Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Effects of Cloud Services on Compliance and Data Protection

Published byTania Snyder Modified over 9 years ago

Similar presentations

Presentation on theme: "The Effects of Cloud Services on Compliance and Data Protection"— Presentation transcript:

1 The Effects of Cloud Services on Compliance and Data Protection
Bring your own service The Effects of Cloud Services on Compliance and Data Protection Varonis Systems. Proprietary and confidential.

2 About varonis Founded in 2004, started operations in 2005
Over 1800 Customers Over 4500 installations Offices on 6 continents Based on patented technology and a highly accurate analytics engine, Varonis solutions give organizations total visibility and control over their unstructured data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged. Varonis Systems. Proprietary and confidential.

3 BRING YOUR OWN DEVICE You’ve all been bombarded with BYOD, right? Everyone has their own smartphone, tablet, or laptop (or all three), and they want to use them for work.

4 More devices has meant a spike in services that easily keep data sync’d between them.
These services are often: Cloud-based Free or cheap Completely outside of organizational control or oversight BRING YOUR OWN SERVICE

5 Example: Cloud File Sharing Explosion
Public cloud file sharing has exploded As of November 2012, Dropbox claimed to have 100,000,000 customers One of the services that many of you are likely grappling with already is Dropbox. It’s no secret that the way we share files has changed. File sync services like Dropbox have seen enormous growth. Dropbox reports having over 100 million customers now. Varonis Systems. Proprietary and confidential.

6 Why do people love Dropbox?
It’s easy! You have a folder You put stuff in it It syncs With all your devices With the people you want to share with Services like this make BYOD work …but does BYOS work for business? There are a lot of factors contributing to this growth: the proliferation of smart phones and tables being a major driver. But perhaps more importantly: it’s easy. You have a folder You put stuff it in It syncs – With all your devices With the people you want to share with Without services like Dropbox, BYOD wouldn’t work. You’d have to manually sync all of your data all of the time. It’d be so painful, you wouldn’t want to manage more than one device. Remember what is was like to have to manually sync songs to your iPod? Varonis Systems. Proprietary and confidential.

7 Varonis Systems. Proprietary and confidential.

8 Hey boss, can I use Dropbox?
Varonis Systems. Proprietary and confidential.

9 No. =( No. Bummer. Varonis Systems. Proprietary and confidential.

10 Varonis BYOS Survey Results
of companies currently do not allow cloud-based file synchronization of companies are satisfied with the controls that cloud-based file sync services have in place In all seriousness, to gauge the adoption of BYOS, Varonis conducted research with the analyst firm IDG last year and found that: 80% of organizations don’t allow their employees to use cloud file sync services like Dropbox On the other end of the spectrum, 14% were comfortable with BYOS And 6% weren’t satisfied by the control and security around BYOS, but are going ahead anyway So, what are the main reasons 80% of organizations don’t allow BYOS? of companies are not satisfied but are going ahead anyway Varonis Systems. Proprietary and confidential.

11 Access rights and Authorization
Why not? worried about maintaining correct access rights and authorization Over half of companies are worried that they won’t be able to ensure that only the right users have access to data that’s stored in a cloud service. If you think about it, many of these BYOS services were built with consumers in mind, and governance has been an afterthought – especially governance that is designed to stand up to corporate requirements. Varonis Systems. Proprietary and confidential.

12 Authentication Why not? worried about authentication
39% of companies are concerned about authentication. For many companies, if authentication doesn’t go through their directory services, it becomes an added burden to control, if they can control it at all. Most BYOS use password authentication that’s linked to your personal account, so in many cases the company doesn’t even know an account has been created. Varonis Systems. Proprietary and confidential.

13 Auditing & Data Loss Why not?
worried about data loss or auditing access activity 26% were opposed to BYOS for fear of data loss and lack of visibility into who is touching data. Organizations know that questions come up all the time about who has accessed data, or who has deleted data. And without an audit trail, these questions can’t be answered. Varonis Systems. Proprietary and confidential.

14 FEARED Consequences Downtime Loss of productivity
When considering BYOS, companies seem to be most afraid of falling victim to a number of things. Surprisingly, most people were afraid of downtime, which is not the first thing you might think of for BYOS. But there have been a number of high-profile instances with Amazon Web Services and other providers whose infrastructure powers a number of big businesses. Loss of productivity. Compliance violations. Data theft and loss. Downtime Loss of productivity Compliance violations Data theft Varonis Systems. Proprietary and confidential.

