SlideShare a Scribd company logo

The state of data privacy with dimensional research

Druva, profile picture
Druva

The document discusses the increasing urgency of data privacy, driven by factors such as regulatory changes and high-profile data breaches. Key findings from a survey of IT professionals indicate that while cloud data volumes are expected to grow, concerns about data privacy persist, with many employees failing to adhere to privacy policies. Organizations face significant challenges in ensuring data privacy, compliance with regulations, and implementing effective controls.

Technology
Related topics:
Data Privacy
1 of 42
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
The State of Data Privacy: Why It’s Becoming More Urgent for IT May 7th, 2015
2Data Protection and Governance at the Edge Today’s Presenters Dave Packer Vice President, Product Marketing Druva, Inc. Diane Hagglund Principal Analyst Dimensional Research
3 Agenda •  What’s Driving Global Data Privacy Awareness •  Survey Results, Assessment & Conclusions •  Considerations for Assessing Privacy-Ready SaaS Vendors •  Summary and Q&A
4Data Protection and Governance at the Edge Trends Pushing Privacy to the Forefront •  PRISM and the Patriot Act o  Microsoft vs United States •  Evolving Global Privacy Regulations o  EU, Germany, France, Russia, … •  Sectoral Regulations o  HIPAA, SOX, FINRA, GLBA, COPPA, … •  BYOD, blurring lines between personal and business data •  Confidence in controls for safeguarding PII & PHI
5Data Protection and Governance at the Edge Breaches Are Elevating Awareness Exponentially •  Almost all major breaches in 2014 were against on-premise systems •  Significant fines & reputation exposure •  Breaching the firewall can mean extensive systems access (Sony) •  Internal challenges are becoming pervasive o  Malicious outsider: 50% o  Accidental loss / misplace: 25% o  Malicious Insider: 15%
6 2015: The Top Security Challenges Source: 451 Group – Wave 8 Report 2015 (preliminary note)
Sponsored  by:   The  State  of  Data  Privacy  in  2015   A  Survey  of  IT  Professionals              
8 Research  Goal   Understand  recent  experiences  and  trends  with  data   privacy  in  modern  IT  organiza>ons.   Goals and Methodology Methodology   An  online  survey  was  fielded  to  IT  professionals   responsible  for  corporate  data.    A  total  of  214  individuals   par>cipated  in  the  survey.  Par>cipants  represented  a   wide  range  of  company  sizes,  industries,  regions  and   responsibility  for  data.       Defini>ons   Data  security  -­‐  Ensuring  data  is  protected  from   unauthorized  access  or  intercep>on   Data  privacy  -­‐  Ensuring  that  sensi>ve  data  isn’t  misused,   misappropriated  or  publicly  exposed  by  those  who  have   authorized  access  to  it    
9 Key Findings Cloud  data  is  growing,  but  privacy  concerns  persist   •   88%  expect  their  cloud  data  volume  to  increase  in  2015   •   87%  are  concerned  about  privacy  of  data  in  the  cloud   Data  privacy  is  important  –  but  don’t  depend  on  employees   •     84%  report  data  privacy  importance  is  increasing  in  2015   •     82%  have  employees  who  don’t  follow  data  privacy  policies   Data  privacy  is  challenging  for  IT   •     93%  report  challenges  with  data  privacy   •     91%  have  data  privacy  controls,  but  they  are  incomplete   •     77%  struggle  to  keep  up  with  regional  requirements  for  data  privacy  
10 Participants Represented LocaFon   EMEA   17%   APAC   23%   AMER   60%  Job  FuncFon   IT  execu>ve   23%   IT    team  manager   39%   Individual  contributor   in  IT   19%   Business  stakeholder       10%   Service  provider   9%   Company  Size   Fewer  than  100   24%   100  –  1,000   38%   1,000  –  5,000   17%   More  than  5,000   21%  
DETAILED FINDINGS
