Protecting your Data in Google Apps
•Als PPTX, PDF herunterladen•
2 gefällt mir•752 views
Google Apps, Especially Google Drive, have enabled millions of users to easily share documents and collaborate more effectively. However, a lack of visibility and control by IT departments over these users and their activity in Google Apps has actually dramatically increased the risk of malicious or accidental leakage of business-critical data. In this webcast, cloud security experts Nitin Kumar of Cisco, and Sergio Castro of Elastica will discuss best practices for protecting your data in Google Apps. You will learn: • What base level security Google Drive provides (and what it doesn’t) • Examples of companies that are facing these issues and how they are solving them • Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.) • Best practices in using data science to uncover risky or anomalous behavior • How to automate protection against Google Drive data breaches
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (6)
Ähnlich wie Protecting your Data in Google Apps
Ähnlich wie Protecting your Data in Google Apps (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Protecting your Data in Google Apps
- 1. PROTECTING YOUR DATA IN GOOGLE APPS You will learn in the next 60 minutes: • The basic security that comes Google Apps • Extending security while using Google Apps • Tips and tricks to maintain control of your data
- 2. Google Apps Security 2 Cloud apps are becoming an essential part of business Cost effective Remote access Agility and speed Improved Productivity Better collaboration
- 3. Customer will use its reasonable endeavours to prevent unauthorised use of the Services, and to terminate any unauthorised use. Customer will promptly notify Google of any unauthorised use of, or access to, the Services of which it becomes aware. Google´s Policy Google cannot be responsible for malicious use of your company’s user accounts (or security of your infrastructure or users). (the fine print) Security In The Cloud is a Shared Responsibility Google Apps Security 3
- 4. Security In The Cloud is a Shared Responsibility Google Apps Security 4 FRONTEND SECURITY Access visibility Access control Data loss prevention BACKEND SECURITY Xsite scripting, SQL Injection, etc. Web Application SaaS You Vendor
- 5. 5 What could go wrong? • 1.34% of accounts were compromised • Compromised means: account takeover, rogue (bad actor) insider, malicious data destruction, etc. • Report highlighted threshold triggers (static) and anomalous behavior (data science) — just a sample out of 60+ factors • This malicious activity would apply regardless of SaaS app or storage provider used, Google Drive From Elastica’s Q2 2015 Shadow Data Report: Malicious Use % of total compromised accounts Google Apps Security
- 6. 90%of organizations lost sensitive data via file sharing Shadow Data Use of sanctioned apps in unsanctioned ways average cost of data breach for storage SaaS providers/company Shadow Data All the potentially risky data exposures lurking in sanctioned cloud apps, due to lack of knowledge of the type of data being uploaded, and how it is being shared. This can directly lead to compliance violations or sensitive data loss. Shadow IT All the potentially risky unsanctioned Cloud Apps used in your organization, without the knowledge of IT. Source: Elastica Q2 2015Source: Ponemon $13.8M What is Shadow Data? Google Apps Security
- 7. Who Controls Sharing? Sharing has become democratized (no longer top-down controls) Even file owners no longer fully control how their files are shared Alice shares a file with Bob Bob shares that file publicly without Alice’s knowledge Shadow Data Goes Viral Google Apps Security OTHER APPS
- 8. files per user are broadly shared (average) 12.5% contain compliance related data Shadow Data 25%Of total files stored in the cloud per user (average) of these files Google Apps Security
- 9. 9 GoogleApps provides base security, but you still need… User visibility and control Analysis of risky behavior Automated classification Data protection / attack mitigation REQUIREMENT BECAUSE HOW Compliance mandates require identification of sensitive data Users are the biggest threat that can bypass your security controls This is not readily seen just by A/V scanning or APT systems Before, during, and after a breach requires fast response Leverage data science to automatically understand content without involving humans Real-time awareness of access and actions Per user-graph of “normal” behavior vs. risky behavior Complete lifecycle solution Google Apps Security
- 10. Data Science Powered™ CLOUDAPP SECURITY beforeduringafter Google Apps Security
- 11. Externalandpubliccontent exposures,including compliancerisks Inboundriskycontentshared withemployees(e.g.malware, IP,etc) Riskyusersanduser activities Get a Free Shadow Data Risk Assessment Google Apps Security
- 12. Thank You! Take the free Shadow Data Risk Assessment Visit us to learn how you can find risks and protect critical content in your file sharing apps. Elastica.net
Hinweis der Redaktion
- The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like. http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681
- The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like. http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681
- Source: Ponemon, 2013 Cost of Data Breach Study So you’ve probably heard of Shadow IT, but you may not have heard of Shadow Data. But the reality is Shadow Data can be far more dangerous. While Shadow IT is about understanding all the cloud apps that are being used in your environment that IT may not be aware of, Shadow Data can occur in fully sanction apps. Shadow data is about understanding what types of data users are uploading into your apps and how they are sharing these files with others.
- design notes: Can we show how Bob has caused $201 cost from a violation and that each person later costs additional $201? to emphasize how a viral document can increase costs of a breach. 1 breach $201 record source: Ponemon Institute 2014 So to expand on this, lets take a look at the other case. The non-malicious user who’s simply oversharing. So let me ask you this question: Do you remember back in the day when we had file sharing within our data center? We’d build a file server, and the IT admin or domain admin had full control over who had access to that file server and what could be shared with whom. When we work with applications like Dropbox, for all the wonderful things it brings us, it now also brings us the question of who controls sharing? Sharing has become democratized now, where you’re putting the controls in the hands of the user. Even file owners no longer fully control how their files are shared. *CLICK* Let’s look at this example where Alice shares a file with Bob, *CLICK* and then Bob decides to share the file with two friends. And they share with their friends, and so on, and so on, and so on. From here things get very complicated because permissions, control, file ownership, all get a little confusing. This is an example of what we call shadow data, or shadow IT. You’ll likely hear me use this term again.
- So let’s take a look at the stats here: From data we’ve collected on our own customers that we’re monitoring, we see that the average user stores about 2037 files in cloud based storage accounts. *CLICK* Of these files on average about 185 of these are shared broadly. *CLICK* These may be public or externally shared or just shared with the whole company. If we take a look at those 185 files that are shared broadly, about 20% of these contain sensitive data! (PII, PHI or PCI) If we go back and look at it from perspective of which users are doing this, we see that 5% of our users are responsible for 85% of the risk exposure. So who are they? What are these files? Where are they? And how do we remediate this? As it turns out, we can solve these, problems, but we need the right tools. Manual remediation would take us lengthy amounts of time to resolve, but automated tools, can resolve this in seconds. So let’s take look at how we can do this. Average number of files per user 2037 About 9% broadly shared (company-wide, external or public) 20% of these contain compliance-related data! Average time to remediate risk exposures: Manual: 67 minutes per user Automated: 16 seconds per user (1/251)
- Suggestion: Data Protection / Attack Mitigation
- ABOVE “LEARN MORE” BULLETS NEED TO BE UPDATED. Design notes: Same layout as the Gateway closing slide Now that you’ve seen this, I hope we’ve been able to answer your questions about safely enabling Dropbox. We would love to ask you to give Elastica a try. Setting up an evaluation literally takes about 5 minutes, requires no hardware or software, and you can start gaining visibility into your Dropbox for Business accounts very quickly. To get started, please contact your local sales team, or contact us directly here at Elastica to set up an evaluation today. Thanks, and we’ll look forward to seeing you on our next webinar!