15 So, will you ever allow Dropbox?
IT plans to allow cloud-based file sync Lastly, we asked people if they’d ever adopt cloud services such as Dropbox. A resounding 69% said: no. No Yes Varonis Systems. Proprietary and confidential.

16 Too bad! We’re using them anyway
1 in 5 employees already use Dropbox for work! Despite your plans to not use Dropbox, chances are users are doing it anyway. A survey by Nasuni reports that 1 in 5 employees (20%) are already using Dropbox for business data. Source: Nasuni Varonis Systems. Proprietary and confidential.

17 Doing nothing means we’ll lose control
It’s clear that if we don’t take any action, users will take matters into their own hands. Varonis Systems. Proprietary and confidential.

18 What if… …you could manage them in the same way you can manage internal resources? Yes No Varonis Systems. Proprietary and confidential.

19 Let’s Have our cake and eat it, too
Give users what they want: Simplicity Accessibility Mobile support Give organizations what they need: Control Compliance Security So what should we do about it? We have to give users what they want while maintaining control. We know that users want simplicity, accessibility, and mobile support. We know that organizations need control, compliance, and security. Varonis Systems. Proprietary and confidential.

20 How do we do this? Varonis Systems. Proprietary and confidential.

21 What are the options? Cloud Internal In order to achieve our goal, we either going to have to find a cloud service that provides the control we need. Or we’re going to have to bring the cloud functionality and simplicity inside where the controls already exist. Varonis Systems. Proprietary and confidential.

22 To the cloud! Cloud The first option we’re going to look is moving data to the cloud. Assuming you’ve found a cloud service that meets your needs, how do you plan to get there? Varonis Systems. Proprietary and confidential.

23 Do you have an existing infrastructure?
Easy! Moving everything? No so hard. Oh boy. No Yes If you don’t have an existing infrastructure, you don’t have to worry about this. But if you do, you have to ask questions like: Will we be moving everything and shutting down your existing infrastructure? If not, it’s important to ask some important questions: Can you determine which data you want to move? Are you going to have multiple user directories? Are you going to have multiple processes for granting and revoking access to data? If you need to figure out who’s been touching data, do you have one audit trail or many? If you’ve got copies of the same data inside and outside, how do you determine what the definitive copy is? How do people on the inside collaborate with people using cloud services? No Yes Varonis Systems. Proprietary and confidential.

24 Controls in the Cloud Data stored in the cloud is still subject to the same risks as internal data According to the Information Commissioner’s Office (ICO), you’re still responsible for your data even if it’s stored in the cloud Even if you aren’t going to end up with two environments to manage – inside and outside – there are still challenges. Data stored in the cloud is still subject to the same risks. According to the ICO, you’re still responsible for your data, even if it’s stored in the cloud. So if Dropbox has a breach and loses your customers’ data, you’re still on the hook. Even though you’re outsourcing the storage, you’re not outsourcing the risk. Varonis Systems. Proprietary and confidential.

25 Don’t forget to pack… Backup & recovery processes (BCP/DR)
Authorization processes (entitlement reviews, authorization workflows) Retention & Disposition Content inspection Access auditing Change management Lastly, when it comes down to physically moving your data to the cloud, some additional things to consider are: How you plan to backup that data? How would you fall-over in the event of a disaster? How are you going to manage who gets access to what? It’s not in cloud vendors’ interest to delete data – so how are you going to manage archiving? How are you going to find sensitive content, like PII? Or ensure it stays out of the cloud altogether. How are you going to answer questions about who’s been accessing or deleting data across multiple repositories? How do you do change management in the cloud? Varonis Systems. Proprietary and confidential.

26 Extend your existing infrastructure
Internal Varonis Systems. Proprietary and confidential.

27 Do you have an existing infrastructure?
This is a whole different presentation Add cloud-like functionality No Yes TODO: flow chart No?  Well, we’ll probably need a whole different presentation for that. Yes  Add cloud-like functionality. What is that cloud-like functionality? File synchronization. Mobile device support. Third-party sharing. Easily integrates with existing controls. Leverages your data, permissions, and directory services. Varonis Systems. Proprietary and confidential.

28 What do we need? We need to provide client for mobile devices and laptops We need to provide file sync We need to authenticate with Active Directory We need to enforce existing permissions We need to coexist with all the internal controls we mentioned before (backup, classification, etc.) Would be ideal to be able to have everything contained in our own infrastructure Here are some of the things we’d want if we were going to bring cloud-like functionality to our existing infrastructure. Does anything like this exist? At least one: Varonis DatAnywhere. Varonis Systems. Proprietary and confidential.