12Data Protection and Governance at the Edge What  type  of  data  is  the  most  sensi>ve  to  your  business?     Choose  up  to  3  of  the  following.   Businesses depend on sensitive data 1%   18%   19%   22%   33%   37%   41%   46%   52%   0%   10%   20%   30%   40%   50%   60%   We  do  not  have  sensi>ve  business  data   Planning  and  strategy  documents   Payroll   Unregulated  customer  data  (emails,  order  history,  etc.)   Accoun>ng  and  financial   Intellectual  property   Personal  employee  informa>on  (SSNs,  phone  numbers,  etc.)   Password  or  authen>ca>on  creden>als   Regulated  customer  data  (credit  cards,  health  records,  etc.)  
13Data Protection and Governance at the Edge Does  your  business  have  data  privacy  requirements  to  meet     compliance  and  governance  regula>ons?   Businesses must protect data privacy to meet regulations Yes   81%   No   19%  
14Data Protection and Governance at the Edge How  are  your  company’s  efforts  on  protec>ng  the  privacy  of     sensi>ve  data  changing  for  2015?   Focus on data privacy escalates in 2015 Increasing   84%   Decreasing   1%   No  change   15%  
15Data Protection and Governance at the Edge Giving employees data privacy policies isn’t enough All  employees  follow   data  privacy  policies   18%   Have  employees   who  do  not  follow   data  privacy  policies   82%  
16Data Protection and Governance at the Edge Which  employees  are  MOST  likely  to  ignore  data  privacy  policies?       Choose  up  to  3  of  the  following.   All types of employees ignore data privacy policies 6%   16%   17%   20%   24%   29%   31%   35%   48%   0%   10%   20%   30%   40%   50%   60%   Legal   Engineering   Manufacturing   Finance  and  accoun>ng   IT   Opera>ons   Owner/Partner   Marke>ng   Sales  
17Data Protection and Governance at the Edge  What  level  of  employee  is  most  likely  to  ignore  data  privacy  policies?       All types of employees ignore data privacy policies (con’t) Execu>ves   33%   Team  managers   14%   Individual   contributors  or   front-­‐line  staff   39%   Contractors   14%  
18Data Protection and Governance at the Edge How  do  you  expect  the  volume  of  data  in  the  cloud  change  in  2015?   Significant momentum in cloud data growth n  =  have  data  in  the  cloud   Increase   88%   Decrease   5%   Stay  the  same   7%  
19Data Protection and Governance at the Edge How  concerned  are  you  about  the  privacy  of  sensi>ve  business     data  in  the  cloud?   IT is concerned about data privacy in the cloud n  =  have  data  in  the  cloud   32%   55%   13%   0%   20%   40%   60%   80%   100%   Very  concerned   Concerned   Not  concerned  
20Data Protection and Governance at the Edge Which  of  these  challenges  ensuring  privacy  of  sensi>ve  data  does  your  IT   team  face?         93% face challenges ensuring with data privacy 7%   5%   24%   27%   34%   36%   45%   56%   0%   10%   20%   30%   40%   50%   60%   We  have  no  challenges   Other   Lack  of  data  privacy  policies   IT  team  doesn’t  have  knowledge  of  laws  and  requirements   Lack  of  execu>ve  visibility  or  priority  into  the  problem   No  processes  in  place  to  train  or  audit  employee  behavior   Lack  budget  to  purchase  and  implement  technology  solu>ons   Insufficient  employee  awareness  and  understanding  of  data  privacy  policies  
21Data Protection and Governance at the Edge Do  you  face  any  challenges  mee>ng  regional  requirements     for  data  privacy?   Companies with operations in multiple countries find data privacy regulations challenging n  =  have  opera8ons  in  mul8ple  countries   This  is  not   challenging   23%   We  don't  try  to   keep  up  with   differences   10%  This  is  challenging   67%  
22Data Protection and Governance at the Edge Wide range of data privacy challenges for companies that operate globally n  =  have  opera8ons  in  mul8ple  countries   17%   25%   29%   29%   41%   0%   5%   10%  15%  20%  25%  30%  35%  40%  45%   IT  team  lacks  compliance  knowledge  to   understand  requirements   Legal  or  compliance  team  does  not   communicate  requirements  to  IT   Technology  vendors  not  offering  solu>ons   or  guidance  in  addressing  regula>ons   Requirements  are  ambiguous  making  it   difficult  to  determine  the  correct  course   Emerging  rules  and  regula>ons  difficult  to   track  and  interpret  
