This document discusses challenges and best practices for cloud storage and security. It begins by introducing the panelists and outlining the topics to be discussed, which include realities and pain points of cloud storage, how and where cloud security could be compromised, navigating legal and regulatory compliance, and recommendations for deploying the right cloud storage strategy. Key points made include that sensitive data is often stored in the cloud without visibility, cloud breaches and unauthorized access are concerns, and regulations like GDPR and ISO 27001 provide security standards to consider. The document emphasizes knowing cloud vendors, evaluating costs and benefits, and establishing secure data management practices throughout the data lifecycle.
2. MEET THE PANEL
Director,
Information
Systems and
Security,
Jurinnov LLC
Eric Vanderburg
Partner, DLA
Piper
Giulio Coraggio
Presenters
Director of
Cloud & Data
Center Erasure
Solutions,
Blancco
Technology
Group
Fredrik Forslund
Moderator
3. WHAT WE’LL EXPLORE
The Realities & Pain Points of
Storing Data in the Cloud
How, Where & When Cloud Security
Could Be Compromised
Navigating Through Legal & Regulatory
Compliance
What to Consider in Deploying the Right
Cloud Storage Strategy
Recommendations to Store, Manage &
Protect Data in the Cloud
6. 15.8% OF FILES IN THE CLOUD CONTAIN SENSITIVE DATA
6
Source: SkyHigh Q4 2015 Cloud Report
SENSITIVE
DATA
7.6%
2.3%
1.6%
Protected Health
Information
Payment Data
Documents in File
Sharing Services
Personally
Identifiable
Information
4.3%
7. MANAGING DATA IN THE CLOUD IS
COMPLICATED & TOUGH
7
Organizations that experienced
breaches in the cloud cited malware
as the top private cloud attack
vector
Cloud Breaches
33%
Cite unauthorized access to data
from other tenants as the most
pressing concern with public cloud
deployments
Unauthorized Access
40%
Store or process
sensitive data in the
cloud
Sensitive Data
40%
Do not currently have visibility
into their public cloud
providers’ operations
Lack of Visibility
33%
*Source: SANS Institute, ‘Orchestrating Security in the Cloud’ Paper, 2015
8. Webinar Audience Poll
Question: What type of cloud strategy does your business implement?
Responses:
• Private
• Public
• Hybrid
• I don’t know
9. Hybrid Cloud
More scalable than private
Requires some higher upfront
costs
More control over data flows
Private Cloud
High degree of control
Higher upfront costs
More difficult to scale
Public Cloud
Highly scalable
Pay for what you use
Easy to deploy and manage
MANY CLOUD STRATEGIES TO CHOOSE
10. HOW, WHERE & WHEN
CLOUD SECURITY COULD BE
COMPROMISED
11. Webinar Audience Poll
Question: Has your company suffered a cloud data breach in the last 12 months?
Responses:
• Yes
• No
• I don’t know
15. 15
ENTERPRISE BUSINESSES MUST GET ON BOARD
National Data Protection
Law
EU Data Protection
Regulation 2015
Right to be Forgotten
ISO Standard 27001,
27040 etc.
Sarbanes-Oxley
HIPAA (Health
Insurance Portabiltiy
and Accountability)
Credit Card Industry
PCI-DSS
16. 01
02
03
04
ISO/IEC 27001: SETTING THE BAR HIGH
FOR SECURITY STANDARDS
16
TOP
MANAGEMENT
Must implement
information security
policy themselves
RISK MANAGEMENT
Relevant security
risks should be
addressed and
mitigated
INTERNAL
AUDITS
Must verify all
security risks have
been addressed and
operational
processes are set
DATA
REMOVAL
Sensitive data and
licensed software
must be securely
removed prior to
disposal or reuse
17. ISO 27018: PROTECTION OF PRIVACY &
PERSONAL DATA IN THE CLOUD
17
Home PC
Push Sync
Back Up All Files
Work Laptop
Push Sync
Work Files
Notebook
Smart Sync
Select Files
Tablet
Sync Local
Stream the Rest
Smartphon
e
Sync a Few
Stream the
Rest
!
My
Documents
My Photos My Music My Work
Files
Special
Project
18. Webinar Audience Poll
Question: How Prepared Is Your Organization for GDPR?
Responses:
• Fully Prepared
• Somewhat Prepared
• Early Preparation Stages
• Unprepared
• Don’t Know
19. Source: ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016
Somewhat Prepared;
Still Need to Find Right
Data Removal
Software
Fully Prepared
(Established Processes,
Policies & Technology)
Unprepared;
Don’t Know How
or Where to
Start
Don’t Know
On Right Track (Currently
Researching & Developing
Processes/Policies
20. WHAT CHANGES WITH THE GENERAL DATA
PROTECTION REGULATION?
