Making Cloud Security Part of Your DNA Webinar Slides

  • Published on

  • View

  • Download

Embed Size (px)


PowerPoint Presentation

Making Cloud Security Part of Your DNAFeaturing: Craig GuinassoChief Security Officer, Genomic Health

Sanjay BeriCEO, NetskopeMissy KrasnerManaging Director of Healthcare, BoxDavid BakerChief Security Officer, Okta


Craig GuinassoChief Security OfficerGenomic HealthSanjay BeriNetskopeCEO Co-Founder

Missy KrasnerManaging Director of Healthcare & Life Sciences, BoxDavid BakerChief Security OfficerOkta

Making Cloud Security Part of Your DNA

Making Cloud Security Part of Your DNA3About the MD AndersonCancer CenterGenomic HealthKey FactsEstablished in 2000 and is the worlds leading provider of genetic cancer diagnostic testsCorporate HQ Redwood City, CACompanys lead product, the Oncotype Dx breast cancer test has been shown to predict the likelihood of chemotherapy benefits as well as recurrence of invasive breast cancers 500,000 patient tests to date conducted by more than 1,400 physicians in 70 countries800+ employees globally, $275M revenue in 2014

4Business vs. Mission CriticalInformation Technology is not Genomic Healths core business; however information delivery is fundamental to our unique science and patient value.HistoryGenomic Health had purpose built systems maintained by in-house resources. This model wasnt going to scale or support growing business needs.IT CharterAgilityIntegrated & InnovativeScalable & Secure Making Cloud Security Part of Your DNA5

Cloud storageData & analyticsCollaborationPayor and pricing managementLine of business appsOrder management Sample management Making Cloud Security Part of Your DNA6

Genomic Healths Data & Analytics Requirements vs. Twitters


Making Cloud Security Part of Your DNA7


10 parallel work streams

60 major system integration points

100s of cross team and system dependenciesMaking Cloud Security Part of Your DNA8Genomic Health: Inadequate File Sharing Breeds opportunities for Data Loss, Breach and Shadow IT Staff transferring files and collaborating in various ways:Big concerns around traditional data storage, using file servers and outside sharing was hardE-mail attachments hard to stop from being forwardedNeed to share externally and internallyNeed to transfer large files and marketing collateral Making Cloud Security Part of Your DNA9Genomic Health - Box Deployment Phase 1: IT, Marketing and Latin America900 seats purchased; 500 deployed. Used as an approved file sharing tool that can be accessed through normal employee credentials (single sign on via Okta)Early adopters IT Staff, Marketing, Legal, and groups that collaborate internationallyUsed at conferences to send Box shared links instead of printing paper brochuresUsed in combination with Windows Surface tabletsUsed for large file transfers between collaboration partners (internal to internal and internal to external)Used to access documents across platforms (desktops and mobile) regardless of locationReplaces e-mail attachments with hyperlinks to Box documentsMaking Cloud Security Part of Your DNA10


Encryption at transit & restHIPAA compliantBack-end log files (audit trails and alerts)Enterprise oversight & management Easy to deploy; low cost to maintain Consumer Centric UI; very simple to use

Studies, ValidationsMaking Cloud Security Part of Your DNA11Cloud Security ConsiderationsEnable global collaborationMake it secureCOLLABORATIONHIPAAEUDDPCISafe HarborCOMPLIANCEISO 27002EHNACCOBITNISTAUDIT STANDARDSMFAEncryptionPen-testingRole-based accessDATA PROTECTIONReduce appsUnderstand usage/ forensicsInform decisionsSHADOW ITUnderstand app shortcomingsMitigate riskFacilitate negotiationsVENDOR ASSESSMENTMaking Cloud Security Part of Your DNA12Best Practices13#1: Standardize on yourenterprise-approved apps



#2: Provide secure access to the right people (and the right resources)CLONEDACCESS


DoDontEncourage users to use Okta for personal applicationsUse Just-In-Time provisioning and deprovisioning APIsDeploy Multi-Factor Authentication to protect valuable assetsIgnore mobile phones and tablets as means of ingressDepend on end users to employ best security practicesLet security trump efficiency and collaboration balance is the keyMaking Cloud Security Part of Your DNA17Easy, automated management of your cloud applicationsStandardize on service providers that support authentication based on SAML or WS-FedJust-In-Time provisioning and deprovisioning keeps access tied to roleChoose an Identity Provider that will validate users through a second factor


Single IdentityYou dont own all of your users anymore, and theyre accessing your resources from multiple devices.SAMLSAMLWS-FedIdentity is the New PerimeterMaking Cloud Security Part of Your DNA18New Security Model: Extend Security Controls Beyond the Legacy PerimetersVulnerability ManagementIdentity & AuthenticationNetwork ControlsSecurity Information & Events Mgmt (SIEM)/AnalyticsCore Cloud ServiceMobile SecurityGovernance Risk & ComplianceData Loss PreventioneDiscoveryEndpoint ProtectionSecret ManagementBasic ControlsCore ControlsSpecialized Use Case Controls19Too riskyUnacceptable termsBlockSpeed BumpBlock/CoachContext-DrivenUnsanctioned appAlert/guidance/ justificationData may be made public

Sanctioned app/ activityDLPData = PHIIf-then contextPerson/groupActivityData residencyEnforce granular policies#3:COLLABOR-ATIONCOMPLIANCEDATA PROTECTIONSHADOW ITAUDIT STANDARDSVENDOR ASSESSMENTMaking Cloud Security Part of Your DNA20

#4: Remediate shadow IT

to which contentSee what users didand see the who, what, when, where, and with whomCOLLABOR-ATIONCOMPLIANCEDATA PROTECTIONSHADOW ITAUDIT STANDARDSVENDOR ASSESSMENT(hint: you need to understand usage)Making Cloud Security Part of Your DNA21

#5: Make security championsCOLLABOR-ATIONCOMPLIANCEDATA PROTECTIONSHADOW ITAUDIT STANDARDSVENDOR ASSESSMENTout of yourbusiness counterpartsMaking Cloud Security Part of Your DNA22Cliff NotesStandardize on enterprise-approved appsSecure access right people, right resourcesEnforce granular policiesRemediate shadow IT Foster security championsMaking Cloud Security Part of Your DNAThank You!

@Genomic_Health@Netskope, @sanjberi@Box_HQ, @missykras@Okta, @bazaker