A Shift in the Data Security Paradigm

Slides:



Advertisements
Similar presentations
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. 1 BYOD: Security, Policy.
Advertisements

Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.
Internet of Things Security Architecture
© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Piilo Makes HR Easy for Businesses of Any Size, Thanks to the Convenience of Its Mobile App and the Power of the Microsoft Azure Cloud Platform MICROSOFT.
Effectively Explaining the Cloud to Your Colleagues.
Component 4: Introduction to Information and Computer Science Unit 10: Future of Computing Lecture 2 This material was developed by Oregon Health & Science.
BCS, The Chartered Institute for IT Mauritius 6 th November 2012.
BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.
TECHNOLOGY GUIDE THREE
Security considerations for mobile devices in GoRTT
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Access to Enterprise data from any device Grapevine Software Access to enterprise data from any device… University of Washington 2001 Business Plan Competition.
SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.
Where Cloud Storage Makes Sense For The Enterprise (And Where it Doesn’t) Andrew Reichman Senior Analyst Forrester Research January 22, 2009.
Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.
Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Total Enterprise Mobility Comprehensive Management and Security
Q K-12 Blueprint Overview. 2 The K-12 Blueprint offers resources for education leaders involved in planning and implementing personalized learning.
Security and resilience for Smart Hospitals Key findings
Chapter 1: Explore the Network
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.
Transforming business
VIRTUALIZATION & CLOUD COMPUTING
Axway MailGate Unifies “Safe-for-Work” Solutions to Keep Your Enterprise as Secure as Possible in the Azure Cloud and/or Any Hybrid Environment MICROSOFT.
Top 10 Strategic Technology Trends for 2013
Vidcoding Introduces Scalable Video and TV Encoding in the Cloud at an Affordable Price by Utilizing the Processing Power of Azure Batch MICROSOFT AZURE.
Challenges facing Enterprise Mobility
Enabling Business to Move to the Cloud with Confidence
Impact of IT Consumerisation on Enterprise Security
Wonderware Online Cost-Effective SaaS Solution Powered by the Microsoft Azure Cloud Platform Delivers Industrial Insights to Users and OEMs MICROSOFT AZURE.
Migrate SharePoint to the cloud the Microsoft IT way
Office 2007 End of Support.
YOUR DIGITAL TRANSFORMATION JOURNEY
Cloud Computing.
Multiprac Clinical Suite, an Application for Primary Health Network Care Planning and Integrated Health Records, Goes Live on Microsoft Azure MICROSOFT.
Data Protection & Security
Cloud Computing Team Members: Aleksandra Knezevic Willie Robbins
Built on the Powerful Microsoft Azure Platform, Lievestro Delivers Care Information, Capacity Management Solutions to Hospitals, Medical Field MICROSOFT.
Yocale, Built on Azure: Convenient Online Booking Keeps Appointment Books Filled and Eliminates Scheduling Hassles for Local Business Owners MICROSOFT.
Company Overview & Strategy
Running on the Powerful Microsoft Azure Platform,
+Vonus: An Intuitive, Cloud-Based Point-of-Sale Solution That’s Powered by Microsoft Office 365 with Tools to Increase Sales Using Social Media OFFICE.
Built on the Powerful Microsoft Azure Platform, iSwarm Helps Businesses Analyze Social Media Conversations, then Connect with Individuals MICROSOFT AZURE.
Big Red Cloud Offers a Simple Online Accounts Solution for Business Owners and Bookkeepers Hosted on the Powerful Microsoft Azure Platform MICROSOFT AZURE.
Auth0 Is Identity Made Simple for Developers, Built by Developers and Supported by the High Availability and Performance of Microsoft Azure MICROSOFT AZURE.
I-POWER JAPAN Gives Small Businesses the Ability to Get Their Work Done from Anywhere, Even a Construction Site, by Using Microsoft Azure MICROSOFT AZURE.
PowerHub on Microsoft Azure Enables Renewable Energy Professionals to Track and Manage Projects from a Centralized Platform Accessible Anywhere MICROSOFT.
CloudLabs, Powered by Azure, Enables the Quick, Easy, Cost-Effective Management, Distribution of Online Training Labs for Education and Business MICROSOFT.
Partner Logo Azure Provides a Secure, Scalable Platform for ScheduleMe, an App That Enables Easy Meeting Scheduling with People Outside of Your Company.
Datacastle RED Delivers a Proven, Enterprise-Class Endpoint Data Protection Solution that Is Scalable to Millions of Devices on the Microsoft Azure Platform.
Druva inSync: A 360° Endpoint and Cloud App Data Protection and Information Management Solution Powered by Azure for the Modern Mobile Workforce MICROSOFT.
Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.
BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.
Top 10 Strategic Technology Trends for 2013
Securing the Threats of Tomorrow, Today.
MICROSOFT AZURE ISV PROFILE: ONEBE
IS4680 Security Auditing for Compliance
Media365 Portal by Ctrl365 is Powered by Azure and Enables Easy and Seamless Dissemination of Video for Enhanced B2C and B2B Communication MICROSOFT AZURE.
BluSync by ParaBlu Offers Secure Enterprise File Collaboration and Synchronization Solution That Uses Azure Blob Storage to Enable Secure Sharing MICROSOFT.
System Center Marketing
Writing for Cloud Tools, Process, & D
Microsoft Virtual Academy
worlds largest IT service provider
Cloud Computing for Wireless Networks
Presentation transcript:

