© 2014 ciphercloud | all rights reserved. 1 the future of securing the cloud privacy laws to...
TRANSCRIPT
© 2014 CipherCloud | All rights reserved. 1© 2014 CipherCloud | All rights reserved.
The Future of Securing The CloudPrivacy Laws to Compliance - How to Get Ahead of the Pack
Geoff NobleRegional [email protected]
© 2014 CipherCloud | All rights reserved. 2
Traditional Security
© 2014 CipherCloud | All rights reserved. 3
Journey to Trust in the Cloud
ComplianceApplication of ControlsMapped to PolicyDataApplicationsIn the Cloud
© 2014 CipherCloud | All rights reserved. 4© 2014 CipherCloud | All rights reserved.
DISCOVER ● PROTECT ● MONITOR
© 2014 CipherCloud | All rights reserved. 5
Changing Attitudes about the Cloud
"Today, moving to the cloud is not a questionable proposition — it’s inevitable. ”
- Eric Schmidt
© 2014 CipherCloud | All rights reserved. 6© 2014 CipherCloud | All rights reserved. 6
The Benefits are Clear…
AgilityScalability
Smaller Infrastructure
Lower Cost Flexibility
Pay as You Go
Speed to Market
”Companies who have deployed cloud broadly are gaining competitive advantage” - IBM Study
© 2014 CipherCloud | All rights reserved. 7
But There are Challenges…
Disappearing network perimeter
Surveillance and forced disclosure
Increased regulatory compliance
Data sovereignty across borders
Existing tools not effective against new threats
© 2014 CipherCloud | All rights reserved. 8
ChileProtection of Personal Data Act
ArgentinaPersonal Data Protection Act,Information Confidentiality Law
South AfricaElectronic Communications and Transactions Act
AustraliaNational Privacy Principals, State Privacy Bills, Email Spam and Privacy Bills
New ZealandPrivacy Amendment Act
PhilippinesPropose Data Privacy Law
CanadaPIPEDA, FOIPPA, PIPA
US StatesBreach notification in 46 states
TaiwanComputer-Processed Personal Data Protection
Hong KongPersonal Data Privacy Ordinance
JapanPersonal Information Protection Act
South KoreaNetwork Utilization and Data Protection Act
European UnionEU Data Protection Directive,State Data Protection Laws
IndiaInformation Technology Act
United KingdomICO Privacy and Electronic Communications Regulations
Where Cloud Data Resides and What Laws Apply
USA FederalCALEA, CCRA, CIPA, COPPA, EFTA, FACTA, ECPA, FCRA, FISMA, FERPA, GLBA, HIPAA, HITECH, PPA, RFPA, Safe Harbor, US PATRIOT Act
BrazilArticle 5 of ConstitutionColombia
Data Privacy Law 1266
MexicoPersonal Data Protection Law
MoroccoData Protection Act Thailand
Official Information Act B.E. 2540
EuropePrivacy laws in 28 countries
SingaporePersonal & Financial Data Protection Acts
© 2013 CipherCloud | All rights reserved
IsraelProtection of Privacy Law (PPL)
© 2014 CipherCloud | All rights reserved. 9
Data Residency Issues
Data Export Restrictions• Many countries place restrictions on export of PII, PHI data
Host Nation Data Access Laws• Law enforcement can access confidential data, in some cases
with gag orders on hosting providers
The Nature of Location and Stored Data• Best practices for often leverage remote backups and
replication of data across multiple data centers and regions
Understand Data Encryption Options• Strong encryption technology is important but key management is crucial• Only by maintaining control of keys can enterprises assure control over disclosure
© 2014 CipherCloud | All rights reserved. 10
Impact of Privacy Amendment Act on Cloud Computing
Responsibility for Information Protection • “If offshore cloud compromises your data we'll sue you, not them” – Victorian Privacy Commissioner; May,
2012
