SlideShare a Scribd company logo

297727851 getting-to-the-cloud-event-2015

I
Inbalraanan

getting-to-the-cloud-event-2015

Business
1 of 20
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 1 STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 2016 Getting to the Cloud Security & Risk Management How will Digital Transformation transform all of us Ariel Evans, EVP Senior Cyber Security and Risk Analyst ariel@stki.info
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 2 About Me •CISO Telco US • 7 years of security experience •Compliance Expert • Primary Author of the PCI e-commerce guideline •20 years Risk Manager on Wall Street •Consultant to DHS on Middleware Vulnerabilities
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 3 STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph What we will cover today Cyber Security What is Cyber Security? Cloud Security What are the similarities and differences between cloud security and cyber? Getting to the Cloud What are the requirements to get to the cloud? Cloud Security Components Service Provider Responsibilities vs. Customer Responsibilities Risk Management Measuring effectiveness of security in the context of the EU data directive Cloud Security Technologies CASBs Risk Management Tools Data Classification Tools .
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 4 What is Cyber Security 4 • People, Process & Tools • Holistic Approach • Protect Confidentiality, Integrity & Accessibility • Stopping or Limiting Damage from Unauthorized Access • Applies to the Entire Lifecycle of data • Any time data is stored, transmitted or processed • Effectiveness is measured using Risk Management What is Cloud Cyber Security Data APIs Virtual Machines GUIs Operating Systems Programming Languages Virtual Network Architecture Hypervisors Data Storage Processing & Memory Network Data Center Relationship between CSP and Customer
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 5 CSP & Customer Relationship
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 6 Cloud Security • Relationship between customer and cloud service provider • Defined by the components of the solution • Evolving • Most CSPs will now provide • Logs • Penetration tests for Hypervisior • Data Center Inspections • Limited Service Agreements • Enhanced Security Service Capabilities • Cloud Access Security Brokers - CASBs • Data Classification • Cyber Risk Management
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 7 Israel cloud adoption - by sector Private Cloud Army, Banks, Government, Utility Cloud curious checking the technology Government Finance Telecom Operators Health Cloud adopters running 2-5 application in cloud Telecom Vendor Industry services Utilities Cloud focus most application in the cloud High-Tech Startups SMB Source: Moshe Ferber, Cloud Security Alliance Israel
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 8 Cloud Security Components
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 9 Bank of Israel Regulation •Core system data cannot be in the cloud •What is core data? •How can we classify different types of data and how it is protected in the cloud? •Follow the EU Data Directive •Ensure compliance •Risk Management •Board Room Approvals
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 10 Evolving - Cyber Organizations •The CISO of the future is the one who can run the risk-management organization. •Reports to the business either CEO, CFO, CRO or COO – moving out of reporting to CIO. •The days of security being led by the 'network person' who did security in their spare time and learned on the job are over and increasingly we are seeing seasoned professionals with real business experience & business school qualifications stepping into the security space reporting to the board of director on Cyber Risk.
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 11 15 Classifying Data •Old Way - Manual • Thousands of man hours • Most projects fail • Business Owner Dependent • Costly to maintain • Constantly changing • New Way – Data Classification Products • Machine Learning • Clustering • One month deliverable
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 12 15 EU Data Directive This deliverable reports on the current legal framework regulating the storage and processing the data on the cloud and introduces a risk assessment methodology to analyze the business risks associated with outsourcing data. AUTOMATING CYBER RISK AND CLOUD RISK https://practice-project.eu/downloads/publications/D31.1-Risk-assessment-legal-status- PU-M12.pdf
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 13 How cyber Risk is managed 13 Identification of Threats Compliance Regulation Define the Control Test the Control Measure the Risk Implement and Protect Network Domains In addition, further development of policies, processes, and systems must continue to ensure that: • Firewall configuration standards include requirements for a firewall at each Internet connection, and between any DMZ and the internal network zone; • Current network diagram is consistent with the firewall configuration standards; • Firewall rules prevent internal addresses passing from the Internet into the DMZ. • Firewall rules prevent direct connections inbound or outbound for traffic between the Internet and the cardholder data environment. • Prohibit direct public access between the Internet and any system component in the cardholder data environment; • Require that all outbound traffic from the cardholder data environment to the Internet is explicitly authorized. PCI DSS Objective 1.1.3 Objective 1.3 Objective 1.3.3-5 Objective 1.3.7 SOC 3.2, 3.5, 3.8 EU Data Directive
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 14 Risk Management 14 1 – Insignificant 2 – Minor 3 – Moderate 4 – Major 5 – Catastrophic No fines or additional costs No fines but increased monitoring costs Some fines and moderate consequences Large fines and loss of card privledges w ith major economic impact Company unable to stay active A - Almost certain to occur in most circumstances Medium (M) High (H) High (H) Very High (VH) Very High (VH) B - Answer = None = 4 Likely to occur frequently Medium (M) Medium (M) High (H) High (H) Very High (VH) C - Answer = Partially = 3 Possible and likely to occur at some time Low (L) Medium (M) High (H) High (H) High (H) D - Answer = Fully = 2 Unlikely to occur but could happen Low (L) Low (L) Medium (M) Medium (M) High (H) E - May occur but only in rare and exceptional circumstances Low (L) Low (L) Medium (M) Medium (M) High (H) Likelihood
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 15 Risk Dashboards •Real Time Risk •Risk linked to business assets •Mitigation •Task Management •Drill into risk •See risk effectiveness across • Divisions • Systems • Assets
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 16 CASB Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 17 Sanctioned IT Cloud DLP Apps Firewall User Behavior Analytics On-Network “Shadow”IT Off-Network (Cloud-to-Cloud) “Shadow”IT
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 18 18
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 19 15 Discussion Items •What is the definition of core data? •What products will help you to show how this data is in the cloud? •What level of Encryption will be accepted for the cloud? •What products can help you who compliance here? •What new technologies will help demonstrate risk management is effective for the cloud and provide EU data directive complaince? •What benefits will CASBs provide the Israeli Market?
STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 20 That’s it. Thank you!