A Shift in the Data Security Paradigm CAUBO 2015 Dr. Lawrence Dobranski P.Eng. Director ICT Security, Access & Compliance Professional Affiliate, Department of Computer Science University of Saskatchewan www.usask.ca/ict

Information Systems @ uSask Open, de-perimeterised environment 16,000 mobile users connecting daily via a ubiquitous wireless network Most of them BYOD (Bring Your Own Device) Most services directly reachable by https:// Ubiquitous single sign on Includes: private cloud multiple data centers high performance research computing petabytes of storage multi-gigabit connections to the Internet and international research networks

Mobile & Cloud @ U of S ~2.4K Access Points -> seeing ‘Tragedy of the Commons’ Cloud Services include: Travel & Expense Management Student Employment Responsible Disclosure Survey Tools Crowd Funding iUsask Award winning university service app for mobile devices (Sept .2013)

Personal Mobile Devices and Cloud Computing represent significant technology & societal disruptors and the arrival of the ‘Post Enterprise World’. The Post Enterprise

Personal Mobile Devices Represented by the convergence of mobile computing: Laptop, netbook, palm top, tablet, phone -> “The endpoint” A matter of size and battery life Computing power no longer a limitation Data storage -> in the cloud Stakeholders have multiplied: Carriers (maybe more than one) 3rd party content (multimedia, software, services, …) Other relying parties (licensing parties too …) Employer (maybe more than one) School Personal

Cloud Computing Architectures: Service Oriented: Business Models: Software as a Service Platform as a Service Applications as a Service Security as a Service Business Models: Free I can mine your data Commercial If I can mine your data Corporate A cloud for the enterprise Personal Private Hybrid Community Public And yes: Malware as a Service Just “Who owns the computer?”

The number of stakeholders are multiplying; no longer just the employer and the employee. Carriers 3rd Parties Apps Environments

BYOD & Cloud – Represents a Multi-Dimensional Risk Challenge Not just a technology challenge, it is a business challenge. Risk involves: Confidentiality, Integrity, Availability of information & services Personally-identifiable information (aka Privacy) Business survivability (disaster recovery & business continuity) Multiple stakeholders (users, clients, 3rd parties, CxOs, …) Information is the asset – authorization is the key. Traditional IT approaches do not acknowledge: ‘de-perimeterisation’ or ‘context of use’

Banning BYOD or Cloud Services usually just forces them underground. Better to manage it rather than ban it Need to support controlled, secure access to information and services Wholesale adoption of BYOD and/or Cloud without risk management is just as bad. Know where your data is, and how it is being accessed.

Evolution to the mobile, social media, always-on society BYOD & Cloud – A disruptive technological, business, and sociological evolution Elimination of boundaries Traditionally used to define the enterprise and society Separate trusted and untrusted domains are no longer clear. Defense-in-depth going extinct evolving Context of use How, why, where, what, when regarding data and service access Evolution to the mobile, social media, always-on society

Now not just who is accessing the data, De-Perimeterisation Concept originally championed by The Open Group’s Jericho Forum® Traditionally, organizations relied upon boundaries and perimeters to provide security, different areas of trust. BYOD and Cloud Services mean that the boundaries of the organization have changed or do not exist. Now not just who is accessing the data, but where, how, and with what device.

BYOD and Cloud as a disruptive revolution are represented by the eradication of boundaries. De-Perimeterisation

Context of Use, aka Mobility A significant technology, business, and social driver by itself Users and Institutions want to be agile, to be accessible, and to support collaboration: No matter where they are No matter what device they are using Expanding to include however they are accessing data and services Focus on giving ubiquitous access to organizational data, networks, services, and applications, as well as personal data, networks, services, and applications To be agile, responsive, and value-providing, anywhere, at any time

Context of Use Context of Use Where Who What When Why How The context of the mobile device and the service provided must be reflected in the authorizations granted to the authenticated user. Information is the asset; authorization is the key.

Context of Use – No Longer Just Who Traditionally identity management only addresses ‘Who is accessing the data?’ We know who you are; we trust you. Now need to address: Who owns the servers? Who owns the applications? Who owns the data? (Are you sure?)

Context of Use – Now need to ask How is the data being accessed? Who is delivering the data and service? Where is it being accessed from? Location and device are critical. What expectations exist for the data’s confidentiality, integrity, and availability? Who owns and controls the data? Who owns and controls the devices? Is the security policy/security compliance adaptable? Whom do you trust?

Regulatory & Compliance in this New Model Most regulatory & compliance regimes: Built for a traditional defense-in-depth model Corporate owned, or at least corporate-controlled devices, on a corporate owned or managed network No acknowledgement Of BYOD or Cloud Based Services Multiple stakeholders Multiple jurisdictions Who owns the data? Who controls the data? Are you sure? Whose jurisdiction?

BYOD and Cloud Risks Loss of the network perimeter Loss of directive control and audit Physical location of servers Multi-tenancy Risks from Internet availability, capability, and accessibility Effective records management Jurisdiction Human Rights Data ownership Server ownership

Thank you! Lawrence Dobranski, DSc, MBA, MSc (Eng), P.Eng. lawrence.dobranski@usask.ca @ldobranski (306) 966-7177