What You Need to Know About CLOUD INFORMATION PROTECTION SOLUTIONS

(1)

CLOUD

INFORMATION

PROTECTION

SOLUTIONS

What You Need

to Know About

(2)

Cloud Adoption Drivers

Key Capabilities and Technologies

Usability and User Experience

Security Technology

Architecture Platform

Market Leadership

Report Card

Conclusion

3

4

5

6

7

8

10

CPS-CC-130806

(3)

Cloud Adoption Drivers

Businesses and other organizations

are increasingly moving to the cloud.

Gartner reports that the total market for public cloud services is expected to grow to $210 billion by 2016 and that SaaS, PaaS, and IaaS will achieve compound annual growth rates (CAGR) of 19.5, 27.7, and 41.3 percent respectively, through 2016.

As the cloud has become mainstream, the debate about cloud adoption has shifted from “if” to “how.” It’s the “cloud way” or the “highway” because:

◊The higher return on investment (ROI) and lower total cost of ownership (TOC) of cloud applications have been well documented

◊ Business units are deploying applications – often without IT support

◊ IT must play an enablement role in order to say relevant and in control.

According to Knowledge at Wharton, 85 percent of IT professionals believe cloud computing will transform their business.

Key considerations

However, moving business infrastructure to the cloud goes beyond financial and resource implications. Common questions and points to consider include:

◊ Regulations around information privacy and

security are being adopted globally with increased penalties, and disclosure requirements for breaches.

◊ Law enforcement in many countries can increasingly

compel disclosure of cloud-based information from service providers, often without consent or notification of the data owner.

◊ The cloud doesn’t recognize national boundaries, and best practices often call for distributing information across data centers, regions, and countries for redundancy and accessibility. As data crosses borders complying with privacy and data residency laws in multiple countries becomes extremely complex.

◊ Most cloud providers take reasonable steps to secure their infrastructure and applications, but do not take legal responsibility for the security of your information. At the same time, regulations are becoming increasingly explicit that the organization is legally responsible for protecting their sensitive data, regardless of where it resides in the cloud. This convergence of opportunities and challenges requires a new approach to cloud information protection. Organizations must assure their sensitive data is protected before it goes to the cloud, and cannot be accessed or leaked by third-parties.

It’s the “cloud way” or

the “highway.”

(4)

Usability and

User Experience

No security solution will be effective if it breaks the application or makes it impractical to use. In order to safely leverage the advantages of the cloud, you need solutions that:

◊ Preserve the formats of various structured data elements such as email, phone, date and numbers and unstructured data like comments

◊ Enable advanced search, sort, and reporting of data while it is secured in the cloud

◊ Deliver negligible performance latency to accessing and

manipulating data in the cloud

Above all, the user

experience needs to be

seamless and transparent

for authorized users—

otherwise users will stop

using the application or

find a way around the

information protection.

(5)

By leveraging new cloud security

technology, organizations can

resolve the conflicting interests of

retaining control over their sensitive

information, while enabling the

business to realize the many benefits

of the cloud.

Finding effective and practical tools to protect the sensitive information assuring that:

◊ Any cloud application can be secured

◊ No unauthorized outsiders can ever access, leak or disclose data

◊ Exclusive access to the keys to encrypt and decrypt the data

◊ Encryption and tokenization controls can be made a on a field by field basis

◊ Option to integrate with best of breed enterprise tools for Single Sign On and Data Loss Prevention

◊ Maximum visibility into user activities

“...You have to make

security encryption

easy to use...you have

to integrate it with

applications to be a

seamless part of the

user experience...it

cannot interfere with

productivity, because if it

does users will ignore it

or route around it,

or they’ll hate

the application”

—Marc Andreessen

Andreessen Horowitz

(6)

Cloud Protection solutions must be

architected to support enhanced

security capabilities and extensible

enough to integrate with

customer-centric use cases and business logic

workflow now and into the future.

Before you can protect sensitive corporate

information in the cloud you first need to ensure that:

◊ A single platform can be used to secure multiple cloud applications, each with its unique set of policies and encryption keys

◊ The platform architecture is globally distributed and redundant and can be supported out-of-the-box to minimize downtime and performance overhead

◊ Options are available to avoid storing any sensitive data in mission critical databases on-premise

◊ Protection abilities can be extended to any SaaS,

PaaS or IaaS solution

(7)

Thus far, we have mostly discussed features

and benefits to help evaluate which

cloud-computing models, architectures,

technologies and best practices to adopt to

implement secure cloud computing services.

The following considerations are equally important:

◊ The vendor has a solid history of live customer successes and deployments.

◊ The vendor has several reference-able successful customers in your industry.

◊ It is easy to locate positive media and industry

recognition (awards, press and analyst coverage) regarding the vendor’s solution.

◊ The company is financially healthy and growing faster than the rest of the industry.

Market Leadership

How easy is

it to locate

positive

media and

industry

recognition?

(8)

The solution preserves application capabilities including user search, sorting, and reporting

Preserves advanced reporting and list view capabilities Enables mobile support for any device

Delivers batch processing of structured and unstructured data Ensures negligible performance impact to accessing and manipulating data in the cloud

Supports AES-256 bit encryption, FIPS-compliant – enabling the data to be fully encrypted in the cloud.

Enables Tokenization—the ability to retain the original business data on premise while replacing it with random characters in the cloud

Ensures that the company or organization always retains the encryption keys

Delivers cloud malware detection to protect against viruses, spyware, Trojans, bots, rootkits and more

Supports cloud data loss prevention and the ability to scan, detect and take action to protect sensitive data going to the cloud

Provides easy to read and insightful dashboard to report on user activities and monitor out-of compliance and malicious activity

Usability

SECURITY & TECHNOLOGY

Pass

Fail

At this point it is time to review the important criteria in your discovery of the right cloud information protection. How does your vendor compare against the following criteria?

(9)

Delivers information protection to cloud business applications including Salesforce, SuccessFactors, and NetSuite

Supports information protection in collaboration applications like Box, Yammer, and Jive

Enables protection of content in email offerings like Microsoft Office 365 and Google Gmail

A high availability stateless architecture with redundancy and real-time replication for maximum performance

The platform can be installed on a physical server or virtual machine behind the firewall or in a virtual private cloud such Amazon Web Services (AWS)

Has a proven global and cross-industry customer base

Many strong customer references and high customer satisfaction Excellent industry recognition as a recipient of key awards and achievements

Both deep and broad consulting and implementation partner relationships

Architecture Platform

Market Leadership

Pass

Fail

(10)

Adoption of the cloud is passing a tipping point and is increasingly a fact of life for many

organizations, and IT will not succeed at trying to put the cloud genie back in the bottle. But this change in technology does not absolve organizations from their legal responsibilities to protect their customer’s data. In fact, the growth of the cloud has been met with an equal growth in privacy laws and data residency restrictions.

By leveraging new cloud security technology, organizations can resolve these conflicting interests—retaining control over their sensitive information, while enabling the business to realize the many benefits of the cloud. By deploying systems that encrypt or tokenize sensitive data at the gateway, while keeping all encryption keys within the enterprise, organizations can safely extend their virtual security perimeter to include global, distributed cloud services, while still maintaining privacy, security, and compliance.