gdpr and privacy enhancing technologies shane mcentagart ... · global turnover 72 hours given to...
TRANSCRIPT
9th February 2018
Cyber SecurityGDPR and Privacy Enhancing TechnologiesShane McEntagart ( [email protected] )
Event briefing and overview
Shane McEntagart
(Deloitte)
GDPR alignment with Cyber Security
Liam O’Connor
(Deloitte)
Panel discussion
Chair: Jacky Fox
(Deloitte – Cyber Security Lead )
Presenters
Nicola Flannery
(Deloitte – Data Privacy)
Mark Oldroyd (Sailpoint)
David Higgins
(CyberArk)
Clive Finlay (Symantec)
Agenda and Welcome
Headline Verdana BoldCyber SecurityGDPR and Privacy Enhancing TechnologiesLiam O’Connor ( [email protected] )
Facts & figures
What changes does the GDPR bring?
4%Potential fines as a percentage of global turnover
72Hours given to
report a data breach7
Core individual rights afforded
under the GDPR
28,000Estimated number
of new Data Protection Officers required in Europe (IAPP study 2016)
80+New
requirements in the GDPR
190+Countries
potentially in scope of the regulation
€203mCost of 4% fine for a typical FTSE 100
company
What changes does the GDPR bring?
Changes compared to the 1995 Directive (95/46/EC)
Broader territorial scope
Enforcement
Accountability
Expanded definitions
Data subjects rights
Consent
Data breach notification
One-stop shop
International data transfers
General
Data
Protection
Regulation
Applies to players not established in the EU but whose activities consist of targeting data subjects in the EU
Data Protection Authorities will be entitled to impose fines ranging between 2% to 4% of annual turnover, or 10 – 20 million euros
Explicit obligation to the controller as well as the processor to be able to demonstrate their compliance to the GDPR
Personal data now might include location data, IP addresses, online and technology identifiers
Reinforced rights: Access, rectification, restriction, erasure, portability,objection to processing; no automated processing and profiling
Spelled out more clearly and focus on ability of individuals to distinguish a consent
Report a personal data breach to the Data Protection Authority within 72 hours
Data Protection Authorities (DPA) of main establishment can act as lead DPA, supervising processing activities throughout the EU
Processing Inventory
Data
Management
Data
Transfers
Strategy
Policies &
procedures
Auditand Certification
Privacy by Design
Organisation and
Accountability
Communication,
Training, Awareness
Privacy Impact
Assessment
GDPR Transformation Programme
A best practice privacy programme distinguishes six main focus areas. This can help to formulate key objectives:
StrategyLayer 1
Organisation and accountabilityLayer 2
Policy, process & dataLayer 3
Culture, training & awarenessLayer 4
Privacy operations Layer 5
Processing inventoryLayer 6
GDPR: Implementation Challenges ?
The GDPR presents a number of challenges:
Under Article 32 of the GDPR - Security of Processing – “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate”
GDPR Alignment With Your Cyber Security Strategy
Data Breaches
Risk Based Approach
Security Best Practice
Identity & Protect Crown Jewels
Threat Landscape
Data Protection & Cyber Security Interconnected
Technology As An Enabler
GDPR & Cyber Security Alignment
Governance
Secure
Vigilant
Resilient
Maintaining Compliance After May
Complying with the GDPR requires the management of privacy risks. Implementing industry leading tools can assist privacy governance, risk, and compliance management.
GDPR – Privacy Enabling Technologies
9
Sample of tool classification types:
Identity Access Management
Unstructured Data Management
Data Loss Prevention
Governance, Risk & Compliance Management
DPIA Automation & Management
Data Breach Management & Reporting
Reporting & Record Keeping
Anonymisation & Pseudonymisation
Vulnerability Management
eDiscovery
Monitoring – SIEM / SOC
Training & Awareness
1. Establish Governance
2. Define & Implement Controls & Processes
3. Define Requirements For Supporting Technologies
4. Discover Existing Tools That Satisfy
Requirements
5. Assess PET Vendors Based On Requirement
Gaps
Key elements to consider:
Before adopting and implementing privacy technology, companies should go through prerequisite steps
Business-Focused Identity GovernanceThe Power of Identity
11
12
$158 is the
average cost per
lost or stolen
record
2016 Cost of Data Breach Study: Global Analysis -Ponemon Institute© Research Report
Do you know WHERE your
(Sensitive) data is?