Recommended

Next generation applications
Next generation applicationsNext generation applications
Next generation applicationsInbalraanan
 
Cyber security 2013
Cyber security 2013 Cyber security 2013
Cyber security 2013 Ariel Evans
 
Cto 2021 markets v2
Cto 2021 markets v2Cto 2021 markets v2
Cto 2021 markets v2Pini Cohen
 
Liat 2019 positioning-apps_analytics_v7
Liat 2019 positioning-apps_analytics_v7Liat 2019 positioning-apps_analytics_v7
Liat 2019 positioning-apps_analytics_v7Inbalraanan
 
NEXT generation enterprise applications
NEXT generation enterprise applicationsNEXT generation enterprise applications
NEXT generation enterprise applicationsDr. Jimmy Schwarzkopf
 
Israel IT Market 2007-2009
Israel IT Market 2007-2009Israel IT Market 2007-2009
Israel IT Market 2007-2009Dr. Jimmy Schwarzkopf
 
Galit summit presentation_2015_v4
Galit summit presentation_2015_v4Galit summit presentation_2015_v4
Galit summit presentation_2015_v4Inbalraanan
 
Automation revolution AI ML RPAs 2019
Automation revolution AI ML RPAs 2019Automation revolution AI ML RPAs 2019
Automation revolution AI ML RPAs 2019Galit Fein
 

Recommended

Next generation applications
Next generation applicationsNext generation applications
Next generation applicationsInbalraanan
 
Cyber security 2013
Cyber security 2013 Cyber security 2013
Cyber security 2013 Ariel Evans
 
Cto 2021 markets v2
Cto 2021 markets v2Cto 2021 markets v2
Cto 2021 markets v2Pini Cohen
 
Liat 2019 positioning-apps_analytics_v7
Liat 2019 positioning-apps_analytics_v7Liat 2019 positioning-apps_analytics_v7
Liat 2019 positioning-apps_analytics_v7Inbalraanan
 
NEXT generation enterprise applications
NEXT generation enterprise applicationsNEXT generation enterprise applications
NEXT generation enterprise applicationsDr. Jimmy Schwarzkopf
 