23Data Protection and Governance at the Edge Companies are trying, but data privacy controls are incomplete Have  data   privacy   controls   91%   No  data   privacy   controls   9%   38%   54%   61%   63%   0%   20%   40%   60%   80%   We  conduct  ad  hoc   employee  educa>on   programs   We  regularly  train   employees  on  data   privacy   We  ask  employees  to   sign  a  data  privacy   agreement   We  enforce  data   privacy  controls  with   technology  
24Data Protection and Governance at the Edge What  technological  controls  does  your  organiza>on  have  in  place  to  limit  or   audit  access  to  sensi>ve  data  by  authorized  or  unauthorized  par>es?       Even those with technology controls could do more 37%   21%   36%   37%   41%   58%   0%  10%  20%  30%  40%  50%  60%  70%  80%  90%  100%   No  technological  controls  for  data  privacy   Encrypt  data  on  tablets  and  smartphones   Encrypt  data  on  laptops   Mul>-­‐factor  authen>ca>on   Log  all  data  access   Access  control  
25 Key Findings Cloud  data  is  growing,  but  privacy  concerns  persist   •   88%  expect  their  cloud  data  volume  to  increase  in  2015   •   87%  are  concerned  about  privacy  of  data  in  the  cloud   Data  privacy  is  important  –  but  don’t  depend  on  employees   •     84%  report  data  privacy  importance  is  increasing  in  2015   •     82%  have  employees  who  don’t  follow  data  privacy  policies   Data  privacy  is  challenging  for  IT   •     93%  report  challenges  with  data  privacy   •     91%  have  data  privacy  controls,  but  they  are  incomplete   •     77%  struggle  to  keep  up  with  regional  requirements  for  data  privacy  
What You Need to Know About SaaS and Data Privacy
27Data Protection and Governance at the Edge “Druva has been a phenomenal answer to Dell for protecting our data” About Druva Company •  Fastest growing data protection and governance company •  Over 3,000 customers •  Protecting 3.0m+ endpoints globally Ranked #1 by Gartner two years running Brad Hammack IT Emerging Technologies Data  Protec>on  2014  
28Data Protection and Governance at the Edge inSync Efficient Cloud-based Endpoint Data Protection
29Data Protection and Governance at the Edge Dramatic Shift in Cloud Adoption 2013 75%   25%   2014 20%   80%  
30 Common Privacy Inquiries / Use Cases Regional   Employee   Corporate   Scenario  
31Data Protection and Governance at the Edge Delivering Privacy on a Foundation of Security •  Infrastructure Security & Operations: Where is the infrastructure? How is it controlled and to what extent certified? •  SaaS Operations: What certifications and security controls does the SaaS provider have in place? •  Data Residency: What are the regional, cross-geography data controls? •  Data Security: How is the data encrypted in transit and stored at-rest? What is the durability of the data? •  Data Privacy: What controls are in place to provide ethical walls? What data can my SaaS provider access? IaaS Infrastructure: Compute + Storage PaaS Distributed Database Services SaaS Application Services
32Data Protection and Governance at the Edge As a Cloud Provider, Security = Survival •  SOC 1, SOC 2 & SOC 3 ISO 27001 •  PCI Level 1 •  FedRAMP •  AWS GovCloud (US) •  MPAA best practices alignment Customer are running SOX, HIPAA, FISMA, DIACAP MAC III sensitive ATO, ITAR, … Facilities Physical security Physical infrastructure Network infrastructure Virtualization infrastructure IaaS   PaaS  
33Data Protection and Governance at the Edge Most IaaS/PaaS Certifications Don’t Pass to the SaaS Level IaaS Infrastructure: Compute + Storage PaaS Distributed Database Services SaaS Application Services •  Druva Certifications & Audits o  ISAE-3000 o  TRUSTe certified privacy o  EU Safe Harbor o  HIPAA Audited •  Regular VAPT Testing (White Hat) •  SkyHigh CloudTrust program partner •  Audits renewed annually ISAE 3000 TRUSTe EU Safe Harbor HIPAA BAA Skyhigh Enterprise-Ready
