© 2014 ciphercloud | all rights reserved. 1 the future of securing the cloud privacy laws to...

© 2014 CipherCloud | All rights reserved. 1© 2014 CipherCloud | All rights reserved.

The Future of Securing The CloudPrivacy Laws to Compliance - How to Get Ahead of the Pack

Geoff NobleRegional [email protected]

mailto:[email protected]

© 2014 CipherCloud | All rights reserved. 2

Traditional Security


Journey to Trust in the Cloud

ComplianceApplication of ControlsMapped to PolicyDataApplicationsIn the Cloud

© 2014 CipherCloud | All rights reserved. 4© 2014 CipherCloud | All rights reserved.

DISCOVER ● PROTECT ● MONITOR


Changing Attitudes about the Cloud

"Today, moving to the cloud is not a questionable proposition — it’s inevitable. ”

- Eric Schmidt

© 2014 CipherCloud | All rights reserved. 6© 2014 CipherCloud | All rights reserved. 6

The Benefits are Clear…

AgilityScalability

Smaller Infrastructure

Lower Cost Flexibility

Pay as You Go

Speed to Market

”Companies who have deployed cloud broadly are gaining competitive advantage” - IBM Study


But There are Challenges…

Disappearing network perimeter

Surveillance and forced disclosure

Increased regulatory compliance

Data sovereignty across borders

Existing tools not effective against new threats


ChileProtection of Personal Data Act

ArgentinaPersonal Data Protection Act,Information Confidentiality Law

South AfricaElectronic Communications and Transactions Act

AustraliaNational Privacy Principals, State Privacy Bills, Email Spam and Privacy Bills

New ZealandPrivacy Amendment Act

PhilippinesPropose Data Privacy Law

CanadaPIPEDA, FOIPPA, PIPA

US StatesBreach notification in 46 states

TaiwanComputer-Processed Personal Data Protection

Hong KongPersonal Data Privacy Ordinance

JapanPersonal Information Protection Act

South KoreaNetwork Utilization and Data Protection Act

European UnionEU Data Protection Directive,State Data Protection Laws

IndiaInformation Technology Act

United KingdomICO Privacy and Electronic Communications Regulations

Where Cloud Data Resides and What Laws Apply

USA FederalCALEA, CCRA, CIPA, COPPA, EFTA, FACTA, ECPA, FCRA, FISMA, FERPA, GLBA, HIPAA, HITECH, PPA, RFPA, Safe Harbor, US PATRIOT Act

BrazilArticle 5 of ConstitutionColombia

Data Privacy Law 1266

MexicoPersonal Data Protection Law

MoroccoData Protection Act Thailand

Official Information Act B.E. 2540

EuropePrivacy laws in 28 countries

SingaporePersonal & Financial Data Protection Acts

© 2013 CipherCloud | All rights reserved

IsraelProtection of Privacy Law (PPL)


Data Residency Issues

Data Export Restrictions• Many countries place restrictions on export of PII, PHI data

Host Nation Data Access Laws• Law enforcement can access confidential data, in some cases

with gag orders on hosting providers

The Nature of Location and Stored Data• Best practices for often leverage remote backups and

replication of data across multiple data centers and regions

Understand Data Encryption Options• Strong encryption technology is important but key management is crucial• Only by maintaining control of keys can enterprises assure control over disclosure


Impact of Privacy Amendment Act on Cloud Computing

Responsibility for Information Protection • “If offshore cloud compromises your data we'll sue you, not them” – Victorian Privacy Commissioner; May,

2012

APP 8: Cross-Border Disclosure of Personal Information• Overseas recipients of information must comply with APPs• Law enforcement can access confidential data, in some cases with gag orders on cloud providers (e.g, US

PATRIOT Act)

APP 11: Security of Personal Information• “Reasonable” steps must be taken to protect personal information• If overseas providers are not under APP’s purview breach data, the Australian entity is financially and

criminally liable

Expanding Powers of Regulators Like APRA & Privacy Commissioner• Ability to demonstrate prudent practices for information protection is key to avoiding investigation and

penalties


Major Australian Bank wants leverage the Cloud• Using SalesForce public banking applications• Includes private personnel data

Bank manages sensitive data acrossmultiple countries and regions

• Need to maintain centralized legal control

Salesforce uses global data centers• Cannot assure country-specific data location

Australian laws regulate data privacy• Privacy Amendment governs how businesses collect,

use and disclose personal information

Concerns over US Patriot Act & EU laws• Can force disclosure by host nations

without consent of informing data owners

Example of Conflicting Regulations


Every Enterprise Needs Visibility and Control

• What are your users doing in the cloud?

• Is sensitive information being exposed?

• Can you prevent unauthorized access to data?

• Can you keep your applications functional?

• Can you monitor ongoing activity?

• Can you detect anomalies?

DISCOVER

PROTECT

MONITOR


Protect Your Sensitive Data in the Cloud

Ground breaking security controls Protect sensitive information in real time, before it is sent to the cloud while preserving application usability.

