how to extend security and compliance within box
TRANSCRIPT
PowerPoint Presentation
How to extend security and compliance within BoxYou will learn in the next 60 minutes:The security that comes with BoxExtending security while using BoxTips and tricks to maintain control of your data
1
Box Security2Cloud apps are becoming an essential part of business
Cost effectiveRemote accessAgility and speedImproved ProductivityBetter collaboration
2
Security Ecosystem with BoxBox provides robust security infrastructure, and has built a trusted ecosystem of partners to extend these capabilities
Box is an enterprise-grade collaboration app with robust security features. Advanced API, extensive logging, encryption support, etc.Best in class securityLayered Encryption with EKM (Encryption Key Management)Advanced APIAdministrative ControlsComprehensive Reporting and loggingFlexible Access ControlsStrong AuthenticationData Center Security
In addition, Box has built a trusted ecosystem to provide additional layers of security such as identity management, vulnerability management and Data Loss Prevention.
=====The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like.3
Security In The Cloud is a Shared ResponsibilityBox Security4
FRONTEND SECURITYAccess visibilityAccess controlData loss preventionBACKEND SECURITYXsite scripting, SQL Injection, etc.
WebApplication
SaaSYouVendor
The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like.
http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681
Shadow DataShadow Data All the sensitive data that may exist in sanctioned or unsanctioned apps, without the knowledge of IT. Shadow IT All the Cloud Apps used in your organization, without the knowledge of IT (unsanctioned apps)What is Shadow Data? Box SecurityBitcasaUserZoomZing DriveBShare
So youve probably heard of Shadow IT, but you may not have heard the term Shadow Data. But the reality is Shadow Data can be far more important to track. While Shadow IT is about understanding all the cloud apps that are being used in your environment that IT may not be aware of, Shadow Data is about understanding what types of data users are uploading into your apps and how they are sharing these files with others. Data Loss Prevention solutions for the cloud are needed to help identify Shadow Data and control how it is shared within and outside an organization.
Elastica CloudSOC Product Overview6Whos Responsible for Data Loss?
No malicious intentCompromised Credentials or DevicesDetermined Internal Threat
Most data loss is accidental as opposed to malicious6
Alice shares a file with Bob
Bob shares that file publiclyAvg breach costs $201/record.A viral episode will cost you ?!
Accidental Over-sharing
Box SecurityOTHERAPPS
Most data loss is unintentional. Users may inadvertently not set the proper sharing permissions, which can lead to a viral sharing of data. So while Alice originally intended to share a file with Bob, that same file may wind up being shared with many others including being loaded into other cloud apps.
===So to expand on this, lets take a look at the other case. The non-malicious user whos simply oversharing.
So let me ask you this question: Do you remember back in the day when we had file sharing within our data center? Wed build a file server, and the IT admin or domain admin had full control over who had access to that file server and what could be shared with whom. When we work with applications like Dropbox, for all the wonderful things it brings us, it now also brings us the question of who controls sharing? Sharing has become democratized now, where youre putting the controls in the hands of the user. Even file owners no longer fully control how their files are shared. *CLICK* Lets look at this example where Alice shares a file with Bob, *CLICK* and then Bob decides to share the file with two friends. And they share with their friends, and so on, and so on, and so on. From here things get very complicated because permissions, control, file ownership, all get a little confusing. This is an example of what we call shadow data, or shadow IT. Youll likely hear me use this term again.
files per user are broadly shared (average)
12.5%contain compliance related data Shadow Data
25%Of total files stored in the cloud per user (average)
of these files
Box Security
So lets take a look at the stats here: From data weve collected on our own customers that were monitoring, we see that the average user stores about 2037 files in cloud based storage accounts. *CLICK* Of these files on average about 185 of these are shared broadly. *CLICK* These may be public or externally shared or just shared with the whole company.
If we take a look at those 185 files that are shared broadly, about 20% of these contain sensitive data! (PII, PHI or PCI)
If we go back and look at it from perspective of which users are doing this, we see that 5% of our users are responsible for 85% of the risk exposure. So who are they? What are these files? Where are they? And how do we remediate this? As it turns out, we can solve these, problems, but we need the right tools. Manual remediation would take us lengthy amounts of time to resolve, but automated tools, can resolve this in seconds.
Average number of files per user 2037
About 9% broadly shared (company-wide, external or public)
20% of these contain compliance-related data!