Do you know WHO has access?
Is the access APPROPRIATE?
Can you PROVE it?
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 13
71%of staff have
access to data they should not see
Ponemon Institute Report
89%believe they are now at risk from
insider threat
IT Governance Report
1 in 7employees will sell their credentials for
$150
SailPoint Survey
80%of company data is held in unstructured
content
Forbes Report
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 14Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 14
Employee
Contractor
Vendor
Partner
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 15
SECURITY PARADIGMS HAVE SHIFTED
FROM NETWORK-CENTRIC…
Copyright © SailPoint Technologies, Inc. 2016 All rights reserved.
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 16
TO USER-CENTRIC
Copyright © SailPoint Technologies, Inc. 2016 All rights reserved.
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 17
Sanctions & litigation risk
• Fines: 4% of annual revenue or
€20m
• Breaches notified to regulator
within 72 hours
• Citizen compensation lawsuits
• Audit, Clean up, reputation
What is it?
• Homogenous Data privacy law
• All organizations processing EU
citizen data
• Live date May 2018
• Unstructured data in scope
• 28 PII conventions
Data Access Governance
• Privacy Policies
• Data Discovery
• Need to know basis access
• Retention Policies
• Breach detection & Disclosure
Governance & Compliance
• Data Protection Officers
• Data owner accountability
• Least privilege principle
• Breach disclosure
• Fine grained audit trails
GDPR Highlights
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 18
SailPoint’s Relevance to GDPR
Technology (15 Articles)People
(18 Articles)
Process
(66 Articles)
SailPoint Relevant (12 Articles)
Identity Governance
for Files
(11 Articles)
Identity Governance
for Applications(6 Articles)
80%
Coverage
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 19
40% International
Business
850+Customers and
Growing
IAM Market Leader
Gartner IGA MQ 2017, Continued Leader
Forrester IMG Wave 2016, Continued Leader
Kuppinger Cole IDaaS Compass 2017, Leader
Founded
in 2005
by IAM
veterans 95% Customer
Satisfaction
World’s
LARGESTDedicated Identity
& Access
Management
Vendor
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 20
Customers by Vertical
Insurance Manufacturing Energy/UtilitiesBanking/Financial Services Health/Pharma Other
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 21
Guaranteeing the Appropriateness of Access
Sustainable Identity
Governance
Process
FULFILLMENTProvisioning
Management
Identity Lifecycle
Management Process
VALIDATIONBehaviour,
Policy, Roles and
Risk Analysis
REQUESTBusiness Interface
Management
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 22
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Get Visibility
Authoritative
Sources
Applications
And Services
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 23
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Validate Current State
AnalyticsReporting
Access CertificationGovernance Insights
Get Clean
Authoritative
Sources
Applications
And Services
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 24
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Validate Current State
AnalyticsReporting
Access CertificationGovernance Insights
Define Desired State
Policy EnforcementBusiness Role Modelling
Risk AnalysisOwner Identification
Stay Clean
Authoritative
Sources
Applications
And Services
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 25
Build Current StateIdentity Collection
CorrelationEntitlement Cataloguing
Discovery & Classification
Validate Current State
AnalyticsReporting
Access CertificationGovernance Insights
Define Desired State
Policy EnforcementBusiness Role Modelling
Risk AnalysisOwner Identification
Manage & Secure
Lifecycle ProcessesSelf-Service
Identity Context Distribution
Manage & Secure
Authoritative
Sources
Applications
And Services
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 26
Mainframes Databases
ApplicationsCRM/HR/
Financial
Applications & infrastructure
Identity Governance
Access
File storage systems
File servers Cloud storage
Collaboration
systems
NAS
SailPoint Vision: Comprehensive Governance
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 27
Identity Governance
File storage systems
File servers Cloud storage
Collaboration
systems
NAS
Mainframes Databases
ApplicationsCRM/HR/
Financial
Applications & infrastructure
Access
SailPoint Vision: Comprehensive Governance
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 28
SailPoint Identity+ Alliance Partnership
SailPoint Platform: The “Business” of Identity
Certification
& RemediationData
Classification
Role & Risk