29 Varonis DatAnywhere Provide cloud usability using only existing infrastructure: There’s a folder You put stuff in it It syncs… With your existing storage (NAS, file servers) Using Active Directory credentials Using your existing file system permissions Varonis Systems. Proprietary and confidential.

30 Step 1: Login AD Domain credentials Login with your domain credentials (Active Directory) and/or multi-factor authentication Varonis Systems. Proprietary and confidential.

31 Step 2: Collaborate Your sync’d folders appear in explorer
Changes sync to your CIFS servers Varonis Systems. Proprietary and confidential.

32 See Sync Speeds and Notifications
Varonis Systems. Proprietary and confidential.

33 Mobile Apps Varonis Systems. Proprietary and confidential.

34 Right click for instant Extra-net
Varonis Systems. Proprietary and confidential.

35 Secure Collaboration with 3rd Parties
Set permissions and expiration dates. Share with partners, customers, vendors, and clients. Varonis Systems. Proprietary and confidential.

36 DatAnywhere Architecture
Windows Mac Smart Phone Tablet DN Edge server Sync Manager Sync Worker Windows File Systems CIFS HTTPS DN Edge server Sync Manager NAS Sync Worker Client authorization DatAnywhere Client MS Active Directory Varonis Systems. Proprietary and confidential.

37 One more thing… Some of you might be thinking “my internal infrastructure could benefit from better controls, too.” Varonis Systems. Proprietary and confidential.

38 Integrates with Data Governance Suite
Use DatAdvantage to manage permissions Use DataPrivilege to automate authorization DatAnywhere activity is recorded by DatAdvantage Varonis has been helping organizations with data governance for years. Varonis Systems. Proprietary and confidential.

39 Summary Cloud-style sharing and BYOD may be inevitable
Organizations must choose a direction before the employees choose one for them Organizations have a choice between moving data to the cloud, or extending their existing infrastructure to provide cloud-style capabilities in-house Whichever direction your organization chooses, governance will be instrumental for secure collaboration Varonis Systems. Proprietary and confidential.

40 Varonis Solutions GOVERNANCE ACCESS RETENTION
Ensure that only the right people has access to the right data at all times, access is monitored and abuse is flagged. ACCESS Use your existing file shares, on your own servers, to provide file synchronization, mobile access, and secure 3rd party sharing. RETENTION Intelligently automate data disposition, archiving and migration process using the intelligence of the Varonis Metadata Framework

41 Thank you Varonis Systems. Proprietary and confidential.

Download ppt "The Effects of Cloud Services on Compliance and Data Protection"

Similar presentations

Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
Dangers of Cloud Computing How to keep your documents safe.

Dangers of Cloud Computing How to keep your documents safe.
Bring Your Own Service The Effects of Cloud Services on Compliance and Data Protection © 2012 Varonis Systems. Proprietary and confidential.

Bring Your Own Service The Effects of Cloud Services on Compliance and Data Protection © 2012 Varonis Systems. Proprietary and confidential.
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel

Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
Anytime/Anywhere Access Cloud Computing Cloud Applications Cloud Desktop Cloud Storage John Waugh Client Relationship Manager ITS.

Anytime/Anywhere Access Cloud Computing Cloud Applications Cloud Desktop Cloud Storage John Waugh Client Relationship Manager ITS.
ReadyNAS Duo/NV+ v2 Jump Ahead with Software Update 5.3.6 Aug 2012.

ReadyNAS Duo/NV+ v2 Jump Ahead with Software Update Aug 2012.
1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.

1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Introducing TakeCharge SyncedTool The most secure, agile hosted file-sharing platform for business.

Introducing TakeCharge SyncedTool The most secure, agile hosted file-sharing platform for business.
ShareFile Enterprise. © 2012 Citrix | Confidential – Do Not Distribute Consumerization of IT My Workspace My Device(s) My Apps ?My Data.

ShareFile Enterprise. © 2012 Citrix | Confidential – Do Not Distribute Consumerization of IT My Workspace My Device(s) My Apps ?My Data.
Secure Private Cloud Storage for Business. The Market Trend File Sharing Any Device Any Where Public clouds are good enough to personal users but security.

Secure Private Cloud Storage for Business. The Market Trend File Sharing Any Device Any Where Public clouds are good enough to personal users but security.
ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.

ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.
General Presentation August 2013 1. Based out of the Netherlands 8 years of development Launched in May Sales offices in Los Angeles, Amsterdam, Hong.

General Presentation August Based out of the Netherlands 8 years of development Launched in May Sales offices in Los Angeles, Amsterdam, Hong.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.

SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Similar presentations

Ads by Google