the razor's edge: enabling cloud while mitigating the risk of a cloud data breach
DESCRIPTION
Shadow IT. It's not a new term and certainly not a new challenge. But with only blunt-force solutions like saying "no" or blocking cloud services at the firewall, IT has not been able to do much to address the challenge. This is all changing. Business and IT leaders alike see real value in cloud services and want to take a lean-forward approach to enabling them. The reality, though, is that cloud services are not without their risks, and the risk of a data breach increases when the cloud is involved. Hear from Netskope about the risks, economic impact, and multiplier effect of a cloud data breach, and how forward-looking organizations are walking the razor’s edge to mitigate these risks while enabling the cloud.TRANSCRIPT
The Razor’s Edge: Enabling
cloud while mitigating the risk
of a cloud data breach
Cloud App Explosion
2
Driven by individual and
line of business adoption
of cloud and mobile.
2011 2016
$21.2B
$92.8B
SaaS
Rev
enu
e
Forrester
3
There are 5,000 enterprise apps
today (and growing).
People love their cloud apps, and for good reason
Anywhere Access CollaborationProductivity
4
5
But this means sleepless nights for IT
But how bad is it?
6
The following are contributors to
the cloud multiplier effect
7
Cloud app
adoption
Mobile and
consumerization
Ease and speed
of data sharing
8
Increase use and
increase probability
If your organization had 100 cloud apps and added 25 more in a 12-month period, you would increase your probability (and expected economic impact) of a data breach by 75%
We looked at 2 data breach types
9
Loss or theft of 100,000 customer records
Theft of high-value information
Baseline cost of a data breach
10
$20.1M $11.8M
Survey respondents said…
11.8% 25.4%
probability of this happening in current environment
The probability adjusted estimated
economic impact
11.8% of $20.1 =
$2.37M25.4% of $11.8 =
$2.99M
Effects of cloud on the probability of theft or
loss of 100,000 or more customer records
13
Use of cloud services
(SaaS)
Backup and storage of sensitive and/or
confidential information
Increase use of cloud by 50% in 12 months
14
Use of cloud services
(SaaS)
Backup and storage of sensitive and/or
confidential information
Increase use of cloud by 50% in 12 months
Effects of cloud on the probability of theft of
high-value information
15
124% increase in probability of a data breach
Increase BYOD access of cloud services
Invisible to IT
16
36% of business-critical apps are in the cloud. IT isn’t aware of nearly
half of them.
30% of business information resides in the cloud.
IT doesn't have visibility into more than one third of it.
People love their cloud apps, and for good reason
17
Love doesn’t have to be blind
18
MEASURE:Discover the cloud
apps running in your
enterprise
19
MEASURE:Discover the cloud
apps running in your
enterprise
• 3rd party tools like Netskope can analyze firewall logs (and others) for this information
• Resist the urge to immediately blacklist unsanctioned apps
20
User Location Device
Time
Activity
App
Content
Risk
w/Whom
ANALYZE:Understand the context of
usage at a deeper level
21
User Location Device
Time
Activity
App
Content
Risk
w/Whom
22
ACT:Plot a course of action based
on risk, usage criticality
23
ACT:Plot a course of action based
on risk, usage criticality
• Use an objective criteria for assessing app. The Cloud Controls Matrix from CSA is good start, and vendors have taken this to a whole new level.
• After risk, look at usage, including the nature of the content. This will help triage policy enforcement next steps, especially when hundreds of apps are in play.
• Risky usage can be more important than app risk.
ACT:Plot a course of action based on risk,
usage criticality
ANALYZE:Understand the context of app usage at
a deeper level
MEASURE:Discover the cloud apps running in your
enterprise
25
The real face of shadow IT is you and me.
Ultimately, this is simply unmanaged risk.
Allow is the new block (allow is new block green
light slide)
26
SM