Making the Cloud Rock: 5 Strategies from a Leading CISO

Post on 09-Jul-2015

87 views 2 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Recently featured as a “Chief Enablement Officer” by SC Magazine, Arthur Lessard, CISO of Universal Music Group, makes cloud a strategic advantage for UMG while solving some of today’s most complex security challenges. Arthur, along with Sanjay Beri, CEO of Netskope, Ben Haines, CIO of Box, and David Baker, CSO of Okta, discussed in a webinar the top 5 strategies leading IT and security professionals rely on to safely adopt – and get the most out of – cloud technologies. View the slides and the on-demand video to learn to: - Map cloud services to business objectives - Discover and triage Shadow IT - Choose and standardize on your existing cloud applications - Make your business stakeholders security champions

transcript

2

3

Five things you can do

right now

4

1. KNOW WHAT YOU’RE

DEALING WITH

Perform periodic security reviews

5

Your Risk Rating

HIGH

Number of Apps

Discovered

461

Number of Users

Discovered

8,062

% Apps Rated

“Medium” or Below

85%

% Usage in “Med” or

Below Apps

79%

% Data Uploaded to

“Med” or Below Apps

69%

% of High

Risk Users

53%

% Usage in Apps

Blocked at Perim.

78%

Number of High

Risk Apps

288

(Sample data set)

6

URL URL URL

URL

URL

App

URL

URL

URL

2. Understand your

business and strategy

7

8

Understand use cases: what the business is doing and WHY

9

Best practice

• User-First vs. Tech-First

• Productivity vs. Cost Efficiency

• Easy to Share vs. Locked Down

• Open Standards vs. Proprietary

• IT Enables vs. IT Dictates

10

We take possession of it… we’re

responsible for it.

11

Accounting for

“Home from Work”

12

3. Quantify and advise on

the business risk

1st Party Cloud Services

LDAP

Sign In

Username

Password

3rd Party Cloud Apps

3rd Party On-Premises Apps

Authentication / Authorization

SAM

L-En

able

3rd Party Identity Stores

Enterprise Identity Providers

HOSTED/CLOUD SERVICE

User Management

MANAGEDAPP INTEGRATIONS (SPs)

FLEXIBILEAUTHENTICATION METHODS

Organization Management

3rd Party Identity Sources

Individuals

Social ID / OpenID

1st Party Apps

Enterprise /VPC

How can Security weigh-in with real risks?

EVERYTHING AS A SERVICE

14

Best practice

• Allow download from cloud storage with basic security

• Only allow upload/share from sanctioned app(s)

15

4. Take the heat out

of the discussion

16

Have a line of

business partner.

For

UMG,

it’s the

CFO

17

5. Systematically

measure and share

18

• Know where the content is sitting and who’s accessing

• Great access hygiene

• Forensics and logging data

• Clear definition of good and bad behavior

• Reporting

• Clear escalation process

19

The stage is set

1. Know what you’re dealing with

2. Lean forward into your business strategy

3. Quantify and advise on the business risk

4. Take the heat out of the discussion

5. Systematically measure and share

Thank You

20

Top related

3rd Annual CISO Round Table
Documents
Office of the CISO
Documents
The CISO Guide – How Do You Spell CISO?
Business
CISO Board Briefing 2017 - Black Swan Technologies€¦ · CISO BOARD BRIEFING 2017: INSIGHTS FROM THE 2016 CISO FORUMS Introduction A chief information security officer (CISO) has
Documents
C|CISO Candidate Handbook v5
Documents
The CISO Survival Guide
Documents
122 CISO Compass - securityweekly.com
Documents
Delivering CISO Vision and Strategy - Optivfiles.accuvant.com/web/file/ddf1e7ff005a4c979d46540817ab3880/CISO... · Delivering CISO Vision and Strategy SERVICE DATA SHEET CISO Services
Documents
What Makes a Good CISO
Technology
CISO JFO Funding Manual
Documents
SHIRE OF BRUCE ROCK WORKS CREW LEADING HAND
Documents
Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO)
Documents
October CISO Hotsheet - nebula.wsimg.com
Documents
CISO - Mobile Applications
Documents
#%! My CISO Says
Technology
CISO 90 Day Plan - OWASP
Documents
Cio ciso security_strategyv1.1
Documents
Role(s) of the CISO
Documents
CISO Softskills Handbook
Documents
Robert Garigue CISO Briefing.ppt
Documents

Copyright © 2018 DOCUMENTS