Beruflich Dokumente
Kultur Dokumente
2016
Ariel Evans, EVP
Senior Cyber SecurityHow
and will
RiskDigital
Analyst
Transformation transform all of us
ariel@stki.info
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
About Me
CISO Telco US
7 years of security experience
Compliance Expert
Primary Author of the PCI e-commerce guideline
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Cyber
Security
What is Cyber
Security?
Cloud Security
What are the similarities and
differences between cloud
security and cyber?
Getting to the
Cloud
What are the
requirements to get to
the cloud?
Cloud
Security
Components
Service Provider
Responsibilities vs.
Customer
Responsibilities
Risk
Management
Cloud Security
Technologies
Measuring effectiveness
of security in the context
of the EU data directive
CASBs
Risk Management Tools
Data Classification
Tools
.
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
What
is Cloud
Cyber
Security
What
is Cyber
Security
Data Center
Network
Relationship
Data Storage
between
Protect Confidentiality, Integrity & Accessibility
Hypervisors
CSP
Stopping or Limiting Damage from Unauthorized Access
and
Processing & Memory
Applies to the Entire Lifecycle of data
Customer
Any time data is stored, transmitted or processed
Data
GUIs
Holistic Approach
APIs
Virtual
Machines
Programming Languages
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Cloud Security
Relationship between customer and cloud service provider
Defined by the components of the solution
Evolving
Most CSPs will now provide
Logs
Penetration tests for Hypervisior
Data Center Inspections
Limited Service Agreements
Private
Cloud
Army, Banks,
Government,
Utility
Cloud curious
checking the
technology
Government
Finance
Telecom
Operators
Health
Cloud adopters
Cloud focus
running 2-5
application in cloud
most application
in the cloud
Telecom
Vendor
Industry
services
High-Tech
Startups
SMB
Utilities
7
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
8
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
10
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Classifying Data
Old Way - Manual
Thousands of man hours
Most projects fail
Business Owner Dependent
Costly to maintain
Constantly changing
15
11
EU Data Directive
https://practice-project.eu/downloads/publications/D31.1-Risk-assessment-legal-statusPU-M12.pdf
This deliverable reports on the current legal framework regulating the
storage and processing the data on the cloud and introduces a risk
assessment methodology to analyze the business risks associated with
outsourcing data.
AUTOMATING CYBER RISK AND CLOUD RISK
15
12
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Compliance Regulation
PCI DSS
Objective 1.1.3
Objective 1.3
Objective 1.3.3-5
Objective 1.3.7
SOC 3.2, 3.5, 3.8
EU Data Directive
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Risk
13
13
Likelihood
Risk Management
1 Insignificant
2 Minor
No fines or additional
costs
3 Moderate
4 Major
5 Catastrophic
Company unable to stay
active
A-
Medium (M)
High (H)
High (H)
B-
Medium (M)
Medium (M)
High (H)
High (H)
C-
Low (L)
Medium (M)
High (H)
High (H)
High (H)
D-
Low (L)
Low (L)
Medium (M)
Medium (M)
High (H)
E-
Low (L)
Low (L)
Medium (M)
Medium (M)
High (H)
14
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
14
Risk Dashboards
Real Time Risk
Risk linked to business assets
Mitigation
Task Management
Drill into risk
See risk effectiveness across
Divisions
Systems
Assets
15
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
CASB
16
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
Sanctioned
IT
Cloud
DLP
User
Behavior
Analytics
Off-Network
(Cloud-to-Cloud)
ShadowIT
On-Network
ShadowIT
Apps
Firewall
17
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
18
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
18
Discussion Items
What is the definition of core data?
What products will help you to show how this data is in the cloud?
What level of Encryption will be accepted for the cloud?
What products can help you who compliance here?
What new technologies will help demonstrate risk management is
effective for the cloud and provide EU data directive complaince?
What benefits will CASBs provide the Israeli Market?
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph
15
19
Thats it.
Thank you!
20
STKIs work Copyright@2016. Do not remove source or attribution from any slide, graph or portion of graph