34Data Protection and Governance at the Edge AWS Global Footprint •  >1 million active customers across 190 countries •  900+ government agencies •  3,400+ educational institutions •  11 regions, including ITAR-compliant GovCloud and the new region in Germany •  28 availability zones •  53 edge locations
35Data Protection and Governance at the Edge Authentication Controls (AD, SSO) Configurable Group Policies (Data Access, Sharing, Visibility) Full Admin and End-User Audit Trails SaaS Layer Application Addressing Enterprise Data Protection RequirementsSaaS Provider Security Approach Global Deduplication (unique blocks) & Metadata Separation (data is dereferenced) PaaS Layer (DynamoDB) S3 Buckets, Data Scrambling via Envelope Encryption Block-Only Object Storage IaaS / Storage Layer (EC2, S3, Glacier)
36Data Protection and Governance at the Edge Envelope Key Management & Encryption •  Works like a bank safety-deposit box o  Unique encryption key generated per customer o  Key itself is encrypted with customer credentials and stored as a token •  They key itself is inaccessible by anyone o  Only exists during the client session o  Never leaves the system o  Removes the need for key management •  Druva cannot access/decrypt customer data with stored token
37Data Protection and Governance at the Edge Internal Privacy Controls •  End-user privacy controls either by policy or opt-out feature (no admin data visibility) •  Containerization on mobile devices, extendable via MDM (MobileIron) •  Exclusionary settings for backup and collection process •  Full data auditing for compliance response for PHI & PII •  Admin visibility to audit trails restricted via policy Employee Privacy •  Privacy controls •  Data segregation •  Corporate visibility Corporate Privacy Material Data •  Officer data shielding •  Compliance auditing •  Tracking + monitoring
38Data Protection and Governance at the Edge Scenario-based Privacy •  Delegated roles for compliance and legal counsel •  Full data and audit trail access for compliance, investigation and litigation requirements Scenario / Exceptions •  Compliance audits •  Investigations •  eDiscovery collection
39 Addressing Key Privacy Use Cases Regional   Employee   Corporate   Scenario   •  Compliance audits •  Investigations •  eDiscovery collection •  Privacy controls •  Data segregation •  Restricted visibility •  Officer data shielding •  Compliance auditing •  Tracking + monitoring •  Data residency •  Local administration •  Data Storage Privacy
40Data Protection and Governance at the Edge Key Takeaways •  Be sure to check the certifications and how they apply to the overall stack, just because the IaaS/PaaS is certified it doesn’t mean the SaaS layer is. •  For data residency ensure your cloud data isn’t moving around to non-compliant locations, have the vendor sign an agreement and show documented ability to comply •  Encryption models continue to evolve, make sure your provider can’t divulge your data without you knowing •  Data privacy laws are still emerging and tend to be ambiguous, best place to get the answers to stay compliant is working with your legal team, don’t guess
41 Next Steps: Experience the Druva Advantage Try Druva for yourself at druva.com/trial druva.com dave.packer@druva.com
42Data Protection and Governance at the Edge Delivering Privacy on a Foundation of Security •  ✔ Infrastructure Security & Operations: Where is the infrastructure? How is it controlled and to what extent certified? •  ✔ SaaS Operations: What certifications and security controls does the SaaS provider have in place? •  ✔ Data Residency: What are the regional, cross-geography data controls? •  ✔ Data Security: How is the data encrypted in transit and stored at-rest? What is the durability of the data? •  ✔ Data Privacy: What controls are in place to provide ethical walls? What data can my SaaS provider access? IaaS Infrastructure: Compute + Storage PaaS Distributed Database Services SaaS Application Services