Israel IT Market 2007-2009
Israel IT Market 2007-2009Israel IT Market 2007-2009
Israel IT Market 2007-2009Dr. Jimmy Schwarzkopf
 
Galit summit presentation_2015_v4
Galit summit presentation_2015_v4Galit summit presentation_2015_v4
Galit summit presentation_2015_v4Inbalraanan
 
Automation revolution AI ML RPAs 2019
Automation revolution AI ML RPAs 2019Automation revolution AI ML RPAs 2019
Automation revolution AI ML RPAs 2019Galit Fein
 
Big it stagnation
Big it stagnationBig it stagnation
Big it stagnationInbalraanan
 
Galit Post-Covid ORGANIZATION Presentation
Galit Post-Covid ORGANIZATION Presentation Galit Post-Covid ORGANIZATION Presentation
Galit Post-Covid ORGANIZATION Presentation Galit Fein
 
Cto 2021 summit
Cto 2021 summitCto 2021 summit
Cto 2021 summitInbalraanan
 
STKI Summit 1/2021 - REUT
STKI Summit 1/2021 - REUTSTKI Summit 1/2021 - REUT
STKI Summit 1/2021 - REUTReut Shefer-Bar, MBA
 
Jimmy summit 2021 part 1 presentation v1
Jimmy summit 2021 part 1 presentation v1Jimmy summit 2021 part 1 presentation v1
Jimmy summit 2021 part 1 presentation v1Inbalraanan
 
How does the cio contrinute to other CxOs?
How does the cio contrinute to other CxOs?How does the cio contrinute to other CxOs?
How does the cio contrinute to other CxOs?Einat Shimoni
 
STKI summit CTO presentation 2019
STKI summit CTO presentation 2019STKI summit CTO presentation 2019
STKI summit CTO presentation 2019Pini Cohen
 
Journey data driven organization
Journey data driven organizationJourney data driven organization
Journey data driven organizationInbalraanan
 
Risk mngt gov compliance security cyber
Risk mngt gov compliance security cyberRisk mngt gov compliance security cyber
Risk mngt gov compliance security cyberAriel Evans
 
Workato integrators corrections stki Israeli VAS market research 2020 v1
Workato integrators corrections stki Israeli VAS market research 2020 v1Workato integrators corrections stki Israeli VAS market research 2020 v1
Workato integrators corrections stki Israeli VAS market research 2020 v1Pini Cohen
 
CTO presentation
CTO presentation CTO presentation
CTO presentation Dr. Jimmy Schwarzkopf
 
STKI Israeli IT Market Study 2020 vas volume 4 v3
STKI Israeli IT Market Study 2020 vas volume 4 v3STKI Israeli IT Market Study 2020 vas volume 4 v3
STKI Israeli IT Market Study 2020 vas volume 4 v3Dr. Jimmy Schwarzkopf
 
Enterprise applications, Web & Analytics trends 2012
Enterprise applications, Web & Analytics trends 2012Enterprise applications, Web & Analytics trends 2012
Enterprise applications, Web & Analytics trends 2012Einat Shimoni
 
Einat 2019 positioning-apps_analytics_v7
Einat 2019 positioning-apps_analytics_v7Einat 2019 positioning-apps_analytics_v7
Einat 2019 positioning-apps_analytics_v7Inbalraanan
 
The Data Unicorns
The Data UnicornsThe Data Unicorns
The Data UnicornsEinat Shimoni
 
2011 Enterprise Applications Trends
2011 Enterprise Applications Trends2011 Enterprise Applications Trends
2011 Enterprise Applications TrendsEinat Shimoni
 
Big iIT stagnation
Big iIT stagnationBig iIT stagnation
Big iIT stagnationDr. Jimmy Schwarzkopf
 
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Einat Shimoni
 
Israel IT trends and positioning in infrastructure and development (delivery...
Israel IT trends and positioning in infrastructure and development (delivery...Israel IT trends and positioning in infrastructure and development (delivery...
Israel IT trends and positioning in infrastructure and development (delivery...Dr. Jimmy Schwarzkopf
 
