dr. david movshovitz - navajo saas

36

Upload: csaisrael

Post on 08-Jun-2015

1.095 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Dr. David Movshovitz -  Navajo SaaS
Page 2: Dr. David Movshovitz -  Navajo SaaS

The Navajo Systems vision:

To expand the use of cloud computing by

eliminating the entry barriers of data privacy

and regulatory compliance.

Founded in 2009 by experts in the fields of information security

and back by Jerusalem Venture Partners a leading Israeli

venture capital fund with over $780 million under

management

Page 4: Dr. David Movshovitz -  Navajo SaaS

Navajo in the News

Page 5: Dr. David Movshovitz -  Navajo SaaS

Analyst Recognition

Page 6: Dr. David Movshovitz -  Navajo SaaS

SaaS is all around us

The “traditional” enterprise vendorsare coming in

Page 7: Dr. David Movshovitz -  Navajo SaaS

“Security is the number one issue affecting the adoption of cloud

services.”Dan Yachin IDC - 2008

“Privacy concerns and laws or other domestic or foreign regulations

may reduce the effectiveness of our solution and adversely affect our

business.”SalesForce 2008 Annual Report

“The security models being used three or four years go are not the

kind we'll be using in the future.”Steve Purser, deputy director of European Union network security agency

Saas Industry Consensus #2

Page 8: Dr. David Movshovitz -  Navajo SaaS

Can We Trust our SaaS Providers?

Page 9: Dr. David Movshovitz -  Navajo SaaS
Page 10: Dr. David Movshovitz -  Navajo SaaS
Page 11: Dr. David Movshovitz -  Navajo SaaS
Page 12: Dr. David Movshovitz -  Navajo SaaS

Relevant Data Security Regulations

• Health Insurance Portability and Accountability Act (HIPAA)

• Sarbanes Oxley (SOX)

• Children's Online Privacy Protection Act (COPPA)

• Family Educational Rights and Privacy Act (FERPA)

US State Regulations

• California's AB 1950 and SB1386/CC1798

• Nevada NRS 597.970

• Massachusetts 201 CMR 17.00

• Florida's HB 481

• Georgia's SB 230

• Illinois' HB 1633

• New York's AB 4254

• Pennsylvania's SB 712

• Utah's SB 69

International Regulations

• The Payment Card Industry Data Security Standard (PCI DSS) and Check 21 Act

• UK Data Protection Act

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)

• International government and banking regulations for the European Union, United Kingdom, Israel, South Africa, Australia and Singapore

The controller himself needs to GUARANTEE compliance withall data protection regulations.

Page 13: Dr. David Movshovitz -  Navajo SaaS

Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties

(CSA Guideline 2.0)

What can we do?

Cloud Computing

Page 14: Dr. David Movshovitz -  Navajo SaaS

Virtual Private

SaaS

Page 15: Dr. David Movshovitz -  Navajo SaaS

The Customer Control Concept

Page 16: Dr. David Movshovitz -  Navajo SaaS

VPS: A Revolutionary Concept

Customer is in control of its data privacy

Real-time encryption of sensitive SaaS data

Sensitive data remains encrypted while at rest

SaaS application functionality is unaffected

Out-of-the-box policy configuration

No need to modify the SaaS application

*Patent pending technology

Page 17: Dr. David Movshovitz -  Navajo SaaS

Navajo VPS Use Case

Page 18: Dr. David Movshovitz -  Navajo SaaS

Client sends data to VPS

Page 19: Dr. David Movshovitz -  Navajo SaaS

Step 1: Detect Sensitive Data

Page 20: Dr. David Movshovitz -  Navajo SaaS

Step 2: Encrypt Sensitive Data

Page 21: Dr. David Movshovitz -  Navajo SaaS

Step 3: Send Encrypted DataStep 4: Store Encrypted DataStep 5: Receive Data from App

Encrypted Data Customer name : eso01992

Social security no : add3441asdadE-mail : [email protected]

Address : edqew213adaParent account : adcae87asf

Credit card no : adwew.edwe.eqe.qeqePhone no : 432-2424-242-234

Page 22: Dr. David Movshovitz -  Navajo SaaS

Step 7: Decrypt and Present Data Step 6: Detect Encrypted Data

Page 23: Dr. David Movshovitz -  Navajo SaaS

Step 8: Search and Query Data

Page 24: Dr. David Movshovitz -  Navajo SaaS

Real-time Encryption of Sensitive SaaS Data:

1. Contacts

2. Accounts

3. Reports

SaaS application functionality is unaffected

1. Search for data

2. Sort contacts

3. Run Reports

Live Demo

Page 25: Dr. David Movshovitz -  Navajo SaaS

Listed on Salesforce’s AppExchange

Page 26: Dr. David Movshovitz -  Navajo SaaS

Processing Encrypted Data

“...safe harbor provisions in laws and regulations treat lost encrypted data as not lost at all.”

–Cloud Security Alliance , December 2009

Page 27: Dr. David Movshovitz -  Navajo SaaS

Virtual - Private SaaS

Page 28: Dr. David Movshovitz -  Navajo SaaS

VPS Server Architecture

HTTP ProxyApache

SMTP Proxy & MTA

Pop3 Proxy SaaS Integration

API

Administration

Policy Management

*Encryption Engine

Standard Encryption Format-preserved Encryption

Search Enabled Encryption

File encryption

Sort and Search Enabled Encryption

*Based on NIST-standard algorithms

Page 29: Dr. David Movshovitz -  Navajo SaaS

VPS Server Architecture

HTTP ProxyApache

SMTP Proxy & MTA

Pop3 Proxy SaaS Integration

API

Administration

Policy Management

*Encryption Engine

Standard Encryption Format-preserved Encryption

Search Enabled Encryption

File encryption

Sort and Search Enabled Encryption

*Based on NIST-standard algorithms

Page 30: Dr. David Movshovitz -  Navajo SaaS

VPS Server Architecture

HTTP ProxyApache

SMTP Proxy & MTA

Pop3 Proxy SaaS Integration

API

Administration

Policy Management

*Encryption Engine

Standard Encryption Format-preserved Encryption

Search Enabled Encryption

File encryption

Sort and Search Enabled Encryption

*Based on NIST-standard algorithms

Page 31: Dr. David Movshovitz -  Navajo SaaS

VPS policy Data Flow

HTTP ProxyApache

SMTP Proxy & MTA

Pop3 Proxy SaaS Integration

API

Policy

*Encryption Engine

Standard Encryption Format-preserved Encryption

Search Enabled Encryption

File encryption

Sort and Search Enabled Encryption

SaaS / PaaS Vendor

Page 32: Dr. David Movshovitz -  Navajo SaaS

One Infrastructure

Multiple Application

Page 34: Dr. David Movshovitz -  Navajo SaaS

Comparison of Data ConfidentialityRisk

Solution

Eaves-dropping/Tampering

Database Theft

IdentityTheft

ServerHacking

TLS / SSL

VPN

Virtual PrivateCloud

DatabaseEncryption

Firewall

SAS-70

Navajo –VPS

Page 35: Dr. David Movshovitz -  Navajo SaaS

With VPS, SaaS Customers will…

• Retain complete control over

sensitive data

• Eliminate data privacy concerns

• Eliminate data regulation concerns

• Reduce the expense of SaaS

solution audits

Page 36: Dr. David Movshovitz -  Navajo SaaS