More Related Content

PDF
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Druva
 
PDF
New Strategies for More Effective Remote/Branch Office Data Protection
Druva
 
PDF
Getting a clue: uncovering the truth about your data with mobile forensics
Druva
 
PDF
Enterprise Data Privacy Quiz
Druva
 
PDF
Where in the world is your PII and other sensitive data? by @druva inc
Druva
 
PDF
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Druva
 
PDF
Interested in working at Druva?
Druva
 
PDF
Data Privacy Readiness Test
Druva
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Druva
 
New Strategies for More Effective Remote/Branch Office Data Protection
Druva
 
Getting a clue: uncovering the truth about your data with mobile forensics
Druva
 
Enterprise Data Privacy Quiz
Druva
 
Where in the world is your PII and other sensitive data? by @druva inc
Druva
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Druva
 
Interested in working at Druva?
Druva
 
Data Privacy Readiness Test
Druva
 

What's hot (18)

PPTX
4 ways to cut your e discovery costs in half-webinar-exterro-druva
Druva
 
PDF
Threat Ready Data: Protect Data from the Inside and the Outside
DLT Solutions
 
PDF
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
PPTX
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Blancco
 
PDF
Innovation_chrishenry_FIC_October2015-lowres
- Chris - Henry -
 
PDF
Delivering Analytics at Scale with a Governed Data Lake
Jean-Michel Franco
 
PPTX
Data Governance Overview - Doreen Christian
Doreen Christian
 
PDF
Information Governance – What Does a Modern Program Look Like?
Winston & Strawn LLP
 
PDF
Information Governance
Atle Skjekkeland
 
PDF
Why You Need to Govern Big Data
IBM Analytics
 
PPTX
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
OnRamp
 
PDF
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
DOCX
Data privacy and security in uae
RishalHalid1
 
PDF
Where data security and value of data meet in the cloud ulf mattsson
Ulf Mattsson
 
PPTX
HPE Security Keynote from Istanbul 20th Jan 2016
SteveAtHPE
 
PDF
Planning Information Governance and Litigation Readiness
Rich Medina
 
PPTX
GDPR How to get started?
Peter Witsenburg
 
PPTX
How to turn GDPR into a Strategic Advantage using Connected Data
Neo4j
 
4 ways to cut your e discovery costs in half-webinar-exterro-druva
Druva
 
Threat Ready Data: Protect Data from the Inside and the Outside
DLT Solutions
 
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Blancco
 
Innovation_chrishenry_FIC_October2015-lowres
- Chris - Henry -
 
Delivering Analytics at Scale with a Governed Data Lake
Jean-Michel Franco
 
Data Governance Overview - Doreen Christian
Doreen Christian
 
Information Governance – What Does a Modern Program Look Like?
Winston & Strawn LLP
 
Information Governance
Atle Skjekkeland
 
Why You Need to Govern Big Data
IBM Analytics
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
OnRamp
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Data privacy and security in uae
RishalHalid1
 
Where data security and value of data meet in the cloud ulf mattsson
Ulf Mattsson
 
HPE Security Keynote from Istanbul 20th Jan 2016
SteveAtHPE
 
Planning Information Governance and Litigation Readiness
Rich Medina
 
GDPR How to get started?
Peter Witsenburg
 
How to turn GDPR into a Strategic Advantage using Connected Data
Neo4j
 
Ad

Similar to The state of data privacy with dimensional research (20)

PPTX
Challenges & Opportunities the Data Privacy Act Brings
Robert 'Bob' Reyes
 
PDF
Data Privacy Program – a customized solution for the new EU General Regulatio...
IAB Bulgaria
 
PDF
Data Privacy and Protection in the Digital Age - pdf.pdf
Karpagam Institute
 
PDF
White Paper: The Age of Data
Kim Cook
 
PDF
State of Data Governance in 2021
DATAVERSITY
 
PPTX
Data Privacy | Data Management Frameworks - Tejasvi Addagada
Tejasvi Addagada
 
PPTX
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
PDF
AI and Data Privacy in 2025: Global Trends
InData Labs
 
PDF
Data Personal Privacy in the Age of Digital Improvement.pdf
Acme Minds
 
PPTX
Privacy_Trends
Desmond Israel
 
PPTX
Perspectives on Ethical Big Data Governance
Cloudera, Inc.
 
PDF
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
PDF
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec
 
PDF
TrustArc Webinar - Navigating the Privacy Landscape in 2023: Insights from a ...
TrustArc
 
PDF
[AIIM18] GDPR: whose job is it now? - Paul Lanois
AIIM International
 
PPTX
U1 - Data Privacy and Compliance Requirements.pptx
KPR Institute of Engineering and Technology
 
PDF
How to Build a Privacy Program
secratic
 
PDF
SureSkills GDPR - Discover the Smart Solution
Google
 
DOCX
Big data security
Anne ndolo
 
DOCX
Big data security
Anne ndolo
 
Challenges & Opportunities the Data Privacy Act Brings
Robert 'Bob' Reyes
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
IAB Bulgaria
 
Data Privacy and Protection in the Digital Age - pdf.pdf
Karpagam Institute
 
White Paper: The Age of Data
Kim Cook
 
State of Data Governance in 2021
DATAVERSITY
 
Data Privacy | Data Management Frameworks - Tejasvi Addagada
Tejasvi Addagada
 
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Data Personal Privacy in the Age of Digital Improvement.pdf
Acme Minds
 
Privacy_Trends
Desmond Israel
 
Perspectives on Ethical Big Data Governance
Cloudera, Inc.
 
