Upload
netskope
View
387
Download
4
Tags:
Embed Size (px)
DESCRIPTION
The Ponemon Institute issued a first-of-its-kind report sponsored by Netskope that identifies a “cloud multiplier effect” on the probability of a data breach. IT and security professionals believe that increasing the use of cloud services in the enterprise will increase the likelihood of a $20M data breach by as much as 3x. In these slides and the accompanying on-demand video, Dr. Larry Ponemon and Netskope CEO Sanjay Beri for a look at the report findings and for advice on how enterprises can mitigate this multiplier and enable safe cloud usage.
Citation preview
DATA BREACH: MULTIPLIERTHE CLOUD
EFFECT
These slides are part of an on-demand webinar. To watch
the on-demand video with commentary, please visit:
http://www.netskope.com/webinars/data-breach-cloud-multiplier-effect/
3
Cloud App Explosion
4
Driven by individual and
line of business adoption
of cloud and mobile.
2011 2016
$21.2B
$92.8B
SaaS
Rev
enu
e
Forrester
5
There are 5,000 enterprise apps
today (and growing).
6
But this means sleepless nights for IT
But how bad is it?
7
Of respondents don’t think IT is vetting cloud
service security enough before deploying
8
69%
* Includes “unsure” responses
Do you think your cloud service provider would
notify you if they had a data breach?
9
72% of
respondents
said: “NO”
The invisible cloud is troubling to IT
10
The percentage of cloud
services respondents think
they know about22.5 =
Netskope data shows it’s
actually more like 10%
11
Actual:
461
IT estimate:
40-50
85% cloud apps aren’t enterprise-ready
Cloud procurementhappens outside of IT
App redundancy:
• 41 HR
• 27 storage
• 27 finance
Source: Netskope Data
The following are contributors to
the cloud multiplier effect
12
Cloud app
adoption
Mobile and
consumerization
Ease and speed
of data sharing
13
Increase use and
increase probability
If your organization had 100 cloud apps and added 25 more in a 12-month period, you would increase your probability (and expected economic impact) of a data breach by 75%
We looked at 2 data breach types
14
Loss or theft of 100,000 customer records
Theft of high-value information
Baseline cost of a data breach
15
$20.1M $11.8M
Survey respondents said…
11.8% 25.4%probability of this happening in current environment
The probability adjusted estimated
economic impact
11.8% of $20.1 =
$2.37M25.4% of $11.8 =
$2.99M
Effects of cloud on the probability of theft or
loss of 100,000 or more customer records
18
Use of cloud services
(SaaS)
Backup and storage of sensitive and/or
confidential information
Increase use of cloud by 50% in 12 months
19
Use of cloud services
(SaaS)
Backup and storage of sensitive and/or
confidential information
Increase use of cloud by 50% in 12 months
Effects of cloud on the probability of theft of
high-value information
20
124% increase in probability of a data breach
Increase BYOD access of cloud services
Invisible to IT
21
36% of business-critical apps are in the cloud. IT isn’t aware of nearly
half of them.
30% of business information resides in the cloud.
IT doesn't have visibility into more than one third of it.
22
Love doesn’t have to be blind
People love the cloud
23
MEASURE:Discover the cloud
apps running in your
enterprise
24
MEASURE:Discover the cloud
apps running in your
enterprise
• 3rd party tools like Netskope can analyze firewall logs (and others) for this information
• Resist the urge to immediately blacklist unsanctioned apps
25
User Location Device
Time
Activity
App
Content
Risk
w/Whom
ANALYZE:Understand the context of
usage at a deeper level
26
ACT:Take action based on risk,
usage criticality
27
ACT:Take action based on risk,
usage criticality
• Identify business-critical apps. Are they risky?
• If alternatives exist, consolidate users to low-risk apps
• If not, enforce usage and data policies to ensure protect data and ensure compliance
• Monitor key apps for usage and data anomalies, alert on known risky behaviors, and perform periodic forensic analysis
ACT:Take action based on risk, usage
criticality
ANALYZE:Understand the context of app usage at
a deeper level
MEASURE:Discover the cloud apps running in your
enterprise
Granular Context
ONLY NETSKOPE
Any App Any Device
• Cover sanctioned or unsanctioned apps
• API-level understanding
• Cover web-based or native mobile apps
• Covers remote access
• User
• Device, browser
• App risk score
• Time
• Location
• Content
• DLP profile
• Activity
• With whom (sharing)
In Real-time
30
The real face of shadow IT is you and me.
Ultimately, this is simply unmanaged risk.
Allow is the new block (allow is new block green
light slide)
31
SM