Google Apps, Especially Google Drive, have enabled millions of users to easily share documents and collaborate more effectively. However, a lack of visibility and control by IT departments over these users and their activity in Google Apps has actually dramatically increased the risk of malicious or accidental leakage of business-critical data.
In this webcast, cloud security experts Nitin Kumar of Cisco, and Sergio Castro of Elastica will discuss best practices for protecting your data in Google Apps. You will learn:
• What base level security Google Drive provides (and what it doesn’t)
• Examples of companies that are facing these issues and how they are solving them
• Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.)
• Best practices in using data science to uncover risky or anomalous behavior
• How to automate protection against Google Drive data breaches
08448380779 Call Girls In Civil Lines Women Seeking Men
Protecting your Data in Google Apps
1. PROTECTING
YOUR DATA IN
GOOGLE APPS
You will learn in the next 60 minutes:
• The basic security that comes Google Apps
• Extending security while using Google Apps
• Tips and tricks to maintain control of your data
2. Google Apps Security 2
Cloud apps are
becoming an
essential part of
business
Cost effective
Remote access
Agility and speed
Improved Productivity
Better collaboration
3. Customer will use its reasonable endeavours to
prevent unauthorised use of the Services, and to
terminate any unauthorised use. Customer will
promptly notify Google of any unauthorised use of,
or access to, the Services of which it becomes
aware.
Google´s Policy
Google cannot be responsible for malicious use of your company’s user accounts
(or security of your infrastructure or users).
(the fine print)
Security In The
Cloud is a Shared
Responsibility
Google Apps Security 3
4. Security In The
Cloud is a Shared
Responsibility
Google Apps Security 4
FRONTEND SECURITY
Access visibility
Access control
Data loss prevention
BACKEND SECURITY
Xsite scripting, SQL Injection, etc.
Web
Application
SaaS
You
Vendor
5. 5
What could go wrong?
• 1.34% of accounts were compromised
• Compromised means: account takeover,
rogue (bad actor) insider, malicious data
destruction, etc.
• Report highlighted threshold triggers
(static) and anomalous behavior (data
science) — just a sample out of 60+ factors
• This malicious activity would apply
regardless of SaaS app or storage provider
used, Google Drive
From Elastica’s Q2 2015 Shadow Data Report:
Malicious Use
% of total
compromised
accounts
Google Apps Security
6. 90%of organizations lost sensitive data
via file sharing
Shadow Data
Use of sanctioned apps in unsanctioned ways
average cost of data breach for storage
SaaS providers/company
Shadow Data
All the potentially risky data exposures lurking in
sanctioned cloud apps, due to lack of knowledge of the
type of data being uploaded, and how it is being
shared. This can directly lead to compliance violations
or sensitive data loss.
Shadow IT
All the potentially risky unsanctioned Cloud Apps used in your
organization, without the knowledge of IT.
Source: Elastica Q2 2015Source: Ponemon
$13.8M
What is Shadow Data?
Google Apps Security
7. Who Controls Sharing?
Sharing has become democratized
(no longer top-down controls)
Even file owners no longer fully
control how their files are shared
Alice shares a file with Bob
Bob shares that file publicly
without Alice’s knowledge
Shadow Data
Goes Viral
Google Apps Security
OTHER
APPS
8. files per user are
broadly shared
(average)
12.5%
contain compliance related data
Shadow Data
25%Of total files stored in the
cloud per user
(average)
of these files
Google Apps Security
9. 9
GoogleApps provides base security, but you still need…
User visibility and control
Analysis of risky behavior
Automated classification
Data protection /
attack mitigation
REQUIREMENT BECAUSE HOW
Compliance mandates
require identification of
sensitive data
Users are the biggest
threat that can bypass your
security controls
This is not readily seen just
by A/V scanning or APT
systems
Before, during, and after a
breach requires fast
response
Leverage data science to
automatically understand content
without involving humans
Real-time awareness of
access and actions
Per user-graph of “normal”
behavior vs. risky behavior
Complete lifecycle solution
Google Apps Security
12. Thank You!
Take the free Shadow
Data Risk Assessment
Visit us to learn how you can find risks and
protect critical content in your file sharing apps.
Elastica.net
Hinweis der Redaktion
The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like.
http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681
The reality is that security is a shared responsibility. Even the most enterprise-grade cloud app provider, will never take full liability for what your users do within cloud apps. If someone comes in with a valid user name/password, they can do whatever they want - and share sensitive content with whomever they like.
http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=8681
Source: Ponemon, 2013 Cost of Data Breach Study
So you’ve probably heard of Shadow IT, but you may not have heard of Shadow Data. But the reality is Shadow Data can be far more dangerous. While Shadow IT is about understanding all the cloud apps that are being used in your environment that IT may not be aware of, Shadow Data can occur in fully sanction apps. Shadow data is about understanding what types of data users are uploading into your apps and how they are sharing these files with others.
design notes: Can we show how Bob has caused $201 cost from a violation and that each person later costs additional $201? to emphasize how a viral document can increase costs of a breach.
1 breach $201 record source: Ponemon Institute 2014
So to expand on this, lets take a look at the other case. The non-malicious user who’s simply oversharing.
So let me ask you this question: Do you remember back in the day when we had file sharing within our data center? We’d build a file server, and the IT admin or domain admin had full control over who had access to that file server and what could be shared with whom. When we work with applications like Dropbox, for all the wonderful things it brings us, it now also brings us the question of who controls sharing? Sharing has become democratized now, where you’re putting the controls in the hands of the user. Even file owners no longer fully control how their files are shared. *CLICK* Let’s look at this example where Alice shares a file with Bob, *CLICK* and then Bob decides to share the file with two friends. And they share with their friends, and so on, and so on, and so on. From here things get very complicated because permissions, control, file ownership, all get a little confusing. This is an example of what we call shadow data, or shadow IT. You’ll likely hear me use this term again.
So let’s take a look at the stats here: From data we’ve collected on our own customers that we’re monitoring, we see that the average user stores about 2037 files in cloud based storage accounts. *CLICK* Of these files on average about 185 of these are shared broadly. *CLICK* These may be public or externally shared or just shared with the whole company.
If we take a look at those 185 files that are shared broadly, about 20% of these contain sensitive data! (PII, PHI or PCI)
If we go back and look at it from perspective of which users are doing this, we see that 5% of our users are responsible for 85% of the risk exposure. So who are they? What are these files? Where are they? And how do we remediate this? As it turns out, we can solve these, problems, but we need the right tools. Manual remediation would take us lengthy amounts of time to resolve, but automated tools, can resolve this in seconds.
So let’s take look at how we can do this.
Average number of files per user 2037
About 9% broadly shared
(company-wide, external or public)
20% of these contain compliance-related data!
Average time to remediate risk exposures:
Manual: 67 minutes per user
Automated: 16 seconds per user (1/251)
Suggestion: Data Protection / Attack Mitigation
ABOVE “LEARN MORE” BULLETS NEED TO BE UPDATED.
Design notes: Same layout as the Gateway closing slide
Now that you’ve seen this, I hope we’ve been able to answer your questions about safely enabling Dropbox. We would love to ask you to give Elastica a try. Setting up an evaluation literally takes about 5 minutes, requires no hardware or software, and you can start gaining visibility into your Dropbox for Business accounts very quickly.
To get started, please contact your local sales team, or contact us directly here at Elastica to set up an evaluation today. Thanks, and we’ll look forward to seeing you on our next webinar!