Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chris Ince ISO Lead Auditor Security Risk Management Ltd

Published byWesley O’Neal’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Chris Ince ISO Lead Auditor Security Risk Management Ltd"— Presentation transcript:

1 Chris Ince ISO 27001 Lead Auditor Security Risk Management Ltd
Risk and the Growth of Shadow IT Chris Ince ISO Lead Auditor Security Risk Management Ltd

2 What is Shadow IT? “Shadow IT is IT activity that occurs outside of IT. Shadow IT is growing in many organisations driven by consumerized technology, mobility, the availability of cloud solutions …..” Gartner

3 Shadow IT is not new and it’s not all about the cloud

4 There are those that use Shadow IT… and those that don’t know they use Shadow IT

5 What is Shadow IT? User maintained software Webmail Social Media
Employee owned hardware Non-approved apps

6 How and why Shadow IT exists.
IT Management Traditionally Want Control of all IT assets and information. Protect Organisation Data Reduce Business Risk End Users Want Flexible Solution Faster Delivery Greater Freedom

7 What are the Risks? SAM compliance Governance and standards
Lack of testing and change control Configuration management

8 Some examples Information for sale Price to access information $1
Source relatelist.com

9 Educate users about the business risks?
Have you engaged with the business and understood their needs? Information Governance requirements Security requirements Legal Requirements Industry requirements Do they understand the how to use the cloud safely? Do they understand potential risk to themselves?

10 I’m sure we don’t have that Shadow IT stuff!
Have you looked? Do you even know how to look? Have you reviewed bills with procurement or finance? Have you made use of a network scanning and detection tool? Shadow or Cloud Discover Tool Have you checked your firewall or proxy reports?

11 Have you looked? Cloud Security Alliance - Cloud_Adoption_Practices_Priorities_Survey_Final.pdf

12 You’ve looked and now know
Skyhigh Networks Cloud Adoption Risk Report Q4 2015

13 But what are they being used for?
Skyhigh Networks Cloud Adoption Risk Report Q4 2015

14 Top 20 Corporate Applications
Skyhigh Networks Cloud Adoption Risk Report Q4 2015

15 Top 20 Consumer Applications
Skyhigh Networks Cloud Adoption Risk Report Q4 2015

16 Getting the choice right
Support 2FA Encrypt Data at rest Encrypt Data with customer managed keys Specify customer owns data uploaded Delete data immediately on account deletion Commit to not share data with 3rd parties Hold data in an EU Data centre Service Isolation

17 Keeping updated on what can be used
Understand Market Functionality Contracts Compliance Tools to Help

18 Regulations, Directives and Compliance
EU Cyber Security Directive (Early 2018) EU General Data Protection Regulation (Early 2018) EU-US Privacy Shield (June 2016) PCI-DSS All come with a cost if you get them wrong.

19 Useful sources of information
BIS and PwC Information Security Breaches Survey Skyhigh Cloud Adoption Risk Report Q Bluecoat Elastica Shadow Data Report Verison PCI compliance Report Verison Data Breach report Cloud Security Alliance PCI-SCC

20 Chris Ince ISO 27001 Lead Auditor Security Risk Management Ltd
Thank You Any Questions? Chris Ince ISO Lead Auditor Security Risk Management Ltd

Download ppt "Chris Ince ISO Lead Auditor Security Risk Management Ltd"

Similar presentations

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.

The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Agile insurance carrier - What the carrier has to look like? Glenn Lottering Senior Director, EMEA Insurance Product Strategy and Sales Consulting.

Agile insurance carrier - What the carrier has to look like? Glenn Lottering Senior Director, EMEA Insurance Product Strategy and Sales Consulting.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.

Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.

Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011.

Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.

IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.

Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Head in the Clouds, feet on the ground David Massey Chief Technology Officer.

Head in the Clouds, feet on the ground David Massey Chief Technology Officer.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
Total Enterprise Mobility Comprehensive Management and Security www.maas360.com.

Total Enterprise Mobility Comprehensive Management and Security
Dell Software Unified Communications Command Suite (UCCS) Provides Flexible, Cross-Platform Management, Reporting and Data Diagnostics MICROSOFT AZURE.

Dell Software Unified Communications Command Suite (UCCS) Provides Flexible, Cross-Platform Management, Reporting and Data Diagnostics MICROSOFT AZURE.
Planning Engagement Kickoff

Planning Engagement Kickoff

Similar presentations

Ads by Google