Modeling
Analytics
& Reporting
Policy
EnforcementAutomated
Lifecycle EventsSelf-Service
Business Process
Management
Provisioning
Connectors
Aggregation & Provisioning Broker
Manual
Work
Items
Business
Functionality
Flexible
Change
Fulfillment
and
Data
Collection
Identity
Analytics
Change
Automation
Password
Management
Activity
Monitoring
Service Desk
Integration
Security/
GRC
Integration
Specialist
Integration
Mainframe
Provisioning
Integration
PUM
Integration
Unstructured
Data
Management
SailPoint Open Identity Platform
Mobile
Integration
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 29
Ground to Cloud Deployment Options
On Premise Public CloudManaged Service
SaaS
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 30
Azure AD Access Management + SailPoint
Access Certification
Access Request
Fine-grained & Life Cycle Provisioning
Compliance & Audit Reporting
Password Reset Extension
Policy-based Workflow & Approvals
Conditional Access and Multi-factor Authentication
Self-Service Password Reset
Single Sign-On
User and Group Management and Provisioning
B2B Collaboration
Risk-based Identity Protection
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 31
GovernanceWorkflow
Access
Provisioning
Provisioning
Modeling
Directory
• Groupm, Entitlementx
• Groupn, Entitlementy
• …
Azure Solution Architecture
End User
Change
Notification
Authentication
Cloud and On-Premises Applications
HR Application(Authoritative Source)
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 32Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 32
“By 2021, organizations with
complementary/integrated
IGA and DAG capabilities will
suffer 60% fewer data breaches.”
–Gartner (2017)
WHAT ARE ANALYSTS SAYING
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 33Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 33
Identity at the Center of Security
Security Incident &
Event Management
Data Loss
Prevention
Privileged User
Management
Data
Governance
IT Service
Management
Mobile Device
Management
Governance, Risk,
& Compliance
Applications &
Infrastructure
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 34
Beyond GDPR: Enterprise Identity Governance
Protect access to all applications and data – on-premises and in the cloud
Applications
& Systems
Data stored
in files
• Greater visibility into access risks
• Centralize all access to applications and data
• Reduced complexity by providing a consistent set of controls
Benefits
Access Request
Access Certification
Provisioning Workflow
Access Policies
User Risk-based Modeling
Password Management
Data Classification
Activity Monitoring
Permission Analysis
Thank You
The Privileged Pathway…
…to Critical Data
David Higgins, Director of Customer Development, EMEA
37
Agenda
• The Human Element
External:
• The Privileged Pathway
• Isolating the Attack
Internal:
• The forgotten Data Access Vector
38
PROTECT ACCESS to sensitive personal data
Detect and RESPOND RAPIDLY to breaches early in the attack lifecycle
ASSESS RISK and test the effectiveness of data protection processes
DEMONSTRATE COMPLIANCE and prove you have the necessary security controls in place
Data protection by design and by default
Security of processing
Notification of a personal data breach
Data protection impact assessment
Protection from non-compliance
Article 25
Article 32 (2)
Article 33
Article 35
Article 82
Key GDPR Requirements and Privileged Security
39
CyberArk: Proactive Protection, Detection & Response
PROTECT
ACCESS
Secure the privileged pathway
and privileged access to systems
containing personal data
RESPOND
RAPIDLY
Monitor, detect, alert, and respond to high-risk activity
and enable security teams to
stop attackers before they can access personal
data
DEMONSTRATE
COMPLIANCE
Have the operational
controls to prove compliance and protect yourself from litigation
ASSESS RISK
Improve your security posture by identifying all privileged user and application accounts and
conduct penetration
testing to ensure the right security
controls are in place
40
External
41
ENDPOINT INFRASTRUCTURE DATA LOCATION
Data Breach – Attackers: The Privileged Pathway
42
The Starting Position
Because many existing implementations of Active Directory Domain Services have been operating for years at risk of credential theft,
organisations should assume breach and consider the very
real possibility that they may have an undetected compromise of domain or enterprise administrator credentials
—MICROSOFT,“MITIGATING PASS-THE-HASH AND OTHERCREDENTIAL THEFT, VERSION 2,” 2014
…doesn’t matter how much you train and educate your users…
43
44
PAS Hygiene Program Goals
Step 1 Focus first on eliminating irreversible network takeover attacks (e.g., Kerberos Golden Ticket).
