Chris Ince ISO Lead Auditor Security Risk Management Ltd

Slides:

Advertisements

Similar presentations

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Advertisements

The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Agile insurance carrier - What the carrier has to look like? Glenn Lottering Senior Director, EMEA Insurance Product Strategy and Sales Consulting.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.

Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.

Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

Head in the Clouds, feet on the ground David Massey Chief Technology Officer.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

Total Enterprise Mobility Comprehensive Management and Security

Dell Software Unified Communications Command Suite (UCCS) Provides Flexible, Cross-Platform Management, Reporting and Data Diagnostics MICROSOFT AZURE.

Planning Engagement Kickoff

SDN & NFV Driving Additional Value into Managed Services.

Protecting Data, Sharing Information Graham Wakerley: Director

Law Firm Data Security: What In-house Counsel Need to Know

Performing Risk Analysis and Testing: Outsource or In-house

Distributed Asset Management Making The Business Case

Payment card industry data security standards

Cybersecurity - What’s Next? June 2017

[Internal Use] for Check Point employees

Comprehensive Security and Compliance at an Affordable Price.

VIRTUALIZATION & CLOUD COMPUTING

Security of In-Vehicle Software

Cloud Security IS Application-Centric Security

Trial.iO Makes it Easy to Provision Software Trials, Demos and Training Environments in the Azure Cloud in One Click, Without Any IT Involvement MICROSOFT.

Active Cyber Security, OnDemand

Rachel Johanson Ivy Yu Thomas Fox

Cloud Service Procurement: Engaging the CISO for a Risk Assessment

Impact of IT Consumerisation on Enterprise Security

Organization Schola Europaea, Office of the Secretary-General of the

Current ‘Hot Topics’ in Information Security Governance Auditing

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.

General Data Protection Regulation

Information Security based on International Standard ISO 27001

Cyber Insurance: An Update on the Market’s Hottest Product

Present By:- Company Name: Global Market Forecastes Tel: / Web:

2018 Real Cisco Dumps IT-Dumps

Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

Cloud Security An IaaS Story 2018 © Netskope. All rights reserved.

Cloud Access Security Broker Lets Enterprises Enforce Security and Compliance in Office 365 Partner Logo “Skyhigh helps us securely enable high-impact.

Strong Security for Your Weak Link:

General Counsel and Chief Privacy Officer

11/28/2018 5:35 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Network Security Best Practices

Securing the Threats of Tomorrow, Today.

Dealing with your GDPR Challenges

Microsoft Azure, RightsWATCH Help Users Keep Sensitive Information Safe from Security Breaches Resulting from Accidental or Malicious Disclosure MICROSOFT.

Using the Cloud App Marketplace Monitoring cloud app migrations

IBM Global Technology Services

Battle Card: Why Cloud Partner go do’s

How to address security, cost, IT and migration concerns

The People Ready Vision for Business in the Enterprise

Privacy and Cyber Security for Payroll Pros: A Global Perspective

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

Lecture 15: Cybersecurity management

2019 Thales Global Cloud Security Study

Software Defined Perimeter Market Research Report By Forecast to 2023 Industry Survey, Growth, Competitive Landscape and Forecasts to 2023 PREPARED BY.

Cloud Computing for Wireless Networks

Presentation transcript:

Chris Ince ISO 27001 Lead Auditor Security Risk Management Ltd Risk and the Growth of Shadow IT Chris Ince ISO 27001 Lead Auditor Security Risk Management Ltd

What is Shadow IT? “Shadow IT is IT activity that occurs outside of IT. Shadow IT is growing in many organisations driven by consumerized technology, mobility, the availability of cloud solutions …..” Gartner

Shadow IT is not new and it’s not all about the cloud

There are those that use Shadow IT… and those that don’t know they use Shadow IT

What is Shadow IT? User maintained software Webmail Social Media Employee owned hardware Non-approved apps

How and why Shadow IT exists. IT Management Traditionally Want Control of all IT assets and information. Protect Organisation Data Reduce Business Risk End Users Want Flexible Solution Faster Delivery Greater Freedom

What are the Risks? SAM compliance Governance and standards Lack of testing and change control Configuration management

Some examples Information for sale Price to access information $1 Source relatelist.com

Educate users about the business risks? Have you engaged with the business and understood their needs? Information Governance requirements Security requirements Legal Requirements Industry requirements Do they understand the how to use the cloud safely? Do they understand potential risk to themselves?

I’m sure we don’t have that Shadow IT stuff! Have you looked? Do you even know how to look? Have you reviewed bills with procurement or finance? Have you made use of a network scanning and detection tool? Shadow or Cloud Discover Tool Have you checked your firewall or proxy reports?

Have you looked? Cloud Security Alliance - Cloud_Adoption_Practices_Priorities_Survey_Final.pdf

You’ve looked and now know Skyhigh Networks Cloud Adoption Risk Report Q4 2015

But what are they being used for? Skyhigh Networks Cloud Adoption Risk Report Q4 2015

Top 20 Corporate Applications Skyhigh Networks Cloud Adoption Risk Report Q4 2015

Top 20 Consumer Applications Skyhigh Networks Cloud Adoption Risk Report Q4 2015

Getting the choice right Support 2FA Encrypt Data at rest Encrypt Data with customer managed keys Specify customer owns data uploaded Delete data immediately on account deletion Commit to not share data with 3rd parties Hold data in an EU Data centre Service Isolation

Keeping updated on what can be used Understand Market Functionality Contracts Compliance Tools to Help

Regulations, Directives and Compliance EU Cyber Security Directive (Early 2018) EU General Data Protection Regulation (Early 2018) EU-US Privacy Shield (June 2016) PCI-DSS All come with a cost if you get them wrong.

Useful sources of information BIS and PwC Information Security Breaches Survey Skyhigh Cloud Adoption Risk Report Q4 2015 Bluecoat Elastica Shadow Data Report Verison PCI compliance Report Verison Data Breach report Cloud Security Alliance PCI-SCC

Chris Ince ISO 27001 Lead Auditor Security Risk Management Ltd Thank You Any Questions? Chris Ince ISO 27001 Lead Auditor Security Risk Management Ltd