Background. Liwei Ren. Trend Micro



Similar documents
IoT Security: Problems, Challenges and Solutions

IoT Security: Problems, Challenges and Solutions

Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

CA Technologies Data Protection

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

Data Protection McAfee s Endpoint and Network Data Loss Prevention

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

Executive s Guide to Cloud Access Security Brokers

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Why Encryption is Essential to the Safety of Your Business

Taking a Data-Centric Approach to Security in the Cloud

Cisco Cloud Consumption Assessment Service

State of Security Monitoring of Public Cloud

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

WHITE PAPER AUGUST 2014

RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively

Axway SecureTransport Ad-hoc File Transfer Service

Logging In: Auditing Cybersecurity in an Unsecure World

Protecting Data-at-Rest with SecureZIP for DLP

Understanding and Selecting a DLP Solution. Rich Mogull Securosis

Secure Cloud Computing

Sichere bewegliche Arbeitskräfte Trend Micro Safe Mobile Workforce

Websense Data Security Solutions

Five Tips to Ensure Data Loss Prevention Success

Symantec DLP Overview. Jonathan Jesse ITS Partners

Unified Threat Management, Managed Security, and the Cloud Services Model

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Cloud Services Overview

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments

While you are waiting for our webinar to begin, you might be interested in the downloads on the Attachment tab:

How To Implement Data Loss Prevention

Information Classification:

Government of Canada Managed Security Service (GCMSS) Annex A-6: Statement of Work - Data Loss Prevention (DLP)

Cloud App Security. Tiberio Molino Sales Engineer

CLOUD ACCESS SECURITY BROKERS

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Security & Cloud Services IAN KAYNE

HIPAA and HITECH Compliance Simplification. Sol Cates

Enterprise File Share and Sync Fabric. Feature Briefing

For your eyes only - Encryption and DLP Erkko Skantz

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Compliance in 5 Steps

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

Web Security Gateway Anywhere

Best Practices for DLP Implementation in Healthcare Organizations

Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Devising a Server Protection Strategy with Trend Micro

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

The. Tenets of IAM. Putting Identity Management at the Center of Security. Darran Rolls, Chief Technology Officer

Visibility and Control for Sanctioned & Unsanctioned Cloud Apps

McAfee - Overview. Anthony Albisser

Web Protection for Your Business, Customers and Data

Protecting Your Data On The Network, Cloud And Virtual Servers

Cloud Roadmap to Success. October, 2014

HIPAA Privacy and Information Security Management Briefing

Cloud Data Security. Sol Cates

V1.4. Spambrella Continuity SaaS. August 2

PRIVACY, SECURITY AND THE VOLLY SERVICE

Where is your Corporate Data Going? 5 tips for selecting an enterprise-grade file sharing solution.

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Risk and threats everywhere, all the time

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

ParlaMI, Enterprise Instant Messaging

- DLP Des nuages. à la terre ferme

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

CONSUMERIZATION OF IT BYOD and Cloud-based File Storage

insync Benefits & Comparison

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Transcription:

Securing Your Data for the Journey to the Clouds Liwei Ren, Ph.D, Trend Micro April, 2015, SNIA DSI 2015, Santa Clara, California Copyright 2011 Trend Micro Inc. 1

Background Liwei Ren Research interests DLP, cloud data security, big data & security, math modeling & algorithms. Major works 10+ academic papers; 20+ US patents granted, and a few more pending; Co-founded a data security company in Silicon Valley with successful exit. Education MS/BS in mathematics, Tsinghua University, Beijing Ph.D in mathematics, MS in information science, University of Pittsburgh Trend Micro Global security software company with headquarter in Tokyo, and R&D centers in Silicon Valley, Nanjing and Taipei; One of top security software vendors. Copyright 2011 Trend Micro Inc. 2

Agenda A Glance at Data Security Three Data Security Problems in the Cloud A Few Technologies CASB: an Integrated Solution Can We Do Better in the Future? Summary Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 3

A Glance at Data Security Should we take a look at data security in general before flying to the cloud? Let me list a few areas of data security that I have some knowledge: Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 4

Data Security Problems in the Cloud Data security problems caused by cloud platforms: 1. Data residence in cloud when using cloud SaaS or cloud app 2. Data leaks to personal cloud apps directly from enterprise networks 3. Data leaks to personal cloud apps indirectly via BYOD devices Data classification: Data states: Data at rest Data in use Data in motion Data types: Structured data Unstructured data Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 5

Data Security Problems in the Cloud Data residence in cloud when using cloud apps: Data privacy Data breach Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 6