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec
 
TrustArc Webinar - Navigating the Privacy Landscape in 2023: Insights from a ...
TrustArc
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
AIIM International
 
U1 - Data Privacy and Compliance Requirements.pptx
KPR Institute of Engineering and Technology
 
How to Build a Privacy Program
secratic
 
SureSkills GDPR - Discover the Smart Solution
Google
 
Big data security
Anne ndolo
 
Big data security
Anne ndolo
 
Ad

More from Druva (19)

PDF
Druva’s 2017 Ransomware Survey
Druva
 
PDF
Rethink Server Backup and Regain Control
Druva
 
PDF
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Druva
 
PDF
20 point checklist : why move backup and disaster recovery to the cloud - druva
Druva
 
PDF
Black Hat 2015 Survey: The Challenge of Data Sprawl
Druva
 
PDF
Where In The World Is Your Sensitive Data?
Druva
 
PDF
Soundbytes from the Frontlines
Druva
 
PDF
AWS reInvent: Building an enterprise class backup and archival solution on AWS
Druva
 
PDF
Why You Need Enterprise Backup
Druva
 
PDF
CIO Cloud Security Checklist
Druva
 
PDF
Data in the Wild: Survival Guide
Druva
 
PDF
40 scary stats about data at risk
Druva
 
PDF
Druva inSync: Enterprise Endpoint Data Protection & Governance (Data Sheet)
Druva
 
PDF
inSync Cloud FAQ
Druva
 
PDF
inSync FAQ
Druva
 
PDF
The Challenges of Windows XP Migration (infographic)
Druva
 
PDF
How Endpoint Mobility Kills Bare Metal Restore (infographic)
Druva
 
PDF
The Growth of Corporate Data (infographic)
Druva
 
PDF
Series C: The growth, innovation, and leadership of Druva
Druva
 
Druva’s 2017 Ransomware Survey
Druva
 
Rethink Server Backup and Regain Control
Druva
 
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Druva
 
20 point checklist : why move backup and disaster recovery to the cloud - druva
Druva
 
Black Hat 2015 Survey: The Challenge of Data Sprawl
Druva
 
Where In The World Is Your Sensitive Data?
Druva
 
Soundbytes from the Frontlines
Druva
 
AWS reInvent: Building an enterprise class backup and archival solution on AWS
Druva
 
Why You Need Enterprise Backup
Druva
 
CIO Cloud Security Checklist
Druva
 
Data in the Wild: Survival Guide
Druva
 
40 scary stats about data at risk
Druva
 
Druva inSync: Enterprise Endpoint Data Protection & Governance (Data Sheet)
Druva
 
inSync Cloud FAQ
Druva
 
inSync FAQ
Druva
 
The Challenges of Windows XP Migration (infographic)
Druva
 
How Endpoint Mobility Kills Bare Metal Restore (infographic)
Druva
 
The Growth of Corporate Data (infographic)
Druva
 
Series C: The growth, innovation, and leadership of Druva
Druva
 

Recently uploaded (20)

PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Cloud computing and distributed systems.
kkkkkhan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 