Step 2 Control & secure infrastructure backdoor accounts.
Step 3 Limit lateral movement.
Step 4 Protect 3rd party privileged accounts.
Step 5 Manage SSH keys on critical Unix servers.
Step 6 Defend cloud & DevOps backdoors.
Step 7 Secure shared IDs for business users (integrate and accelerate adoption of MFA).
45
Step 1: Irreversible Network Takeover Attacks
ENDPOINT
Kerberos Attack Detection
Manage Domain Admin and Enterprise Admin Credentials
Enforce Tiered Account Model
Enforce Application Control on Domain Controllers
Session Isolation
INFRASTRUCTURE DOMAIN CONTROLLERS
1
46
Step Two: Control & Secure Infrastructure and End Point
Well-known Infrastructure Accounts
ENDPOINT
Manage Local Administrator Accounts on Windows
Manage Root Accounts on UNIX/Linux Kerberos Attack Detection
Manage Domain Admin and Enterprise Admin Credentials
Enforce Tiered Account Model
Enforce Application Control on Domain Controllers
Session Isolation
INFRASTRUCTURE DOMAIN CONTROLLERS
Session Isolation
Manage Local Administrator Accounts
2
47
Step Three: Limit Lateral Movement
ENDPOINT
Manage Local Administrator Accounts on Windows
Manage Root Accounts on UNIX/Linux Kerberos Attack Detection
Manage Domain Admin and Enterprise Admin Credentials
Enforce Tiered Account Model
Enforce Application Control on Domain Controllers
Session Isolation
INFRASTRUCTURE DOMAIN CONTROLLERS
Session Isolation
Manage Local Administrator Accounts
3
Manage 3rd Party Application Accounts
Application Control
Least Privilege
Block Credential Theft
48
Secure the Eco-System
Cᵌ Alliance
Authentication
IT Service
Management
(ITSM)
Malware
Analytics
IAMSIEM
Monitoring &
Discover
Threat
Response
Authentication
HSMDirectory
Services
Validated
Secured
Solutions
Secure &
Manage COTS
App Cred.
