DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER

Transcription

1 DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER

2 ABOUT DRUVA Company Fastest growing data protection company Headquartered in Silicon Valley Backed by Sequoia and EMC Ranked #1 by two years running Druva has been a phenomenal answer to Dell for protecting our data Brad Hammack IT Emerging Technologies 2

3 TRUSTED BY 3,000+ GLOBAL ENTERPRISES 3

4 YOUR ENTERPRISE IS CHANGING Data Center 85% Endpoints 7% Remote Sites 8% Data Center 56% Endpoints 28% Remote Sites 10% Cloud 6% 2x Growth of corporate data every 14 months (Source: Gartner) 4

5 CONFIDENCE & CONTROL NO LONGER EXIST High risk of permanent data loss Business continuity & end user productivity impact Lost visibility for compliance & legal requirements 8% 26% 60% Enterprise devices lost per year Litigation includes data from mobile devices Enterprises will have half of their infrastructure in the cloud by

6 COMMON CLOUD SECURITY/PRIVACY CONCERNS SaaS Application Services PaaS Distributed Database Services IaaS Infrastructure: Compute + Storage Infrastructure Security: Where is the infrastructure? How is it controlled and to what extent certified? Data Security: How is the data encrypted in transit and stored at-rest Data Residency: What are the regional data controls? Data Privacy: What controls are in place to provide ethical walls? What data can my SaaS provider access? SaaS Security: What certifications and security controls does the SaaS provider have in place? 6

7 COMPONENTS OF DRUVA SECURITY Process, policies & procedures Application Infrastructure 7

8 INFRASTRUCTURE SECURITY

9 Powered by AWS DATA CENTER SECURITY State-of-the-art facilities with physical & environmental security Fault Tolerant Design o 10 regions across the globe o Multiple availability zones per region 9

10 NETWORK SECURITY Vulnerability testing Distributed Denial Of Service (DDoS) Attack Firewall security groups Man In the Middle (MITM) Attack IP Spoofing Port Scanning Protects customer data from network attacks: o Intercepting in-transit data o System breaches o Blocking/disrupting services Packet sniffing by other tenant 10

11 AWS Security Certifications & Compliance FISMA Moderate Type I & II SOC 1,2,3 ISAE 3402 ITAR HIPAA GovCloud with ITAR, FedRAMP, and FIPS PCI DSS Platform Security FIPS MPAA ISO Physical Security Network Security People & Procedures Annual renewal of certifications ://aws.amazon.com/compliance/ /

12 APPLICATION SECURITY

13 End-to-End Data Security At endpoint: o Enforceable native OS encryption o DLP for remote wipe, geo-location o MDM integration for advance DLP and app provisioning Authentication: o AD Integration o SSO via SAML 2.0 with ADFS,Okta, OneLogin, Ping, etc. In transit: o 256-bit SSL In storage: o 256 AES w/ unique split key encryption

14 KEY MANAGEMENT & DATA ENCRYPTION Works like a bank safety-deposit box o Unique encryption key generated per customer o Key itself is encrypted with customer credentials and stored as a token They key itself is inaccessible by anyone o Only exists during the client session o Never leaves the system o Removes the need for key management Druva cannot access/decrypt customer data with stored token 14

15 Data o S3 buckets DATA COMPARTMENTALIZATION o Data scrambling & de-duplication o Data encryption with zeroknowledge o Meaningless without metadata o Strict mapping of users to storage regions 15

16 PRIVACY Granular administration rights based on customizable roles Granular privacy settings: o Provide administrators access to user data o Prevent all administrators to access user data o Allow users to prevent administrators to access their data o Prevent users from allow or disallowing administrators to access their data. TRUSTe certified privacy with EU Safe Harbor 2014 Druva. All rights reserved. 16

17 POLICY & PROCEDURES

18 Information Security Policy Information Security Group (ISG) headed by CISO ISG responsible for infosec policy, standards, procedures & guidelines Clearly defined controls for Cloud Operations access & permissions Security awareness & Infosec training for employees Security incident response plan

19 The Proof: Druva Security Certifications Certifications & Validations o ISAE-3000 Logical Access Security of customer data Network Security Information Security Human Resources Procedures Physical Access Environmental Controls o o o TRUSTe certified privacy EU Safe Harbor HIPAA SkyHigh CloudTrust program partner Regular VAPT Testing (White Hat) Audits done every year

20 THANK YOU 2015