The state of data privacy with dimensional research

  • 1. The State of Data Privacy: Why It’s Becoming More Urgent for IT May 7th, 2015
  • 2. 2Data Protection and Governance at the Edge Today’s Presenters Dave Packer Vice President, Product Marketing Druva, Inc. Diane Hagglund Principal Analyst Dimensional Research
  • 3. 3 Agenda •  What’s Driving Global Data Privacy Awareness •  Survey Results, Assessment & Conclusions •  Considerations for Assessing Privacy-Ready SaaS Vendors •  Summary and Q&A
  • 4. 4Data Protection and Governance at the Edge Trends Pushing Privacy to the Forefront •  PRISM and the Patriot Act o  Microsoft vs United States •  Evolving Global Privacy Regulations o  EU, Germany, France, Russia, … •  Sectoral Regulations o  HIPAA, SOX, FINRA, GLBA, COPPA, … •  BYOD, blurring lines between personal and business data •  Confidence in controls for safeguarding PII & PHI
  • 5. 5Data Protection and Governance at the Edge Breaches Are Elevating Awareness Exponentially •  Almost all major breaches in 2014 were against on-premise systems •  Significant fines & reputation exposure •  Breaching the firewall can mean extensive systems access (Sony) •  Internal challenges are becoming pervasive o  Malicious outsider: 50% o  Accidental loss / misplace: 25% o  Malicious Insider: 15%
  • 6. 6 2015: The Top Security Challenges Source: 451 Group – Wave 8 Report 2015 (preliminary note)
  • 7. Sponsored  by:   The  State  of  Data  Privacy  in  2015   A  Survey  of  IT  Professionals              
  • 8. 8 Research  Goal   Understand  recent  experiences  and  trends  with  data   privacy  in  modern  IT  organiza>ons.   Goals and Methodology Methodology   An  online  survey  was  fielded  to  IT  professionals   responsible  for  corporate  data.    A  total  of  214  individuals   par>cipated  in  the  survey.  Par>cipants  represented  a   wide  range  of  company  sizes,  industries,  regions  and   responsibility  for  data.       Defini>ons   Data  security  -­‐  Ensuring  data  is  protected  from   unauthorized  access  or  intercep>on   Data  privacy  -­‐  Ensuring  that  sensi>ve  data  isn’t  misused,   misappropriated  or  publicly  exposed  by  those  who  have   authorized  access  to  it    
  • 9. 9 Key Findings Cloud  data  is  growing,  but  privacy  concerns  persist   •   88%  expect  their  cloud  data  volume  to  increase  in  2015   •   87%  are  concerned  about  privacy  of  data  in  the  cloud   Data  privacy  is  important  –  but  don’t  depend  on  employees   •     84%  report  data  privacy  importance  is  increasing  in  2015   •     82%  have  employees  who  don’t  follow  data  privacy  policies   Data  privacy  is  challenging  for  IT   •     93%  report  challenges  with  data  privacy   •     91%  have  data  privacy  controls,  but  they  are  incomplete   •     77%  struggle  to  keep  up  with  regional  requirements  for  data  privacy  
  • 10. 10 Participants Represented LocaFon   EMEA   17%   APAC   23%   AMER   60%  Job  FuncFon   IT  execu>ve   23%   IT    team  manager   39%   Individual  contributor   in  IT   19%   Business  stakeholder       10%   Service  provider   9%   Company  Size   Fewer  than  100   24%   100  –  1,000   38%   1,000  –  5,000   17%   More  than  5,000   21%  
  • 12. 12Data Protection and Governance at the Edge What  type  of  data  is  the  most  sensi>ve  to  your  business?     Choose  up  to  3  of  the  following.   Businesses depend on sensitive data 1%   18%   19%   22%   33%   37%   41%   46%   52%   0%   10%   20%   30%   40%   50%   60%   We  do  not  have  sensi>ve  business  data   Planning  and  strategy  documents   Payroll   Unregulated  customer  data  (emails,  order  history,  etc.)   Accoun>ng  and  financial   Intellectual  property   Personal  employee  informa>on  (SSNs,  phone  numbers,  etc.)   Password  or  authen>ca>on  creden>als   Regulated  customer  data  (credit  cards,  health  records,  etc.)  
  • 13. 13Data Protection and Governance at the Edge Does  your  business  have  data  privacy  requirements  to  meet     compliance  and  governance  regula>ons?   Businesses must protect data privacy to meet regulations Yes   81%   No   19%  
  • 14. 14Data Protection and Governance at the Edge How  are  your  company’s  efforts  on  protec>ng  the  privacy  of     sensi>ve  data  changing  for  2015?   Focus on data privacy escalates in 2015 Increasing   84%   Decreasing   1%   No  change   15%  