49
Internal
50
FILE
SHARES
Data Access – Infra Admins: The Forgotten Vector
APPLICATION
DATABASE
OPERATING SYSTEM
Applic
atio
n E
nviro
nm
ent
Application User
DBA Access
Infrastructure Admin Access
STORAGE
Business
User
IT Admins
3RD
PARTY
51
Session Management for Critical Assets / Accounts
Privileged User
ITSM
IAM
HSM
MFA
SIEMNative Support for RDP and SSH Based
Clients
52
Identifying Key Risks – Lateral Movement
53
Identifying Key Risks – Domain Compromise
Get Your Head in the Cloud A Practical Model for Enterprise Cloud Security
Technology Considerations for the GDPR
Know your Personal data
Process Data Lawfully
Embed privacy
Protect Personal Data
PROTECT PERSONAL INFORMATION THROUGH ITS LIFECYCLE
Copyright © 2016 Symantec Corporation56
Copyright © 2016 Symantec Corporation57
What is the one word you need to be wary of when talking about the cloud
Copyright © 2016 Symantec Corporation58
CONTROL
Copyright © 2016 Symantec Corporation59
All the benefits you receive from moving to the cloud: agility, elasticity, and low cost are received by giving up…
Copyright © 2016 Symantec Corporation60
CONTROL
Copyright © 2016 Symantec Corporation61
All the challenges you face in the cloud: security, compliance, data residency, data privacy and management are rooted in your lack of…
Copyright © 2016 Symantec Corporation62
CONTROL
Copyright © 2016 Symantec Corporation63
The only reason you have not moved your critical workloads to the cloud is because you cannot afford to give up…
Copyright © 2016 Symantec Corporation64
CONTROL
Copyright © 2016 Symantec Corporation65
CONTROLHow do you give it away and keep it at the same time?
Copyright © 2016 Symantec Corporation66
This is your enterprise – your realm of complete
CONTROL
Copyright © 2016 Symantec Corporation67
Before the cloud, you held your infrastructure and applications safe within its walls
---------------
Copyright © 2016 Symantec Corporation68
Then the cloud happened…
---------------
Copyright © 2016 Symantec Corporation69
…your infrastructure started moving over
---------------
CONTROLand you lost some
Copyright © 2016 Symantec Corporation70
---------------
…your applications started moving over too---------------
Copyright © 2016 Symantec Corporation71
---------------
---------------
CONTROLand you lost more
Copyright © 2016 Symantec Corporation72
---------------
---------------
Additionally… cloud endpoint, mobile, BYOD, have all spiraled…
Copyright © 2016 Symantec Corporation73
---------------
---------------
CONTROLout of your
Enterprise Perimeter Regional Office
HomeOffice
CoffeeShop
Mobile IoTPersonal
IoTHome
Cars Aircraft
Copyright © 2016 Symantec Corporation75
CONTROLHow do we regain it?
Copyright © 2016 Symantec Corporation76
---------------
WE NEED A NEW CONTROL POINT
ProtectingInfrastructureCloud Workload
Protection
Copyright © 2016 Symantec Corporation78
Does it really matter, isn’t Amazon (or Microsoft) providing all the security I need ?
Let’s have a quick look under the covers
AWS “Shared Security Model”
Customer Data
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Client Side Data Encryption & Data Integrity Authentication
Server Side Encryption (File system and/or Data)
Network Traffic Protection (Encryption, Integrity, Identity)
Compute Storage Database Networking
Regions
Availability/ZonesEdge Locations
AWS Global Infrastructure
Wo
rklo
ads
Infr
astr
uct
ure
Customer
Who is Responsible?What needs to be Protected?Where?
Security Services includeIAM, MFA, CloudWatch, VPC
CloudTrails, AWS Config,Inspector, Other…
Key Customer Challenges for Security in Public IaaS Cloud
Copyright © 2015 Symantec Corporation80
Shared Responsibility Model For Security in Public Cloud
Physical Infrastruct
ure
AppsDataOS
AWS/Azure responsible for Security
Customer responsible for Security
1
Loss of Control: New network paradigm still requires security with new tools • How can I detect and eliminate rogue instances in Security Implementations?• My old tools do not work as there are no SPAN/TAP ports for Network • How do I ensure AV is deployed and applications are segmented to be compliant?
Loss of Visibility: Infrastructure deployment leaves a blind spot in security• What instances are running? What is deployed on them?• What Regions, VPC, Subnets are they part of?• What if there is a known vulnerability? Should they be In Scope for compliance
Cloud Native Delivery: Need efficient deployment • How can I deploy security technology at cloud speed? • How can I detect my infrastructure scale out and ensure that security is in lock step?
