in flight technology innovation and flyer
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationRSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief
RSA Solution Brief RSA Managing Data Loss the Lifecycle of Prevention Encryption Suite Keys with Uncover your risk, establish control. RSA Key Manager RSA Solution Brief 1 Executive Summary RSA Data Loss
More informationExecutive s Guide to Cloud Access Security Brokers
Executive s Guide to Cloud Access Security Brokers Contents Executive s Guide to Cloud Access Security Brokers Contributor: Amy Newman 2 2 Why You Need a Cloud Access Security Broker 5 You Can t Achieve
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationData Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide
Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide. Four steps for success Implementing a Data Loss Prevention solution to address PCI requirements may be broken into four key
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationA Buyer's Guide to Data Loss Protection Solutions
A Buyer's Guide to Data Loss Protection Solutions 2010 Websense, Inc. All rights reserved. Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. Websense
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationProtecting personally identifiable information: What data is at risk and what you can do about it
Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More informationEXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April 2013. An Osterman Research Executive Brief. sponsored by.
EXECUTIVE BRIEF PON Explosion An Osterman Research Executive Brief Published April 2013 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationOutbound Email and Data Loss Prevention in Today s Enterprise, 2010
Outbound Email and Data Loss Prevention in Today s Enterprise, 2010 Results from Proofpoint s seventh annual survey on outbound messaging and content security issues, fielded by Osterman Research during
More informationCompliance and Security Solutions
Content-aware Compliance and Security Solutions for Microsoft SharePoint SharePoint and the ECM Challenge The numbers tell the story. According to the consulting firm Doculabs, 80 percent of the information
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationEnCase Enterprise For Corporations
TM GUIDANCE SOFTWARE EnCASE ENTERPRISE EnCase Enterprise For Corporations An Enterprise Software Platform Allowing Complete Visibility Across your Network for Internal Investigations, Network Security,
More informationWhite Paper. What the ideal cloud-based web security service should provide. the tools and services to look for
White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web
More informationwhitepaper 4 Best Practices for Building PCI DSS Compliant Networks
4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. The Web Security manager is automatically configured
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More informationHow to Secure Your SharePoint Deployment
WHITE PAPER How to Secure Your SharePoint Deployment Some of the sites in your enterprise probably contain content that should not be available to all users [some] information should be accessible only
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationManaging Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform
Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World
More informationAntivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)
Below you will find the following sample policies: Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) *Log in to erisk Hub for
More informationImproving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec
Improving Unstructured Data Governance Ryan Jancaitis Product Management Symantec Agenda 1 2 3 4 Overview Data Management Data Protection and Compliance Summary Unstructured Information Growth Leads to
More information5THINGS COMPANIES THINK
5THINGS COMPANIES THINK THEY KNOW ABOUT SALESFORCE SECURITY Table of Contents Introduction...01 Misconception #1 Data security is the cloud service provider s problem...02 Misconception #2 We use roles
More informationForeScout CounterACT. Continuous Monitoring and Mitigation
Brochure ForeScout CounterACT Real-time Visibility Network Access Control Endpoint Compliance Mobile Security Rapid Threat Response Continuous Monitoring and Mitigation Benefits Security Gain real-time
More informationReining In SharePoint
Courion Perspective Reining In SharePoint SharePoint is an extremely popular tool that has been widely deployed by many organizations. SharePoint is designed so that it can be implemented without extensive
More informationTHE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements
THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION Technology Overview, Business Justification, and Resource Requirements Introduction to Data Loss Prevention Intelligent Protection for Digital Assets Although
More information10 Building Blocks for Securing File Data
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
More informationProtecting Patient Data in the Cloud With DLP An Executive Whitepaper
Protecting Patient Data in the Cloud With DLP An Executive Whitepaper. Overview Healthcare and associated medical record handling organizations have, for many years, been utilizing DLP, Data Loss Prevention
More informationThe Definitive Guide to Managed File Transfer:
IPSWITCH FILE TRANSFER WHITE PAPER The Definitive Guide to Managed File Transfer: Attaining Automation, Security, Control & Compliance www.ipswitchft.com The Growing Challenge: Moving Files to Support
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationBuilding a Security Program that Protects an Organizations Most Critical Assets
Building a Security Program that Protects an Organizations Most Critical Assets ABOUT BEW GLOBAL WHAT WE WILL COVER TODAY What is a Critical Asset Protection Program Data Loss Prevention & Other Technology
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More information