Data Security Problems in the Cloud Data leaks to cloud apps directly: 1. Employees may use cloud storage applications Dropbox, Evernote as personal users. 2. Employees may use cloud storage box.com as enterprise users. 3. They may use personal emails that could attach confidential files. 4. One has cloud-based business email such as Office 365 Email. Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 7

Data Security Problems in the Cloud Data leaks to the cloud via file sync apps: Mobile device BYOD Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 8

A Few Technologies A few technologies for solving each problem: Traditional DLP : problem 2 Cloud Encryption Gateway: problem 1 Aka, SaaS Encryption Gateway Cloud DLP : problem 1 & 2 CASB: problem 1 & 2, and hopefully problem 3. With other security capabilities. This is an overall and integrated solution for cloud data security. Copyright 2011 Trend Micro Inc. 9

A Few Technologies DLP = Data Leak Prevention (aka, Data Loss Prevention) Data at rest, data in motion, and data in use. DLP solution architecture: Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 10

DLP DLP Model for endpoints Data in use or data in motion Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 11

DLP DLP Model for network Data in motion in network DLP Model for concept: Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 12

DLP DLP Security Rules based on DLP Models: DATA leaks from SOURCE to DESTINATION via CHANNEL, system takes ACTIONs DATA: confidential data categories such as IP, PII, PCI, HIPAA, SOURCE: user name, computer name, IP address CHANNEL: USB, FTP, email, IM, HTTP/HTTPS, protocol of cloud app (Web mail, Dropbox, Linkedin, Facebook, ) DESTINATION: cloud app, email recipients, unknown IP, USB ACTION: log, block, alert, notification, encryption, quarantine, Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 13

DLP for Cloud Data Security Question: can we extend DLP for supporting data leak to the cloud specifically? The answer is YES. Current DLP products & technologies provide solution to Cloud Security Problem 2 with DLP rules defined as: DATA leaks from SOURCE to DESTINATION via CHANNEL, system takes ACTIONs DATA: confidential data categories such as IP, PII, PCI, HIPAA, SOURCE: user name, computer name, IP address CHANNEL: cloud App Protocols (such as Dropbox, web mail, Facebook, Linkedin) DESTINATION: cloud apps ACTION: log, encryption, block, Copyright 2011 Trend Micro Inc.

DLP for Cloud Data Security Conclusion: Problem 2 can be solved by a DLP product How to solve problem 1? Copyright 2011 Trend Micro Inc. 15

Cloud Encryption Gateway An effective solution to Cloud Security Problem 1 should satisfy following properties; The confidential information residing at cloud should only be accessed by data owners. Data owners can apply data operations to the data defined by users functional roles. When applying encryption to structured data, data formats are preserved. An ideal solution is Fully Homomorphic Encryption (FHE) However, this solution is not available any time soon due to performance issue. It may be available in next decades with further breakthroughs. Another ideal solution is MPC ( multi-party computing) however, not practical yet for the same reason. Copyright 2011 Trend Micro Inc. 16

Cloud Encryption Gateway An alternative to FHE is Format Preserving Encryption + Tokenization for the structured data on SaaS apps Cloud Encryption Gateway or SaaS Encryption Gateway Copyright 2011 Trend Micro Inc. 17

Cloud Encryption Gateway Conclusion: Problem 1 can be solved by a Cloud Encryption Gateway Can we solve problem 1 & 2 together? Copyright 2011 Trend Micro Inc. 18

Cloud DLP Gateway Cloud DLP Gateway : DLP + Cloud Encryption Gateway. It solves cloud data security problem 1 & 2 all together. Copyright 2011 Trend Micro Inc. 19

Cloud DLP Gateway How about problem 3? Can we do more with Cloud DLP Gateway? Yes, let me propose this I am sure industry will have an implementation soon. Copyright 2011 Trend Micro Inc. 20

CASB: an Integrated Solution Cloud Access Security Broker (aka, CASB) is a new product category defined by Gartner. It goes beyond data security to include more cloud security functions: Anti-malware + Cloud IAM + Cloud DLP + It is a platform for cloud data security Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 21

CASB: an Integrated Solution My View: there has been an evolution in the past few years: Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 22

Can We Do Better in the Future? When FHE advances to become practical, we have better solution for problem 1. Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 23

Summary Describing Three Problems of Cloud Data Security An Evolution of Technologies in the Past: Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 24

Q&A Thank you! Please ask questions. so I know you were enjoying this talk Classification 4/1/2015 Copyright 2011 Trend Micro Inc. 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information