APP 8: Cross-Border Disclosure of Personal Information• Overseas recipients of information must comply with APPs• Law enforcement can access confidential data, in some cases with gag orders on cloud providers (e.g, US
PATRIOT Act)
APP 11: Security of Personal Information• “Reasonable” steps must be taken to protect personal information• If overseas providers are not under APP’s purview breach data, the Australian entity is financially and
criminally liable
Expanding Powers of Regulators Like APRA & Privacy Commissioner• Ability to demonstrate prudent practices for information protection is key to avoiding investigation and
penalties
© 2014 CipherCloud | All rights reserved. 11© 2014 CipherCloud | All rights reserved. 11
Major Australian Bank wants leverage the Cloud• Using SalesForce public banking applications• Includes private personnel data
Bank manages sensitive data acrossmultiple countries and regions
• Need to maintain centralized legal control
Salesforce uses global data centers• Cannot assure country-specific data location
Australian laws regulate data privacy• Privacy Amendment governs how businesses collect,
use and disclose personal information
Concerns over US Patriot Act & EU laws• Can force disclosure by host nations
without consent of informing data owners
Example of Conflicting Regulations
© 2014 CipherCloud | All rights reserved. 12© 2014 CipherCloud | All rights reserved. 12
Major Australian Bank wants leverage the Cloud• Using SalesForce public banking applications• Includes private personnel data
Bank manages sensitive data acrossmultiple countries and regions
• Need to maintain centralized legal control
Salesforce uses global data centers• Cannot assure country-specific data location
Australian laws regulate data privacy• Privacy Amendment governs how businesses collect,
use and disclose personal information
Concerns over US Patriot Act & EU laws• Can force disclosure by host nations
without consent of informing data owners
Example of Conflicting Regulations
© 2014 CipherCloud | All rights reserved. 13
Every Enterprise Needs Visibility and Control
• What are your users doing in the cloud?
• Is sensitive information being exposed?
• Can you prevent unauthorized access to data?
• Can you keep your applications functional?
• Can you monitor ongoing activity?
• Can you detect anomalies?
DISCOVER
PROTECT
MONITOR
© 2014 CipherCloud | All rights reserved. 14
Protect Your Sensitive Data in the Cloud
Ground breaking security controls Protect sensitive information in real time, before it is sent to the cloud while preserving application usability.
Searchable Strong Encryption
Key Management Tokenization
Malware Detection Data Loss Prevention
© 2014 CipherCloud | All rights reserved. 15
Transparent to usersPreserves application functionality
Encryption keys never leave the enterprise
Encrypted data is indecipherable to unauthorized users
ससळঘ
ઑथগ
थଏఒ
ਅਮਏইঋ
ਏইঋਮદ
सਮ
ਅ
ঋ
यણ
ধતટਝस
અଚଥগ
य
ਹਇ
ਏअ
ইঋर ਪਙਮউ
ਮ
मથઍ
ণअଳঋଆଡ. सਝ
कଥઅ ਏ
सইঋ
ਝఊ રଛઅ
গ
CipherCloud Platform• Encryption or tokenization at the
enterprise gateway• Near-zero latency• Integrated malware detection and
data loss prevention
age
ncie
s ar
e w
ant
to d
o, is
rem
aini
ng ti
ght
lippe
d ab
out
its e
ffort
s, bu
t co
nsid
erin
g th
e
far fl
ung
and
CIA
and
its co
ntro
l op
erati
ves
Real-Time Protection
© 2014 CipherCloud | All rights reserved. 16
Retain Your Keys
Key management plays an extremely important role in the world of data security/privacy - CNet
In a well-architected system, the cloud services provider does not have direct access to the keys.
If a legal request is made for access to the data, the enterprise must be involved.