CIO Strategies 2008
CIO Strategies 2008CIO Strategies 2008
CIO Strategies 2008Dr. Jimmy Schwarzkopf
 
Contact Center infrastructure 2014
Contact Center infrastructure 2014Contact Center infrastructure 2014
Contact Center infrastructure 2014Ariel Evans
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 

More Related Content

What's hot

Big it stagnation
Big it stagnationBig it stagnation
Big it stagnationInbalraanan
 
Galit Post-Covid ORGANIZATION Presentation
Galit Post-Covid ORGANIZATION Presentation Galit Post-Covid ORGANIZATION Presentation
Galit Post-Covid ORGANIZATION Presentation Galit Fein
 
Jimmy summit 2021 part 1 presentation v1
Jimmy summit 2021 part 1 presentation v1Jimmy summit 2021 part 1 presentation v1
Jimmy summit 2021 part 1 presentation v1Inbalraanan
 
How does the cio contrinute to other CxOs?
How does the cio contrinute to other CxOs?How does the cio contrinute to other CxOs?
How does the cio contrinute to other CxOs?Einat Shimoni
 
STKI summit CTO presentation 2019
STKI summit CTO presentation 2019STKI summit CTO presentation 2019
STKI summit CTO presentation 2019Pini Cohen
 
Journey data driven organization
Journey data driven organizationJourney data driven organization
Journey data driven organizationInbalraanan
 
Risk mngt gov compliance security cyber
Risk mngt gov compliance security cyberRisk mngt gov compliance security cyber
Risk mngt gov compliance security cyberAriel Evans
 
Workato integrators corrections stki Israeli VAS market research 2020 v1
Workato integrators corrections stki Israeli VAS market research 2020 v1Workato integrators corrections stki Israeli VAS market research 2020 v1
Workato integrators corrections stki Israeli VAS market research 2020 v1Pini Cohen
 
STKI Israeli IT Market Study 2020 vas volume 4 v3
STKI Israeli IT Market Study 2020 vas volume 4 v3STKI Israeli IT Market Study 2020 vas volume 4 v3
STKI Israeli IT Market Study 2020 vas volume 4 v3Dr. Jimmy Schwarzkopf
 
Enterprise applications, Web & Analytics trends 2012
Enterprise applications, Web & Analytics trends 2012Enterprise applications, Web & Analytics trends 2012
Enterprise applications, Web & Analytics trends 2012Einat Shimoni
 
Einat 2019 positioning-apps_analytics_v7
Einat 2019 positioning-apps_analytics_v7Einat 2019 positioning-apps_analytics_v7
Einat 2019 positioning-apps_analytics_v7Inbalraanan
 
2011 Enterprise Applications Trends
2011 Enterprise Applications Trends2011 Enterprise Applications Trends
2011 Enterprise Applications TrendsEinat Shimoni
 
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Einat Shimoni
 
Israel IT trends and positioning in infrastructure and development (delivery...
Israel IT trends and positioning in infrastructure and development (delivery...Israel IT trends and positioning in infrastructure and development (delivery...
Israel IT trends and positioning in infrastructure and development (delivery...Dr. Jimmy Schwarzkopf
 

What's hot (20)

Big it stagnation
Big it stagnationBig it stagnation
Big it stagnation
 
Galit Post-Covid ORGANIZATION Presentation
Galit Post-Covid ORGANIZATION Presentation Galit Post-Covid ORGANIZATION Presentation
Galit Post-Covid ORGANIZATION Presentation
 
Cto 2021 summit
Cto 2021 summitCto 2021 summit
Cto 2021 summit
 
STKI Summit 1/2021 - REUT
STKI Summit 1/2021 - REUTSTKI Summit 1/2021 - REUT
STKI Summit 1/2021 - REUT
 
Jimmy summit 2021 part 1 presentation v1
Jimmy summit 2021 part 1 presentation v1Jimmy summit 2021 part 1 presentation v1
Jimmy summit 2021 part 1 presentation v1
 
How does the cio contrinute to other CxOs?
How does the cio contrinute to other CxOs?How does the cio contrinute to other CxOs?
How does the cio contrinute to other CxOs?
 
