CLOUD STORAGE & SECURITY:SOLVING COMPLIANCE CHALLENGES

MEET THE PANEL

Director, Information Systems and

Security, Jurinnov LLC

Eric Vanderburg Partner, DLA

Piper

Giulio Coraggio

Presenters

Director of Cloud & Data

Center Erasure

Solutions, Blancco

Technology Group

Fredrik Forslund

Moderator

WHAT WE’LL EXPLOREThe Realities & Pain Points of Storing Data in the Cloud

How, Where & When Cloud Security Could Be Compromised

Navigating Through Legal & Regulatory Compliance

What to Consider in Deploying the RightCloud Storage Strategy

Recommendations to Store, Manage & Protect Data in the Cloud

THE REALITIES & PAIN POINTS OF STORING DATA IN THE CLOUD

Source: SkyHigh Q4 2015 Cloud Report

15.8% OF FILES IN THE CLOUD CONTAIN SENSITIVE DATA

6

Source: SkyHigh Q4 2015 Cloud Report

SENSITIVE DATA

7.6%

2.3%

1.6% Protected Health Information

Payment Data Documents in File Sharing Services

Personally Identifiable Information

4.3%

MANAGING DATA IN THE CLOUD IS

COMPLICATED & TOUGH

7

Organizations that experienced breaches in the cloud cited malware as the top private cloud attack vector

Cloud Breaches

33%

Cite unauthorized access to data from other tenants as the most pressing concern with public cloud deployments

Unauthorized Access

40%

Store or process sensitive data in the cloud

Sensitive Data

40%

Do not currently have visibility into their public cloud providers’ operations

Lack of Visibility

33%

*Source: SANS Institute, ‘Orchestrating Security in the Cloud’ Paper, 2015

Webinar Audience Poll

Question: What type of cloud strategy does your business implement?

Responses: • Private• Public• Hybrid• I don’t know

Hybrid Cloud

More scalable than private

Requires some higher upfront costs

More control over data flows

Private Cloud

High degree of controlHigher upfront costsMore difficult to scale

Public Cloud

Highly scalablePay for what you useEasy to deploy and

manage

MANY CLOUD STRATEGIES TO CHOOSE

HOW, WHERE & WHEN CLOUD SECURITY COULD BE COMPROMISED

Webinar Audience Poll

Question: Has your company suffered a cloud data breach in the last 12 months?

Responses: • Yes• No• I don’t know

INTERNAL & EXTERNAL THREATS CAN’T BE IGNORED

Source: SkyHigh Q4 2015 Cloud Report

WHEN/WHERE IS DATA MOST AT RISK?

During Data Migration

During Data Use or Storage

Data End-of-Life Equipment End-of-Life

NAVIGATING THROUGH LEGAL & REGULATORY COMPLIANCE

15

ENTERPRISE BUSINESSES MUST GET ON BOARD

National Data Protection Law

EU Data Protection

Regulation 2015

Right to be Forgotten

ISO Standard 27001, 27040

etc.

Sarbanes-Oxley

HIPAA (Health Insurance Portabiltiy

and Accountability

)

Credit Card Industry PCI-

DSS

0102

03

04

ISO/IEC 27001: SETTING THE BAR HIGH FOR SECURITY STANDARDS

16

TOP MANAGEMEN

TMust implement

information security policy

themselves

RISK MANAGEMEN

TRelevant

security risks should be

addressed and mitigated

INTERNAL AUDITS

Must verify all security risks

have been addressed and

operational processes are

set

DATA REMOVAL

Sensitive data and licensed

software must be securely

removed prior to disposal or

reuse

ISO 27018: PROTECTION OF PRIVACY &

PERSONAL DATA IN THE CLOUD

17

Home PCPush SyncBack Up All

Files

Work Laptop

Push SyncWork Files

Notebook

Smart Sync

Select Files

TabletSync LocalStream the

Rest

Smartphone

Sync a FewStream the

Rest

!My

Documents

My Photos

My Music

My Work Files

Special Project

Webinar Audience Poll

Question: How Prepared Is Your Organization for GDPR?

