Cloud-based file sharing and collaboration solutions are ripe for the picking, but what’s right for one organization might not be right for another. Accellion presented the pros and cons of various cloud computing choices at the InfoSec World 2013 Conference & Expo last month. To learn more about the top cloud considerations for file sharing and collaboration and to find out where you stand on the privacy and public cloud debate, check out this presentation entitled ”Do You Know Where Your Data Is?

1. MIS Training Institute Session # - Slide 1
© COMPANY NAME
Do You Know Where Your Data Is?
InfoSec World 2013 Conference & Expo
John Pincus, Senior VP Products.

2. 2
Key points
• Public cloud file sharing has risks as well as
advantages
• Private cloud and hybrid solutions can be
good alternatives
• Whether public or private, some key
considerations for evaluation

3. 3
The Problem:
Sharing Enterprise Content Securely in the iPad Era

4. 4
What Does BYOD Look Like?

5. 5
What Does BYOD Feel Like?

6. 6
The BYOD Challenge
How to make
enterprise content
accessible on
mobile devices while
maintaining control
and security?

7. 7
Definitions
• Cloud computing
• Public cloud
• Private cloud
• Hybrid

8. 8
What IT needs …
LDAP/AD Integration
SSO (SAML, Kerberos, …)
Access control
Encryption in transit, at rest
Logging & Reporting
AV and DLP Integration
Access to Enterprise Content
Archival Integration

9. 9
File sharing in context
Enterprise
Content
DLP
Anti-virus
Archiving
MDM
File Sharing

10. 10
… and what users want
Mobile Access
Collaboration
File Commenting
File Version Tracking
Synced Files/Folders
File Transfer
Notification

11. 11
Why users love the public cloud
“It just works”
“Can get at it from
anywhere”
“Can use whatever device I
want”
“Can share with anybody”
“Don’t have to work with IT!”

12. 12
Dropbox has become “problem child” of cloud security
iCloud Hacking Could Tarnish Apple’s Image
Patriot Act can “obtain” data in
Europe, Researchers Say
Gmail, Google Drive, Chrome experience
outages
Feds Tell Megaupload Users to Forget
About Their Data
Safe Harbor not Safe Enough for EU Cloud Data

13. 13
Why do you believe that public cloud computing services
will have little or no impact on your organization’s IT
strategy over the next five years?
Souce: Evaluating Cloud File Sharing and Collaboration Solutions, ESG,
2012

14. 14
Security concerns
• Public cloud sites are big targets
• You’re at the mercy of their operation
security
• Who has access to the data?
• Some sites don’t encrypt data or restrict
additional sharing
• But …
• Public cloud security is generally
improving
• Some sites do pay a lot of attention to
security
• Have to weigh risks …

15. 15
Legal and privacy concerns
• Third-party doctrine
• Data location
– Country-of-origin rules
– Article 29 Working Party
– PATRIOT Act concerns
• Will you get notified (and have a chance to fight) about any
court orders?
• What rights does the service provider claim with respect to
your data?

16. 16
Terms of Service: Google Drive
http://www.google.com/intl/en/policies/terms/
"When you upload or otherwise submit content to our Services,
you give Google Drive (and those we work with) a worldwide
license to use, host, store, reproduce, modify, create derivative
works (such as those resulting from translations, adaptations or
other changes we make so that your content works better with
our Services), communicate, publish, publicly perform, publicly
display and distribute such content. The rights you grant in this
license are for the limited purpose of operating, promoting, and
improving our Services, and to develop new ones. This license
continues even if you stop using our Services…”

17. 17
Terms of Service: Google Drive
http://www.google.com/intl/en/policies/terms/
"When you upload or otherwise submit content to our
Services, you give Google Drive (and those we work with) a
worldwide license to use, host, store, reproduce, modify, create
derivative works (such as those resulting from
translations, adaptations or other changes we make so that your
content works better with our
Services), communicate, publish, publicly perform, publicly
display and distribute such content. The rights you grant in this
license are for the limited purpose of operating, promoting, and
improving our Services, and to develop new ones. This license
continues even if you stop using our Services…”

18. 18
All about control
• Our must-have feature checklist:
• Proven functionality that “works”
• Tight security controls:
• File tracking and reporting
• Access permissions
• Encryption at rest and transit
• LDAP/Active Directory integration
• Around-the-clock reliability
• BYOD support
• Multiple OSs and devices
• File synchronization
• Remote wiping
• Support for all file sizes and formats
• We wanted control within our own datacenter

19. 19
Private cloud as an alternative
• Hosted in your own data center
• Under your control

20. 20
Why users love the private cloud
“It just works”
“Can get at it from anywhere”
(subject to corporate policies)
“Can use whatever device I want”
(subject to corporate policies)
“Can share with anybody”
(subject to corporate policies)
“Don’t have to work with IT!”
(once the system’s up and running)

21. 21
Private Cloud or Public Cloud?
• Mininimize investment? Achieve
excellence?
Investment in IT and
operational security?
• CFO preference?CapEx vs OpEx?
• Patriot Act, Safe Harbor Privacy
Data Physical
Location?
• No solution is 100% secureCorporate DNA and
tolerance for risk?

22. Enterprise Considerations for File
Sharing and Collaboration
• Security controls
• Compliance and reporting
• Scalability and availability
• Leverage existing content stores
• Enterprise integrations
22
Whether public or private cloud …

23. Accellion Confidential 23
Compliance and Reporting
Reporting
Granularity of auditing and
reporting
Export to 3rd party reporting
Log formatting for export
SNMP (Monitoring)
Compliance
PCI /SOX / HIPAA
FIPS Compliance
Archiving and E-Discovery
Integration with SIEM, IT GRC

24. Accellion Confidential 24
Security Controls
Enterprise Security
•Anti-Virus
•Data Loss Prevention
•Restricted Admin Access to Content
•Hardened Server Appliance
•Data Residency
Authentication / Authorization
•SSO with SAML / OAuth / Kerberos
•Multi-LDAP and AD integration
•Two-Factor Authentication
•Password Policies
•RBAC
•Granular Authorization
Encryption
•Encryption – Data at Rest and in Motion
•Encryption Strength
•Ownership of Encryption Keys
•FIPS 140-2 Certification
Mobile Security
•Secure Mobile Container
•Whitelisted Helper Applications
•Server Side Viewing
•Remote Wipe
•Offline PIN

25. Accellion Confidential 25
And don’t forget about the users!
“It just works”
“Can get at it from anywhere”
(subject to corporate policies)
“Can use whatever device I want”
(subject to corporate policies)
“Can share with anybody”
(subject to corporate policies)

26. 26
Conclusion
• No one right answer
• Public cloud has risks along with benefits
• Private cloud is a viable alternative
• Hybrid approaches (mix of public and private
cloud) may be the best answer
• Security evaluation criteria apply no matter
whether it’s public or private

27. Accellion provides enterprise-class mobile file sharing
solutions that enable secure anytime, anywhere access to
information while ensuring enterprise security and
compliance.
The world’s leading corporations and government agencies
select Accellion to protect intellectual property, ensure
compliance, improve business productivity and reduce IT
cost.
Learn more about Accellion here: www.accellion.com
Connect with Accellion here:
About Accellion