STKI summit CTO presentation 2019
STKI summit CTO presentation 2019STKI summit CTO presentation 2019
STKI summit CTO presentation 2019
 
Journey data driven organization
Journey data driven organizationJourney data driven organization
Journey data driven organization
 
Risk mngt gov compliance security cyber
Risk mngt gov compliance security cyberRisk mngt gov compliance security cyber
Risk mngt gov compliance security cyber
 
Workato integrators corrections stki Israeli VAS market research 2020 v1
Workato integrators corrections stki Israeli VAS market research 2020 v1Workato integrators corrections stki Israeli VAS market research 2020 v1
Workato integrators corrections stki Israeli VAS market research 2020 v1
 
CTO presentation
CTO presentation CTO presentation
CTO presentation
 
STKI Israeli IT Market Study 2020 vas volume 4 v3
STKI Israeli IT Market Study 2020 vas volume 4 v3STKI Israeli IT Market Study 2020 vas volume 4 v3
STKI Israeli IT Market Study 2020 vas volume 4 v3
 
Enterprise applications, Web & Analytics trends 2012
Enterprise applications, Web & Analytics trends 2012Enterprise applications, Web & Analytics trends 2012
Enterprise applications, Web & Analytics trends 2012
 
Einat 2019 positioning-apps_analytics_v7
Einat 2019 positioning-apps_analytics_v7Einat 2019 positioning-apps_analytics_v7
Einat 2019 positioning-apps_analytics_v7
 
The Data Unicorns
The Data UnicornsThe Data Unicorns
The Data Unicorns
 
2011 Enterprise Applications Trends
2011 Enterprise Applications Trends2011 Enterprise Applications Trends
2011 Enterprise Applications Trends
 
Big iIT stagnation
Big iIT stagnationBig iIT stagnation
Big iIT stagnation
 
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
Enterprise Applications, Analytics and Knowledge Products Positionings in Isr...
 
Israel IT trends and positioning in infrastructure and development (delivery...
Israel IT trends and positioning in infrastructure and development (delivery...Israel IT trends and positioning in infrastructure and development (delivery...
Israel IT trends and positioning in infrastructure and development (delivery...
 
CIO Strategies 2008
CIO Strategies 2008CIO Strategies 2008
CIO Strategies 2008
 

Similar to 297727851 getting-to-the-cloud-event-2015

Contact Center infrastructure 2014
Contact Center infrastructure 2014Contact Center infrastructure 2014
Contact Center infrastructure 2014Ariel Evans
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Sigal summit 2014 final
Sigal summit 2014 finalSigal summit 2014 final
Sigal summit 2014 finalAriel Evans
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Symantec investor presentation august 2016
Symantec investor presentation august 2016Symantec investor presentation august 2016
Symantec investor presentation august 2016InvestorSymantec
 
Smau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSmau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSMAU
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Bitglass
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Galit Fein IT governance for slideshare 2016
Galit Fein IT governance for slideshare 2016Galit Fein IT governance for slideshare 2016
Galit Fein IT governance for slideshare 2016Galit Fein
 
Secure development 2014
Secure development 2014Secure development 2014
Secure development 2014Ariel Evans
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentAlgoSec
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes WebinarThousandEyes
 

Similar to 297727851 getting-to-the-cloud-event-2015 (20)

Contact Center infrastructure 2014
Contact Center infrastructure 2014Contact Center infrastructure 2014
Contact Center infrastructure 2014
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Sigal summit 2014 final
Sigal summit 2014 finalSigal summit 2014 final
Sigal summit 2014 final
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 security
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Symantec investor presentation august 2016
Symantec investor presentation august 2016Symantec investor presentation august 2016
Symantec investor presentation august 2016
 
Smau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSmau Padova 2018 - Cisco
Smau Padova 2018 - Cisco
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Galit Fein IT governance for slideshare 2016
Galit Fein IT governance for slideshare 2016Galit Fein IT governance for slideshare 2016
Galit Fein IT governance for slideshare 2016
 