Searchable Strong Encryption

Key Management Tokenization

Malware Detection Data Loss Prevention


Transparent to usersPreserves application functionality

Encryption keys never leave the enterprise

Encrypted data is indecipherable to unauthorized users

ससळঘ

ઑथগ

थଏఒ

ਅਮਏইঋ

ਏইঋਮદ

सਮ

ਅ

ঋ

यણ

ধતટਝस

અଚଥগ

य

ਹਇ

ਏअ

ইঋर ਪਙਮউ

ਮ

मથઍ

ণअଳঋଆଡ. सਝ

कଥઅ ਏ

सইঋ

ਝఊ રଛઅ

গ

CipherCloud Platform• Encryption or tokenization at the

enterprise gateway• Near-zero latency• Integrated malware detection and

data loss prevention

age

ncie

s ar

e w

ant

to d

o, is

rem

aini

ng ti

ght

lippe

d ab

out

its e

ffort

s, bu

t co

nsid

erin

g th

e

far fl

ung

and

CIA

and

its co

ntro

l op

erati

ves

Real-Time Protection


Retain Your Keys

Key management plays an extremely important role in the world of data security/privacy - CNet

In a well-architected system, the cloud services provider does not have direct access to the keys.

If a legal request is made for access to the data, the enterprise must be involved.


Customer Success Story – Top Three US Bank

Challenges and Opportunities• Develop a consumer self service loan

origination portal • Process millions of mortgage loans• Comply with Dodd-Frank and

consumer protection act• Protect structured and unstructured

information

Objectives• Encrypt consumer identities• Encrypt uploaded tax & income

statements• Scan for malware• Avoid large potential fines –

millions of dollars per day

Why CipherCloud• Cloud Encryption Gateway tailored

to Salesforce• Flexibility of technology to meet

business and use case requirements• Confidence in the ability to meet the

OCC timeframe for deployment

Implementation Highlights• Integration with IBM AS 400 iSeries via

Informatica• AES 256 encryption, malware detection• Real-time web services, custom

VisualForce pages / Apex/SSP SAML assertion

• Clustered high availability deployment with hot disaster recovery

Benefits• Drove 95% adoption rate• Process over 1.5M loans, 1.6M cases, 8M

activity tasks • Encrypting 2.5K files per hour• Established single point of contact

[SPOC] operating model

“It has been a pleasure working with you and we too are looking forward to a long and prosperous relationship. CipherCloud has the right product at the right time, and price”- Bank Senior Vice President

QUICK FACTS• Industry: Banking• Employees: 200,000+• CipherCloud® product:

CipherCloud for Salesforce

• Encrypts sensitive consumer information on-the-fly for over 100K customers per month


Customer Success – Leading Credit Scoring Co.

Challenges and Opportunities• Managing risk of data leakage from

data cloud collaboration tools• Ability of end-users to share data to

anyone without safeguards• Concerns about data, residency, and

regulatory compliance and avoiding high-profile breaches

Objectives• Allow collaboration via Box, while

protecting against data breaches• Deploying a solution that is specifically

tailored for Box• Requires real-time and on-demand

scanning of any folders or files• Visibility and reporting on user activity

for compliance

Why CipherCloud• Seamless integration with Box • Integration with third-party enterprise

DLP systems• Leadership in emerging Cloud

Information Protection market

Implementation Highlights• CipherCloud for Box

• Real-time and on-demand scanning for Box Enterprise users

• Support for global workforce from any browser or device

Benefits• Preventing sensitive or regulated data

from leaking through Box

• Enhanced visibility into Box usage and violations for all corporate users

QUICK FACTS• Industry: Financial Services• Products: credit scoring, decision

management tools and applications• Application: data loss prevention for

files shared via Box Enterprise• CipherCloud® product:

CipherCloud for Box


Customer Success – Leading Financial Services Company

Challenges and Opportunities• Migrating traditional on-premise

application development to cloud• Portfolio of over 4,000 applications on

custom platforms

Objectives• Migrating at least 300 applications

over first 5 years• Deploy robust security solution for

wide range of cloud applications• Ability to encrypt or tokenize sensitive

data on-the-fly• Assure compliance for custom

cloud-based applications

Why CipherCloud• Robust security platform validated by

major banks and third-parties• Deep integration with Force.com

platform• Single platform supporting multiple

clouds with range of security options• Market leadership and financial

viability

Implementation Highlights• Proof of concept, extensive testing,

code review, third-party validation led to Master Software License Agreement

• Received approvals for use from multiple groups: Enterprise Arch., Information Security, Cryptography Services, and Network Operation

Benefits• Enables securely moving hundreds of

applications to the cloud, dramatically reducing development costs

• Expected TCO for moving first 300 apps is $129M

QUICK FACTS• Headquarters: New York City• Industry: Financial Services• Products: investment banking,

brokerage, commodities• Employees: 60,000+• Assets: $800B+• CipherCloud® product:

CipherCloud for Force.com


Encrypt Sensitive

About CipherCloud

300 MillionRecords Protected

Company

2.6 + MillionLive Users

11 Industries

25 Countries

7 Languages

320+ Employees

Awards

Cool Vendor

Solutions

CRM & ERP

Collaboration

Email

Custom Applications

CipherCloud for Any App


Thank You

For additional information :• Website: www.ciphercloud.com• Twitter: @ciphercloud• Email: [email protected]• LinkedIn: www.linkedin.com/company/ciphercloud • Phone: +1 855-5CIPHER

Geoff NobleRegional Director

[email protected]

mailto:[email protected]

© 2014 ciphercloud | all rights reserved. 1 the future of securing the cloud privacy laws to...

Documents

cloud data

replication of data

confidential data

multiple data centers

state privacy bills

us patriot act brazilarticle

cloud computingresponsibilit

europeprivacy laws