Risk & Compliance: Need Security monitoring to meet compliance• Gain insight into the potential known and unknown vulnerability exploits on the software
deployed in you AWS/Azure accounts• Prioritize & Remediate with ample network and asset context
1-2 server releases per
year
6 servers releases per
minute
15,000%increase
100 servers per admin
500 servers per admin
5X increase
Speed and Agility in Public Cloud
Bolted-onBuilt into the
process
Private Cloud Public Cloud
2
Pain Points articulated in customer validation
Cloud Workload Protection – The IaaS Control Point
81
Instances in auto-scaling group with policies applied
Complete instance mapping with real-time protection status
Automatic policy recommendations
Continuous Visibility Across Cloud Workloads
Cloud Workload Protection – The IaaS Control Point
82
Identify potential threats and apply security policies in the same view
RT-FIM
Application Isolation & OS HardeningUser & Process Behavioral Analysis
Cloud Workload Protection – The IaaS Control Point
83
Agent Not Installed
Policy Not Applied
Protected
Discover and view security postures of workloads wherever they are
Shut down rogue instances to reduce attack surfaced
Global Security Dashboard With Drill-Down Capability
ProtectingInformation
Cloud Data Protection & Shadow IT Discovery
Encryption & TokenizationCloud Compliance
Cloud Investigations
Cloud Incident Response & Investigation
Cloud DLP
Enforcing Cloud Policy & Remediation
Cloud Malware DetectionCloud IAM & User Analytics
Extending cyber controls and processes to the cloud
Proxy
CASB Gateway
Events
OutsidePerimeter
EnterprisePerimeter
Cloud API
Extending cyber controls and processes to the cloud
Cloud Data Protection & Shadow IT Discovery
TokenizationCloud Compliance
Cloud Investigations
Cloud Incident Response & Investigation
Cloud DLP
Enforcing Cloud Policy & Remediation
Cloud Malware DetectionCloud IAM & User AnalyticsCASB Gateway
Events
OutsidePerimeter
EnterprisePerimeter
Proxy
Cloud API
DLP Enforce
Endpoint
Web Gateway
Threat Intelligence
Data Protection Sources
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User Analytics Cloud Compliance Cloud Incident Response & Investigation
Enforcing Cloud Policy & Remediation
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User Analytics Cloud Compliance Cloud Incident Response & Investigation
DLP Enforce Management Server
On-premisesDLP Detection
Enforcing Cloud Policy & Remediation
On-premisesDLP Detection
DLP Enforce Management ServerNew Challenges
26% of Cloud Docs are Broadly Shared1
Proliferation of Cloud Apps
Shadow Data Problem
Compromised Accounts
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
Extending DLP into cloud applications
Apply Existing DLP Policies to Cloud
Leverage existing DLP Workflow
Gain Full CASB Functionality• Inline Blocking and Offline
Remediation• Shadow IT Analysis• User Behavior Analytics
Extend DLP to Cloud Apps
On-premisesDLP Detection
DLP Enforce Management Server
Shadow IT Discovery & Controls
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response &Investigation
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
Cloud Data Protection & Shadow IT Discovery
Cloud IAM & User AnalyticsEnforcing Cloud Policy & Remediation
Cloud Compliance Cloud Incident Response & Investigation
Enterprise Perimeter Regional Office
HomeOffice
CoffeeShop
Mobile IoTPersonal
IoTHome
Cars Drones
External and public content exposures, including compliance risks
Inbound risky content shared with employees (e.g., malware, IP)
Risky users and user activities
Where to start ? Understand what’s important to your business and where it isComplete a Shadow Data Risk Assessment
Copyright © 2016 Symantec Corporation97
There is only one word you need to know when talking about the cloud
Copyright © 2016 Symantec Corporation98
CONTROL
Copyright © 2016 Symantec Corporation99
Bring all that control together
Copyright © 2016 Symantec Corporation100
… to give comprehensive information security with
GDPR – Privacy Enhancing
Technologies
Panel Discussion – Q&A
30 minutes
This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street Square, London, EC4A 3BZ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NWE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2017 Deloitte LLP. All rights reserved.