Secure development 2014
Secure development 2014Secure development 2014
Secure development 2014
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes Webinar
 

More from Inbalraanan

Ppm positioning in israel 2019
Ppm positioning in israel 2019Ppm positioning in israel 2019
Ppm positioning in israel 2019Inbalraanan
 
Positioning stki galit 2015
Positioning stki galit 2015Positioning stki galit 2015
Positioning stki galit 2015Inbalraanan
 
Stki it staffing ratios 2018 v3
Stki it staffing ratios 2018 v3Stki it staffing ratios 2018 v3
Stki it staffing ratios 2018 v3Inbalraanan
 
Delivery positionnig 2017 v2
Delivery positionnig 2017 v2Delivery positionnig 2017 v2
Delivery positionnig 2017 v2Inbalraanan
 
2019 positioning v2
2019 positioning v22019 positioning v2
2019 positioning v2Inbalraanan
 
Galit rpa predictions 2019
Galit rpa predictions 2019Galit rpa predictions 2019
Galit rpa predictions 2019Inbalraanan
 
217196512 ipv6-2011
217196512 ipv6-2011217196512 ipv6-2011
217196512 ipv6-2011Inbalraanan
 
216718893 ngdc-2011
216718893 ngdc-2011216718893 ngdc-2011
216718893 ngdc-2011Inbalraanan
 
217196514 rt-dlp-2011
217196514 rt-dlp-2011217196514 rt-dlp-2011
217196514 rt-dlp-2011Inbalraanan
 
217196511 rt-mdm-2011
217196511 rt-mdm-2011217196511 rt-mdm-2011
217196511 rt-mdm-2011Inbalraanan
 
217197388 rt-development-security-2011
217197388 rt-development-security-2011217197388 rt-development-security-2011
217197388 rt-development-security-2011Inbalraanan
 
217197384 idm-2010
217197384 idm-2010217197384 idm-2010
217197384 idm-2010Inbalraanan
 
217197389 rt-mobile-security-poc-2010
217197389 rt-mobile-security-poc-2010217197389 rt-mobile-security-poc-2010
217197389 rt-mobile-security-poc-2010Inbalraanan
 
217196513 rt-sec-2010
217196513 rt-sec-2010217196513 rt-sec-2010
217196513 rt-sec-2010Inbalraanan
 
217196516 rt-siem-soc-2010
217196516 rt-siem-soc-2010217196516 rt-siem-soc-2010
217196516 rt-siem-soc-2010Inbalraanan
 
217196517 rt-uc-2009
217196517 rt-uc-2009217196517 rt-uc-2009
217196517 rt-uc-2009Inbalraanan
 
217197385 application-security-2009
217197385 application-security-2009217197385 application-security-2009
217197385 application-security-2009Inbalraanan
 
335653790 cyber-decisions-2016
335653790 cyber-decisions-2016335653790 cyber-decisions-2016
335653790 cyber-decisions-2016Inbalraanan
 
262442355 secure-development-2014 (1)
262442355 secure-development-2014 (1)262442355 secure-development-2014 (1)
262442355 secure-development-2014 (1)Inbalraanan
 

More from Inbalraanan (20)

Ppm positioning in israel 2019
Ppm positioning in israel 2019Ppm positioning in israel 2019
Ppm positioning in israel 2019
 
Ppm tools 2018
Ppm tools 2018Ppm tools 2018
Ppm tools 2018
 
Positioning stki galit 2015
Positioning stki galit 2015Positioning stki galit 2015
Positioning stki galit 2015
 
Stki it staffing ratios 2018 v3
Stki it staffing ratios 2018 v3Stki it staffing ratios 2018 v3
Stki it staffing ratios 2018 v3
 
Delivery positionnig 2017 v2
Delivery positionnig 2017 v2Delivery positionnig 2017 v2
Delivery positionnig 2017 v2
 
2019 positioning v2
2019 positioning v22019 positioning v2
2019 positioning v2
 
Galit rpa predictions 2019
Galit rpa predictions 2019Galit rpa predictions 2019
Galit rpa predictions 2019
 