Average time to remediate risk exposures: Manual: 67 minutes per user Automated: 16 seconds per user (1/251)
9Malicious Activity1.34% of accounts were compromisedCompromised means: account takeover, rogue (bad actor) insider, malicious data destruction, etc.Report highlighted threshold triggers (static) and anomalous behavior (data science) just a sample out of 60+ factors This malicious activity would apply regardless of SaaS app or storage provider used, Google Drive
From Elasticas Q2 2015 Shadow Data Report:Malicious Use% of total compromised accountsBox Security
Some data loss is due to malicious activity as well. The most likely malicious attack vector is by compromising a user credentialHighlight 3 typical cases:Compromised Credential from phishing attack or stolen loginMalware can hide on a users computer, and hijack a valid end-user session when they are logged into a cloud appMalicious Insider
9
Slideshow Title10Elasticas Solution for Box
How we connect, Leverage powerful APIs via Box Securlet. Can also monitor real-time transactions through GW, where we extract very granular level detail of user activity.
Offer range of security apps: Detect Protect Investigate10
Protect DataCreate and enforce rich content-based & context-based policies across all cloud apps
Leverage ContentIQTM for deep classification of compliance-related and sensitive contentEnforce granular controls to prevent data leakage and remediate exposuresLeverage ThreatScore to block risky transactions in real-timeElastica CloudSOC Product Overview11
11
Automatically classify, detect and remediate content uploaded to cloud apps leveraging semantic analysis
Create & enforce policies based on wide range of criteria, including: users, device, location, file properties, access properties, content, activity, ThreatScoreElastica CloudSOC Product Overview12
12
Detect ThreatsLeverage User Behavior Analytics to Identify Suspicious BehaviorGenerate actionable ThreatScoreTM in real-timevDetect Threats from hijacked credentials, targeted malware or malicious insidersEnable policies to generate alerts or quarantine malicious behaviorElastica CloudSOC Product Overview13
13
ThreatScore
vThreatScoreTM based on severity of suspicious activityActionable visual drill downHigh accuracy through User Behavior AnalysisAutomation Leverage for policy enforcement
suspicious activity
Elastica CloudSOC Product Overview14
14
Quickly examine granular historical data for post-incident analysis
Leverage flexible cloud storage to retain as much history as desiredAdvanced search & visualization tools to quickly find relevant dataPerform deep dive analysis for legal, compliance or HR initiativesInvestigate Incidents
Elastica CloudSOC Product Overview15
15
Data Science Powered Cloud App Security
Machine LearningSemantic AnalysisNatural Language ProcessingGraph Theory
Elastica CloudSOC Product Overview16
16
17Box provides excellent security, but you still need
Extended user visibility and controlAnalysis of risky behavior
Automated classificationData protection / attack mitigation
REQUIREMENTBECAUSEHOW Compliance mandates require identification of sensitive dataUsers can bypass your security controlsAttacks involving compromised credentials are hard to detect with traditional technologies Alerting alone does not prevent unintentional or malicious data lossLeverage data science to automatically classify contentReal-time awareness of access and actionsContinuously perform user behavior analysis for every account to identify suspicious activityEnforce granular policies to govern sharing of sensitive data and quarantine suspicious accountsBox Security
Suggestion: Data Protection / Attack Mitigation 17
18Extending Boxs Security Capabilities
Extended user visibility and controlAnalysis of risky behavior
Automated classificationData protection / attack mitigation
REQUIREMENTBECAUSEHOW Compliance mandates require identification of sensitive dataUsers can bypass your security controlsAttacks involving compromised credentials are hard to detect with traditional technologies Alerting alone does not prevent unintentional or malicious data lossLeverage data science to automatically classify contentReal-time awareness of access and actionsContinuously perform user behavior analysis for every account to identify suspicious activityEnforce granular policies to govern sharing of sensitive data and quarantine suspicious accountsBox Security
Suggestion: Data Protection / Attack Mitigation 18
External and public content exposures, including compliance risks
Inbound risky content shared with employees (e.g. malware, IP, etc)Risky users and user activitiesGet a Free Shadow Data Risk AssessmentBox Security
19
Thank You!Take the free Shadow Data Risk AssessmentVisit us to learn how you can find risks and protect critical content in your file sharing apps.Elastica.net
ABOVE LEARN MORE BULLETS NEED TO BE UPDATED.
Design notes: Same layout as the Gateway closing slide
Now that youve seen this, I hope weve been able to answer your questions about safely enabling Dropbox. We would love to ask you to give Elastica a try. Setting up an evaluation literally takes about 5 minutes, requires no hardware or software, and you can start gaining visibility into your Dropbox for Business accounts very quickly.
To get started, please contact your local sales team, or contact us directly here at Elastica to set up an evaluation today. Thanks, and well look forward to seeing you on our next webinar!