data privacy, security, and sovereignty in a cloudy world
DESCRIPTION
Jon Oltsik, ESG Senior Principal Analyst and widely recognized information security expert, reviews what it means to ensure data privacy, security, and sovereignty, and what you should be looking for from your cloud providers.TRANSCRIPT
Data Privacy, Security,
and Sovereignty in a Cloudy World
Speakers
Jon OltsikSenior Principal Analyst
Enterprise Strategy Group
Rajneesh ChopraVP, Product Management
Netskope
Agenda
1. Cloud computing plans2. Cloud computing and information security3. What’s Needed4. The Bigger Truth5. Q&A
Cloud Computing Plans
5© 2014 Netskope. All Rights Reserved.
2014 IT Spending Change by Technology
Information management software (N=168)
Endpoint computing devices (N=175)
Infrastructure management software (N=178)
Business applications (N=261)
Databases (N=282)
Server infrastructure (N=337)
Business intelligence/analytics (N=187)
Network infrastructure (N=301)
Storage infrastructure (N=306)
Virtualization/private cloud infrastructure software (N=197)
Security (N=261)
Cloud computing services (N=276)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
40%
41%
43%
46%
46%
47%
48%
49%
52%
52%
62%
72%
48%
46%
46%
41%
44%
38%
45%
38%
31%
39%
31%
21%
12%
13%
12%
14%
10%
15%
7%
14%
17%
9%
7%
6%
To the best of your knowledge, to what extent will your organization’s 2014 IT spending for each technology listed below change relative to 2013? (Percent of respondents)
2014 spending will increase 2014 spending will stay flat 2014 spending will decrease
6© 2014 Netskope. All Rights Reserved.
Usage of Cloud Computing Services
Platform-as-a-service (PaaS)
Infrastructure-as-a-service (IaaS)
Software-as-a-service (SaaS)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
27%
33%
63%
10%
12%
23%
21%
17%
18%
15%
9%
20%
17%
10%
2%
2%
1%
Please indicate your organization’s usage of or plans for each of the following cloud computing services. (Percent of respondents, N=562)
Currently use Do not currently use, but we have done so within the past two years
Do not currently use but we plan to No use or plans at this time but we are interested
No use, plans, or interest at this time Don’t know
7© 2014 Netskope. All Rights Reserved.
Most Important Considerations for IT
Speed of payback
Reduced time-to-market for our products or services
Improved regulatory compliance
Reduction in capital expenditures
Improved security/risk management
Business process improvement
Reduction in operational expenditures
Return on investment
0% 5% 10% 15% 20% 25% 30% 35% 40%
18%
19%
20%
26%
31%
37%
37%
38%
Which of the following considerations do you believe will be most important in jus-tifying IT investments to your organization’s business management team over the
next 12 months? (Percent of respondents, N=562, three responses accepted)
8© 2014 Netskope. All Rights Reserved.
Applications Deployed via SaaS Model
Marketing automationContent management/document management
Accounting/financialProject management
Business intelligence/analyticsOffice productivity
Human resourcesInternet/e-mail marketing
Industry-specific applications Collaboration/file sharing
E-mailCRM (Customer Relationship Management)
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
21%25%
26%27%
28%29%
30%30%
31%33%
38%40%
You have indicated that your organization is currently using software-as-a-service (SaaS). What specific applications has your organization currently deployed via a
SaaS model? (Percent of respondents, N=354, multiple responses accepted)
Cloud Computing and Information Security
10© 2014 Netskope. All Rights Reserved.
Security Issues with IT Initiatives
Desktop virtualization
Web applications / SOA
Server virtualization
BYOD policies
Remote worker policies
Mobile devices
Cloud computing
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
6%
9%
13%
17%
18%
30%
31%
34%
37%
38%
30%
38%
32%
38%
41%
38%
32%
31%
29%
21%
16%
9%
11%
10%
7%
7%
9%
6%
3%
3%
4%
5%
3%
5%
3%
6%
3%
2%
10%
4%
2%
6%
How has the introduction of the following technologies and policies altered security management and operations at your organization? (Percent of respondents, N=315)
Made security management and operations much more difficult Made security management and operations somewhat more difficultHad no impact on security management and operations Made security management and operations somewhat easierMade security management and operations much easier Don’t know / Not applicable
11© 2014 Netskope. All Rights Reserved.
Biggest IT Risks with Cloud Infrastructure
Rogue employee working at a cloud service provider
Strategic cloud service provider financial problems
Failing an IT or compliance audit
Application-layer vulnerabilities within cloud infrastructure provider web applications
Employees may be using cloud-based infrastructure services that the IT and security departments are unaware of
Risk of a network breach between internal networks and cloud service providers
Poor security practices at a cloud service provider
Security breach that compromises our cloud service providers’ in-frastructure
Lack of security visibility into cloud services infrastructure
Privacy concerns associated with sensitive and/or regulated data stored and/or processed by a cloud infrastructure provider
Lack of control over security operations directly related to IT resources used for internal purposes
0% 5% 10% 15% 20% 25% 30% 35%
16%
16%
19%
21%
22%
26%
27%
28%
29%
31%
33%
Which of the following do you believe present the biggest IT risks in relation to the use of cloud in -frastructure services? (Percent of respondents, N=229, multiple responses accepted)
12
WHERE ARE THE DATA LOCATED?
ARE THE DATA SENSITIVE?
• Geo-residency visibility and policy enforcement
• Block uploading to cloud apps where data are stored outside of geo
• Prevent “sharing” outside of geo
• In-depth DLP inspection
• Understand 400+ file types
• 3000+ unique data identifiers that include regional differences
• Pre-defined PII, PCI, PHI profiles
© 2014 Netskope. All Rights Reserved.
Understand company, customer, and employee data in context
COMPANY, CUSTOMER, AND EMPLOYEE DATA
13© 2014 Netskope. All Rights Reserved.
Encryption key management
• Manage encryption keys in the cloud or on-premises
• Netskope Active Encryption is FIPS 140-2, Level 3 security certified
14© 2014 Netskope. All Rights Reserved.
Security Skills Shortage
We do not currently have a problematic shortage of existing information se-curity skills
Application/database security
Email/messaging security
Security operations
Application development security
Emerging threat/malware expertise
Security analysis/forensics
Data security
Network security
Endpoint/mobile device security
Cloud/server virtualization security
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
8%
20%
22%
23%
25%
28%
30%
30%
31%
31%
43%
In which of the following areas of information security do you believe your IT organization currently has a problematic shortage of existing skills? (Percent of respondents, N=315, multiple responses
accepted)
What’s Needed?
“As IT loses control, CISOs need to establish more control”
Identity and data
What’s Needed?
Discovery
• Applications, users, activities, etc.
Control
• Alignment with security policies
• Granularity, contextual policy enforcement
Visibility
• “Wide and Deep”
• Analytics capabilities
Detection and Response
• Risk management
• Alerting
• Change management
• Automation
17© 2014 Netskope. All Rights Reserved.
Understand location of apps, users, and data traffic
The Bigger Truth
Cloud computing momentum
Security issues
• People, processes, and technology
• As IT loses control, CISOs must gain greater control of what they can
Need for:
• Discovery, continuous monitoring, situational awareness, risk management, and controls
REAL-TIME & FLEXIBLE DEPLOYMENT
ANY DEVICEANY APP
Data
Activity
App
Identity
Discovery VisibilityGranular Control
Ser
vice
sD
eep
Con
text
Netskope Active Platform
Where are your users? Where is the data?
20
Allow is the new block (allow is new block green light slide)
21