217196512 ipv6-2011
217196512 ipv6-2011217196512 ipv6-2011
217196512 ipv6-2011
 
216718893 ngdc-2011
216718893 ngdc-2011216718893 ngdc-2011
216718893 ngdc-2011
 
217196514 rt-dlp-2011
217196514 rt-dlp-2011217196514 rt-dlp-2011
217196514 rt-dlp-2011
 
217196511 rt-mdm-2011
217196511 rt-mdm-2011217196511 rt-mdm-2011
217196511 rt-mdm-2011
 
217197388 rt-development-security-2011
217197388 rt-development-security-2011217197388 rt-development-security-2011
217197388 rt-development-security-2011
 
217197384 idm-2010
217197384 idm-2010217197384 idm-2010
217197384 idm-2010
 
217197389 rt-mobile-security-poc-2010
217197389 rt-mobile-security-poc-2010217197389 rt-mobile-security-poc-2010
217197389 rt-mobile-security-poc-2010
 
217196513 rt-sec-2010
217196513 rt-sec-2010217196513 rt-sec-2010
217196513 rt-sec-2010
 
217196516 rt-siem-soc-2010
217196516 rt-siem-soc-2010217196516 rt-siem-soc-2010
217196516 rt-siem-soc-2010
 
217196517 rt-uc-2009
217196517 rt-uc-2009217196517 rt-uc-2009
217196517 rt-uc-2009
 
217197385 application-security-2009
217197385 application-security-2009217197385 application-security-2009
217197385 application-security-2009
 
335653790 cyber-decisions-2016
335653790 cyber-decisions-2016335653790 cyber-decisions-2016
335653790 cyber-decisions-2016
 
262442355 secure-development-2014 (1)
262442355 secure-development-2014 (1)262442355 secure-development-2014 (1)
262442355 secure-development-2014 (1)
 

Recently uploaded

PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandSharisaBethune
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524najka9823
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 

Recently uploaded (20)

PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal Brand
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 

