solving cloud security challenges in higher ed

of 21/21
Total Data Protection Outside the Firewall solving cloud security challenges in higher ed webinar

Post on 13-Apr-2017

178 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

PowerPoint Presentation

Total Data ProtectionOutside the Firewall

solving cloud security challenges in higher edwebinar

Salim Hafid () - combine with prev slideRich Campagna () - data from the Cloud Odyssey report?Neal Mhaskar () - quote?Neal Mhaskar () - salim

security challenges solutionscase studyabout us

security vs collaboration

regulatory environshigher ed specific challenges shadow IT proliferationdemocratized IT

23% of institutions had cloud apps deployed in 2014.83% of institutions had cloud apps deployed by 2015.Only 20% of institutions use single sign-on

Needs:Secure unsanctioned apps like Dropbox and Box, widely used but unsecured.Secure other cloud apps.Provide DLP, not native to solutions like Dropbox.Control access from BYOD.

rapid shadow IT proliferation

a college campus is a melting pot of devices [and] applications ForbesCIOs are only aware of 15% of cloud apps in use57% dont participate in BYOD programs

source: cisco cloud blog

http://www.forbes.com/sites/sungardas/2014/11/05/5-higher-education-information-security-threats-you-should-know-before-your-child-leaves-for-college/#559fa53b7853

regulations governing PII in the cloud

multiple legislative mandates govern educational data in the cloudFISMA: protects federally-funded researchFERPA: protects student recordsHIPAA: governs med schools and medical researchmajor apps, including Dropbox and Box provide limited visibility and few means of controlling access

the conflict between security + collaboration:IT must be responsive to user needs

83% of institutions had cloud apps deployed by 2015

the power of the masses:a force to be reckoned withbyod usage predates smartphonesdiffering approaches required in higher ed IT vs corporate ITnecessity of a flexible security framework

top down vs bottom up

security challenges solutionscase studyabout us

potential solutionsservice blockagetraditional / bolt on security cloud access security broker (CASB)

traditional security approaches are inadequate

The old approach to the problem is to secure the infrastructure. Secure your network, put agents on every trusted device to manage the device etc. Fact is that the "trusted device" approach makes you more vulnerable to breaches since users take their devices home for the weekend, and come back infected on monday. Malware Mondays! and expensive to administer since you have to manage every device and network. And usability is poor too.

One of the big problems with this architecture -- unmanaged devices accessing the cloud directly. No visibility or control for IT teams. Complex to deploy/ Poor user experience/ Data-sync proliferation/ BYOD blindspot

total service blocking:an often futile attempt at control

CASB: a better approach to cloud security

identitydiscovery

data-centric security

these are the key components for higher ed vertical

casb discovery:gain visibility into your orgs cloud usageanalyze outbound data flows to learn what SaaS apps your organization is usingunderstand risk profiles of different appsessential in process of enabling secure cloud app usage

casb security:a data-centric approach the new data reality requires a new security architecturecross-device, cross-platform agentless data protectiongranular DLP for data at rest and in motioncontextual access controldetailed logging for compliance and audit

casb identity:centralized identity management is key in securing data

cloud app identity management should maintain the best practices of on-prem identitySSO enables cross-app visibility into suspicious access activity

security challenges solutionscase studyabout us

case studysituation: dropbox used campuswide by faculty and staff for internal/external file sharing

needs: cross platform data protectionsecure mobile access

key features: visibilitycontextual access controlDLP / data controls

7000 employees

security challenges solutionscase studyabout us

about bitglasstotal data protectionoutside the firewall

est. jan 2013CA, NY, MA, IL, NC19

in: CA, NY, MA, IL, N

resources:more info about cloud security

Definitive Guide to CASBs

Bitglass Report: Cloud Adoption by Industry