Questions? Feedback? powered by Olark live chat software

Data Security: Best Practices in the Hybrid Cloud

Presented by Mike Fleck and Jesse Roche on July 24th, 2014 at 11am EST

Send me future webinar alerts

Most Recent

Back to Webinars

Prefer to read what's in the video? See below for the transcript:


Data Security: Best Practices in the Hybrid Cloud

In this webinar, CEO of CipherPoint, Mike Fleck, joins us as we explore security in an Office 365/Dedicated hybrid cloud model. Organizations need to consider the confidentiality and availability implications of SharePoint when offered by a private hosting provider as opposed to a public Cloud offering. These differences include data residency, your ability to perform due diligence, and confidentiality/availability guarantees. Restricted information, however, needs to be secured no matter where it’s stored and processed. During the latest Fpwebinar, we explore the private and public hosted SharePoint offerings and the strategies you can use to architect a hybrid approach to meet both your business and security objectives.

Topics this webinar covers:

  • How to create a strategy for data security
  • Cloud adoption trends
  • Cloud security challenges
  • Security of an Office 365 and Dedicated (private) cloud hybrid model
  • How to assess the security around your data
  • Data residency
  • Cloud provider confidentiality/availability agreements

Office 365 is simply hosted SharePoint by another name. As such, organizations need to understand and consider the confidentiality and availability implications of SharePoint offered by a managed hosting provider as opposed to a public Cloud offering. There are major differences between private and public Cloud offerings in terms of data residency, your ability to perform due diligence, and confidentiality and availability guarantees. Restricted information, however, needs to be secured no matter where it’s stored and processed. Luckily, private and public hosted SharePoint offerings and strategies can be developed to architect a hybrid approach that meets both your business and security objectives.

What an Information Security Program Should Look Like

Data and Device Security includes using least privilege design, creating a separation of duties principle, only use unique user identities, do not use shared accounts, and always require complex passwords.

Network, Hosting, and Application Security includes network firewalls and monitoring, penetration testing, vulnerability scanning, intrusion detection, patch management, and anti-virus and anti-malware.

Physical and Human Security includes building access control, visitor logs, physical data center security, employee screening, and employee awareness training and job descriptions.

Compliance and Incident Response Security includes the creation of an incident response policy and a corporate information security policy, using third party auditing and accreditation, and designating compliance offers or teams.

Do Your Due Diligence

When choosing a cloud provider, it is important to do your research. Important areas to look into when research providers include:

  • Maturity of controls and principles
  • Uptime statistics and Service Level Agreements
  • Third party access: Subcontractors & Foreign and domestic governments
  • Data destruction and remanence
  • Privileged user controls and monitoring

The Truth about Public Clouds

While the public cloud has superior economies of scale because of their cookie cutter offerings, they have highly limited ability for you to do your due diligence or for you to customize your environment. Furthermore, public clouds often have lower service levels than private clouds and they have a high volume of compelled disclosures.

© Copyright 2016 Fpweb.net LC. All Rights Reserved