297727851 getting-to-the-cloud-event-2015

  • 1. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 1 STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 2016 Getting to the Cloud Security & Risk Management How will Digital Transformation transform all of us Ariel Evans, EVP Senior Cyber Security and Risk Analyst ariel@stki.info
  • 2. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 2 About Me •CISO Telco US • 7 years of security experience •Compliance Expert • Primary Author of the PCI e-commerce guideline •20 years Risk Manager on Wall Street •Consultant to DHS on Middleware Vulnerabilities
  • 3. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 3 STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph What we will cover today Cyber Security What is Cyber Security? Cloud Security What are the similarities and differences between cloud security and cyber? Getting to the Cloud What are the requirements to get to the cloud? Cloud Security Components Service Provider Responsibilities vs. Customer Responsibilities Risk Management Measuring effectiveness of security in the context of the EU data directive Cloud Security Technologies CASBs Risk Management Tools Data Classification Tools .
  • 4. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 4 What is Cyber Security 4 • People, Process & Tools • Holistic Approach • Protect Confidentiality, Integrity & Accessibility • Stopping or Limiting Damage from Unauthorized Access • Applies to the Entire Lifecycle of data • Any time data is stored, transmitted or processed • Effectiveness is measured using Risk Management What is Cloud Cyber Security Data APIs Virtual Machines GUIs Operating Systems Programming Languages Virtual Network Architecture Hypervisors Data Storage Processing & Memory Network Data Center Relationship between CSP and Customer
  • 5. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 5 CSP & Customer Relationship
  • 6. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 6 Cloud Security • Relationship between customer and cloud service provider • Defined by the components of the solution • Evolving • Most CSPs will now provide • Logs • Penetration tests for Hypervisior • Data Center Inspections • Limited Service Agreements • Enhanced Security Service Capabilities • Cloud Access Security Brokers - CASBs • Data Classification • Cyber Risk Management
  • 7. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 7 Israel cloud adoption - by sector Private Cloud Army, Banks, Government, Utility Cloud curious checking the technology Government Finance Telecom Operators Health Cloud adopters running 2-5 application in cloud Telecom Vendor Industry services Utilities Cloud focus most application in the cloud High-Tech Startups SMB Source: Moshe Ferber, Cloud Security Alliance Israel
  • 8. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 8 Cloud Security Components
  • 9. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 9 Bank of Israel Regulation •Core system data cannot be in the cloud •What is core data? •How can we classify different types of data and how it is protected in the cloud? •Follow the EU Data Directive •Ensure compliance •Risk Management •Board Room Approvals
  • 10. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 10 Evolving - Cyber Organizations •The CISO of the future is the one who can run the risk-management organization. •Reports to the business either CEO, CFO, CRO or COO – moving out of reporting to CIO. •The days of security being led by the 'network person' who did security in their spare time and learned on the job are over and increasingly we are seeing seasoned professionals with real business experience & business school qualifications stepping into the security space reporting to the board of director on Cyber Risk.
  • 11. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 11 15 Classifying Data •Old Way - Manual • Thousands of man hours • Most projects fail • Business Owner Dependent • Costly to maintain • Constantly changing • New Way – Data Classification Products • Machine Learning • Clustering • One month deliverable
  • 12. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 12 15 EU Data Directive This deliverable reports on the current legal framework regulating the storage and processing the data on the cloud and introduces a risk assessment methodology to analyze the business risks associated with outsourcing data. AUTOMATING CYBER RISK AND CLOUD RISK https://practice-project.eu/downloads/publications/D31.1-Risk-assessment-legal-status- PU-M12.pdf
  • 13. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 13 How cyber Risk is managed 13 Identification of Threats Compliance Regulation Define the Control Test the Control Measure the Risk Implement and Protect Network Domains In addition, further development of policies, processes, and systems must continue to ensure that: • Firewall configuration standards include requirements for a firewall at each Internet connection, and between any DMZ and the internal network zone; • Current network diagram is consistent with the firewall configuration standards; • Firewall rules prevent internal addresses passing from the Internet into the DMZ. • Firewall rules prevent direct connections inbound or outbound for traffic between the Internet and the cardholder data environment. • Prohibit direct public access between the Internet and any system component in the cardholder data environment; • Require that all outbound traffic from the cardholder data environment to the Internet is explicitly authorized. PCI DSS Objective 1.1.3 Objective 1.3 Objective 1.3.3-5 Objective 1.3.7 SOC 3.2, 3.5, 3.8 EU Data Directive
  • 14. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 14 Risk Management 14 1 – Insignificant 2 – Minor 3 – Moderate 4 – Major 5 – Catastrophic No fines or additional costs No fines but increased monitoring costs Some fines and moderate consequences Large fines and loss of card privledges w ith major economic impact Company unable to stay active A - Almost certain to occur in most circumstances Medium (M) High (H) High (H) Very High (VH) Very High (VH) B - Answer = None = 4 Likely to occur frequently Medium (M) Medium (M) High (H) High (H) Very High (VH) C - Answer = Partially = 3 Possible and likely to occur at some time Low (L) Medium (M) High (H) High (H) High (H) D - Answer = Fully = 2 Unlikely to occur but could happen Low (L) Low (L) Medium (M) Medium (M) High (H) E - May occur but only in rare and exceptional circumstances Low (L) Low (L) Medium (M) Medium (M) High (H) Likelihood
  • 15. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 15 Risk Dashboards •Real Time Risk •Risk linked to business assets •Mitigation •Task Management •Drill into risk •See risk effectiveness across • Divisions • Systems • Assets
  • 16. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 16 CASB Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
  • 17. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 17 Sanctioned IT Cloud DLP Apps Firewall User Behavior Analytics On-Network “Shadow”IT Off-Network (Cloud-to-Cloud) “Shadow”IT
  • 18. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 18 18
  • 19. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 19 15 Discussion Items •What is the definition of core data? •What products will help you to show how this data is in the cloud? •What level of Encryption will be accepted for the cloud? •What products can help you who compliance here? •What new technologies will help demonstrate risk management is effective for the cloud and provide EU data directive complaince? •What benefits will CASBs provide the Israeli Market?
  • 20. STKI’s work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph 20 That’s it. Thank you!