© 2014 CipherCloud | All rights reserved. 17© 2014 CipherCloud | All rights reserved. 17
Customer Success Story – Top Three US Bank
Challenges and Opportunities• Develop a consumer self service loan
origination portal • Process millions of mortgage loans• Comply with Dodd-Frank and
consumer protection act• Protect structured and unstructured
information
Objectives• Encrypt consumer identities• Encrypt uploaded tax & income
statements• Scan for malware• Avoid large potential fines –
millions of dollars per day
Why CipherCloud• Cloud Encryption Gateway tailored
to Salesforce• Flexibility of technology to meet
business and use case requirements• Confidence in the ability to meet the
OCC timeframe for deployment
Implementation Highlights• Integration with IBM AS 400 iSeries via
Informatica• AES 256 encryption, malware detection• Real-time web services, custom
VisualForce pages / Apex/SSP SAML assertion
• Clustered high availability deployment with hot disaster recovery
Benefits• Drove 95% adoption rate• Process over 1.5M loans, 1.6M cases, 8M
activity tasks • Encrypting 2.5K files per hour• Established single point of contact
[SPOC] operating model
“It has been a pleasure working with you and we too are looking forward to a long and prosperous relationship. CipherCloud has the right product at the right time, and price”- Bank Senior Vice President
QUICK FACTS• Industry: Banking• Employees: 200,000+• CipherCloud® product:
CipherCloud for Salesforce
• Encrypts sensitive consumer information on-the-fly for over 100K customers per month
© 2014 CipherCloud | All rights reserved. 18© 2014 CipherCloud | All rights reserved. 18
Customer Success – Leading Credit Scoring Co.
Challenges and Opportunities• Managing risk of data leakage from
data cloud collaboration tools• Ability of end-users to share data to
anyone without safeguards• Concerns about data, residency, and
regulatory compliance and avoiding high-profile breaches
Objectives• Allow collaboration via Box, while
protecting against data breaches• Deploying a solution that is specifically
tailored for Box• Requires real-time and on-demand
scanning of any folders or files• Visibility and reporting on user activity
for compliance
Why CipherCloud• Seamless integration with Box • Integration with third-party enterprise
DLP systems• Leadership in emerging Cloud
Information Protection market
Implementation Highlights• CipherCloud for Box
• Real-time and on-demand scanning for Box Enterprise users
• Support for global workforce from any browser or device
Benefits• Preventing sensitive or regulated data
from leaking through Box
• Enhanced visibility into Box usage and violations for all corporate users
QUICK FACTS• Industry: Financial Services• Products: credit scoring, decision
management tools and applications• Application: data loss prevention for
files shared via Box Enterprise• CipherCloud® product:
CipherCloud for Box
© 2014 CipherCloud | All rights reserved. 19© 2014 CipherCloud | All rights reserved. 19
Customer Success – Leading Financial Services Company
Challenges and Opportunities• Migrating traditional on-premise
application development to cloud• Portfolio of over 4,000 applications on
custom platforms
Objectives• Migrating at least 300 applications
over first 5 years• Deploy robust security solution for
wide range of cloud applications• Ability to encrypt or tokenize sensitive
data on-the-fly• Assure compliance for custom
cloud-based applications
Why CipherCloud• Robust security platform validated by
major banks and third-parties• Deep integration with Force.com
platform• Single platform supporting multiple
clouds with range of security options• Market leadership and financial
viability
Implementation Highlights• Proof of concept, extensive testing,
code review, third-party validation led to Master Software License Agreement
• Received approvals for use from multiple groups: Enterprise Arch., Information Security, Cryptography Services, and Network Operation
Benefits• Enables securely moving hundreds of
applications to the cloud, dramatically reducing development costs
• Expected TCO for moving first 300 apps is $129M
QUICK FACTS• Headquarters: New York City• Industry: Financial Services• Products: investment banking,
brokerage, commodities• Employees: 60,000+• Assets: $800B+• CipherCloud® product:
CipherCloud for Force.com
© 2014 CipherCloud | All rights reserved. 20
Encrypt Sensitive
About CipherCloud
300 MillionRecords Protected
Company
2.6 + MillionLive Users
11 Industries
25 Countries
7 Languages
320+ Employees
Awards
Cool Vendor
Solutions
CRM & ERP
Collaboration
Custom Applications
CipherCloud for Any App
© 2014 CipherCloud | All rights reserved. 21
Thank You
For additional information :• Website: www.ciphercloud.com• Twitter: @ciphercloud• Email: [email protected]• LinkedIn: www.linkedin.com/company/ciphercloud • Phone: +1 855-5CIPHER
Geoff NobleRegional Director