1. KEEPING THREATS AT BAY
“A secure storage solution
is one that reliably stores
data and allows authorized
users to quickly access that
data, while also preventing
those unauthorized from
doing so...Ultimately, the
solution must protect the
confidentiality, integrity, and
availability of all data.”1
- Leviathan Security Group
1 Leviathan Security Group, “Value of Cloud Security: Vulnerability”
2 OECD, Economic oUtlook No. 95, May 2014, eMarketer, Smartphone Users Worldwide will Total 1.75 Billion in 2014, January 16, 2014; “The Global State of Information Sercurity” Survey 2015
3 Data Center Knowledge, “Data Center Security: Controlling Threat in Your Facility,” March 3, 2015
COMPREHENSIVE CLOUD SECURITY
Is your data secure?
“To sum up, there are three things any CSO or CIO should keep top of
mind: the perimeter is gone, visibility is key, and current security practices
are obsolete.”3
Security incidents outpace GDP and mobile phone growth2
Year-over-year growth, 2013-2014
Global security incidents
(GSISS 2015)
Global smartphone users
(eMarketer)
Global GDP
(OECD)
48%
22%
21%
2. 4 PWC, Regulatory and Compliance Reporting, http://www.pwc.com/gx/en/audit-services/regulatory-compliance/index.html
5 Bureau Van Dijk, “Spread of regulatory action outside US 'the top compliance issue of 2014”
http://www.bvdinfo.com/industrynews/compliance-and-due-diligence/spread-of-regulatory-action-outside-us-the-top-compliance-issue-of-2014-/801768161#sthash.XyASNoN0.dpuf
6 Bloomberg, “A Regulatory Compliance Program Should be Top Concern, Advisors Say
COMPLIANCE – LIMITING RISKS
“Compliance is about
more than prevention.
It’s also about navigating
opportunities.”4
Are you confident you’re compliant?
Are you certain of all of your
compliance obligations?
“[The compliance plan] is not a document that you create and
put on the shelf and never deal with again. It needs to be a
living, breathing document that is tested and updated.”6
- Brian C. Ong, Sr. Managing Director,
FTI Consulting, New York
28%35%
COMPREHENSIVE CLOUD SECURITY
spread of regulatory action
outside of the US.5
anti-money
laundering rules.5
Top compliance issues of 2014:
3. 7 Dept. of Homeland Security, “Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information
8 PRNewsire, “Raytheon-commissioned Ponemon Institute Survey: 88 percent believe privileged user abuse will increase”
POTENTIAL THREATS WITHIN
“There has been an
increase in computer
network exploitation and
disruption by disgruntled
and/or former employees.
The FBI and DHS assess
that disgruntled and former
employees pose a
significant cyber threat to
US businesses due to their
authorized access to
sensitive information and
the networks businesses
rely on.”7
stated their security tools don't provide
enough contextual information to determine
intent behind reported incidents.8
COMPREHENSIVE CLOUD SECURITY
recognize insider threats as a cause for
alarm but have difficulty identifying specific
threatening actions by insiders.8
How easy is it for users to abuse access privileges?
say it is likely social engineers from outside
the organization will target privileged users
to obtain their access rights.845%
69%
88%
4. PROCESSES AND PRACTICES
“Having a regularly
scheduled internal or
external vulnerability
assessment and penetration
test performed is a good
way to inform executive
leadership of the threats
facing the company,
determine the Company’s
adherence to industry
standards and best
practices, and to test ITs
ability to respond to
intrusion attempts and
other incidents.”9
9 Protivity, “Cybersecurity Concerns Rise as a Risk Factor for Board Members and Senior Executives in 2015”
http://www.prnewswire.com/news-releases/cybersecurity-concerns-rise-as-a-risk-factor-for-board-members-and-senior-executives-in-2015-300032571.html
10 SSAE – 16, “Vulnerability Assessment and Penetration Testing”
11 ITproportal, “New cloud survey reveals shadow IT dangers, and cloud policy adoption levels.
12 TechTarget, “Report finds poor security communication among executives”
COMPREHENSIVE CLOUD SECURITY
Do you track and report shadow I.T. and
other vulnerabilities?
Compliance regulations that require regular vulnerability assessments include
SOX; SSAE 16/SOC 1; PCI DSS; HIPAA, GLBA; FISCAM10
What IT professionals say:
Almost 1/3indicated that their organizations’ IT security teams
never discuss security with executives, and another
23% only communicate with executives on an annual
basis.12
72%
didn’t know the
number of shadow IT
apps running in their
company.11