20
New Sanctions for
Violations & Breaches
New Liabilities for Cloud
Providers
New Obligations/
Protections
21. Environmental Protection
Physical Protection
Network Protection
Hardware Protection
Breach Notification
Secure Communications
Computing Security
DATA PROTECTION REGULATION CONSIDERATIONS
Right to be Forgotten
23. CAPACITY PLANNING
• Pre-allocate = Low ROI with
unused space
• Grow as you need = Inconsistent
IT spending and potentials for
compromise
BACKUP AND RECOVERY
• Archiving costs (equipment and time)
• Offsite storage or offsite location
• Testing and validation
PRIVATE CLOUD STORAGE HURDLES
DIRECT CAPITAL
EXPENDITURE
MAINTAINENCE AND
SUPPORT
27. 27
Know Your Vendors
Evaluate Cost Benefits
Implement Industry Standards
Prepare for Future (Scalability, Technology,
Security)
Establish a Way to Measure ROI
THINGS TO REMEMBER WHEN STORING, MANAGING &
PROTECTING DATA IN THE CLOUD
28. DATA LIFECYCLE IN THE CLOUD
3. Data Use/Storage
5. Data End-Of-Life
1. Data Creation
& Classification
6. Decommissioning of
Device/Server
4. Data at Rest
2. Data Migration
30. CONTENT YOU MAY FIND USEFUL:
“Cloud & Data Center Erasure: Why Delete Doesn’t Suffice”: http://www2.blancco.com/en/white-paper/cloud-and-data-center-
erasure-why-delete-doesnt-suffice
“The Information End Game: What You Need to Know to Protect Corporate Data Throughout its Lifecycle”:
http://www2.blancco.com/en/white-paper/the-information-end-game-what-you-need-to-know-to-protect-corporate-data
“Data Storage Dilemmas & Solutions”: http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions
“EU GDPR: A Corporate Dilemma”: http://www2.blancco.com/EU-GDPR-Corporate-Dilemma-Research-Study
31. Blancco Technology Group is a leading, global provider of
mobile device diagnostics and secure data erasure solutions.
We help our clients’ customers test, diagnose, repair and
repurpose IT devices with the most proven and certified
software. Our clientele consists of equipment manufacturers,
mobile network operators, retailers, financial institutions,
healthcare providers and government organizations
worldwide. The company is headquartered in Alpharetta, GA,
United States, with a distributed workforce and customer
base across the globe.
DLA Piper is a global law firm with lawyers in the Americas, Asia Pacific, Europe, Africa and the Middle East, positioning us
to help companies with their legal needs around the world. We strive to be the leading global business law firm by delivering
quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients
succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake.
Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-
leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries.
We also advise governments and public sector bodies.
JURINNOV works with IT and legal departments in a
wide variety of industries and sectors. We become a link,
an extension of both departments. We help them adopt
the most current standards and tools. We help
companies better manage and track electronic
information, uncover evidence, plan for data recovery,
and relax a little bit like in the good old days when
everything was filed neatly in its place.
ABOUT US
Notas del editor
Brief housekeeping items (how to submit Q&A questions and that we will have a number of audience poll Q’s
See ‘Intro’ in webinar flow notes
FREDRIK SLIDE.
FREDRIK SLIDE
ERIC V. TO USE THIS AS HE ANSWERS QUESTION
OPEN WITH A POLL QUESTION TO LEAD INTO NEXT SLIDES/TALKING POINTS.
FREDRIK ASKS ERIC QUESTION -- When a company looks to store data in the cloud, what should they know about the different types of cloud strategies – the pros and cons of each?
OPEN WITH A POLL QUESTION TO LEAD INTO NEXT SLIDES/TALKING POINTS.
FREDRIK TO ASK GIULIO IF THIS MATCHES WHAT HE HEARS FROM DLA PIPER CUSTOMERS AND WHY IT’S SOMETHING NOT ENOUGH BUSINESSES THINK ABOUT.
ISO 27018 is already released and ensures protection of privacy and personal data.
ISO 27017 is coming. It ensures security controls for cloud providers.
GIULIO TO SPEAK HERE.
ISO 27018 is already released and ensures protection of privacy and personal data.
ISO 27017 is coming. It ensures security controls for cloud providers.
GIULIO TO SPEAK HERE.
ERIC V. TO DISCUSS HERE.
END WITH FREDRIK – TALK ABOUT WHY CLOUD STORAGE/SECURITY CHALLENGES CAN’T BE ADDRESSED WITHOUT FIRST UNDERSTANDING DATA’S LIFECYCLE IN THE CLOUD.