Responses: • Fully Prepared • Somewhat Prepared • Early Preparation Stages • Unprepared• Don’t Know

Source: ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016

Somewhat Prepared; Still

Need to Find Right Data Removal

Software

Fully Prepared (Established

Processes, Policies & Technology)

Unprepared; Don’t Know

How or Where to Start

Don’t Know

On Right Track (Currently Researching

& Developing Processes/Policies

WHAT CHANGES WITH THE GENERAL DATA

PROTECTION REGULATION?

20

New Sanctions for Violations & Breaches New Liabilities for Cloud Providers

New Obligations/ Protections

Environmental Protection

Physical Protection

Network Protection

Hardware Protection

Breach Notification

Secure Communications

Computing Security

DATA PROTECTION REGULATION CONSIDERATIONS

Right to be Forgotten

WHAT TO CONSIDER IN DEPLOYING THE RIGHT CLOUD STORAGE STRATEGY

CAPACITY PLANNING• Pre-allocate = Low ROI with

unused space• Grow as you need =

Inconsistent IT spending and potentials for compromise

BACKUP AND RECOVERY• Archiving costs (equipment and

time)• Offsite storage or offsite location• Testing and validation

PRIVATE CLOUD STORAGE HURDLES

DIRECT CAPITAL

EXPENDITURE

MAINTAINENCE AND SUPPORT

ADEQUATE DUE DILIGENCE ON CLOUD PROVIDER AND CONTRACT NEGOTIATION

25

DATA MANAGEMENT CONSIDERATIONS

Specialized Skills

Sets Required

Data Analytics

Data Inventory

Future Scalability

into Hybrid Cloud

Cloud Software

Customization

RECOMMENDATIONS TO STORE, MANAGE & PROTECT DATA IN THE CLOUD

27

Know Your Vendors

Evaluate Cost Benefits

Implement Industry Standards

Prepare for Future (Scalability, Technology, Security)

Establish a Way to Measure ROI

THINGS TO REMEMBER WHEN STORING, MANAGING &

PROTECTING DATA IN THE CLOUD

DATA LIFECYCLE IN THE CLOUD

3. Data Use/Storage

5. Data End-Of-Life

1. Data Creation& Classification

6. Decommissioning of Device/Server

4. Data at Rest

2. Data Migration

Q&A

CONTENT YOU MAY FIND USEFUL:“Cloud & Data Center Erasure: Why Delete Doesn’t Suffice”:

http://www2.blancco.com/en/white-paper/cloud-and-data-center-erasure-why-delete-doesnt-suffice

“The Information End Game: What You Need to Know to Protect Corporate Data Throughout its Lifecycle”: http://www2.blancco.com/en/white-paper/the-information-end-game-what-you-need-to-know-to-protect-corporate-data

“Data Storage Dilemmas & Solutions”:

http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions

“EU GDPR: A Corporate Dilemma”: http://www2.blancco.com/EU-GDPR-Corporate-Dilemma-Research-Study

Blancco Technology Group is a leading, global provider of mobile device diagnostics and secure data erasure solutions. We help our clients’ customers test, diagnose, repair and repurpose IT devices with the most proven and certified software. Our clientele consists of equipment manufacturers, mobile network operators, retailers, financial institutions, healthcare providers and government organizations worldwide. The company is headquartered in Alpharetta, GA, United States, with a distributed workforce and customer base across the globe.

DLA Piper is a global law firm with lawyers in the Americas, Asia Pacific, Europe, Africa and the Middle East, positioning us to help companies with their legal needs around the world. We strive to be the leading global business law firm by delivering quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake.Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries. We also advise governments and public sector bodies.

JURINNOV works with IT and legal departments in a wide variety of industries and sectors. We become a link, an extension of both departments. We help them adopt the most current standards and tools. We help companies better manage and track electronic information, uncover evidence, plan for data recovery, and relax a little bit like in the good old days when everything was filed neatly in its place.

ABOUT US