  • 15. 15Data Protection and Governance at the Edge Giving employees data privacy policies isn’t enough All  employees  follow   data  privacy  policies   18%   Have  employees   who  do  not  follow   data  privacy  policies   82%  
  • 16. 16Data Protection and Governance at the Edge Which  employees  are  MOST  likely  to  ignore  data  privacy  policies?       Choose  up  to  3  of  the  following.   All types of employees ignore data privacy policies 6%   16%   17%   20%   24%   29%   31%   35%   48%   0%   10%   20%   30%   40%   50%   60%   Legal   Engineering   Manufacturing   Finance  and  accoun>ng   IT   Opera>ons   Owner/Partner   Marke>ng   Sales  
  • 17. 17Data Protection and Governance at the Edge  What  level  of  employee  is  most  likely  to  ignore  data  privacy  policies?       All types of employees ignore data privacy policies (con’t) Execu>ves   33%   Team  managers   14%   Individual   contributors  or   front-­‐line  staff   39%   Contractors   14%  
  • 18. 18Data Protection and Governance at the Edge How  do  you  expect  the  volume  of  data  in  the  cloud  change  in  2015?   Significant momentum in cloud data growth n  =  have  data  in  the  cloud   Increase   88%   Decrease   5%   Stay  the  same   7%  
  • 19. 19Data Protection and Governance at the Edge How  concerned  are  you  about  the  privacy  of  sensi>ve  business     data  in  the  cloud?   IT is concerned about data privacy in the cloud n  =  have  data  in  the  cloud   32%   55%   13%   0%   20%   40%   60%   80%   100%   Very  concerned   Concerned   Not  concerned  
  • 20. 20Data Protection and Governance at the Edge Which  of  these  challenges  ensuring  privacy  of  sensi>ve  data  does  your  IT   team  face?         93% face challenges ensuring with data privacy 7%   5%   24%   27%   34%   36%   45%   56%   0%   10%   20%   30%   40%   50%   60%   We  have  no  challenges   Other   Lack  of  data  privacy  policies   IT  team  doesn’t  have  knowledge  of  laws  and  requirements   Lack  of  execu>ve  visibility  or  priority  into  the  problem   No  processes  in  place  to  train  or  audit  employee  behavior   Lack  budget  to  purchase  and  implement  technology  solu>ons   Insufficient  employee  awareness  and  understanding  of  data  privacy  policies  
  • 21. 21Data Protection and Governance at the Edge Do  you  face  any  challenges  mee>ng  regional  requirements     for  data  privacy?   Companies with operations in multiple countries find data privacy regulations challenging n  =  have  opera8ons  in  mul8ple  countries   This  is  not   challenging   23%   We  don't  try  to   keep  up  with   differences   10%  This  is  challenging   67%  
  • 22. 22Data Protection and Governance at the Edge Wide range of data privacy challenges for companies that operate globally n  =  have  opera8ons  in  mul8ple  countries   17%   25%   29%   29%   41%   0%   5%   10%  15%  20%  25%  30%  35%  40%  45%   IT  team  lacks  compliance  knowledge  to   understand  requirements   Legal  or  compliance  team  does  not   communicate  requirements  to  IT   Technology  vendors  not  offering  solu>ons   or  guidance  in  addressing  regula>ons   Requirements  are  ambiguous  making  it   difficult  to  determine  the  correct  course   Emerging  rules  and  regula>ons  difficult  to   track  and  interpret  
  • 23. 23Data Protection and Governance at the Edge Companies are trying, but data privacy controls are incomplete Have  data   privacy   controls   91%   No  data   privacy   controls   9%   38%   54%   61%   63%   0%   20%   40%   60%   80%   We  conduct  ad  hoc   employee  educa>on   programs   We  regularly  train   employees  on  data   privacy   We  ask  employees  to   sign  a  data  privacy   agreement   We  enforce  data   privacy  controls  with   technology  
  • 24. 24Data Protection and Governance at the Edge What  technological  controls  does  your  organiza>on  have  in  place  to  limit  or   audit  access  to  sensi>ve  data  by  authorized  or  unauthorized  par>es?       Even those with technology controls could do more 37%   21%   36%   37%   41%   58%   0%  10%  20%  30%  40%  50%  60%  70%  80%  90%  100%   No  technological  controls  for  data  privacy   Encrypt  data  on  tablets  and  smartphones   Encrypt  data  on  laptops   Mul>-­‐factor  authen>ca>on   Log  all  data  access   Access  control  
  • 25. 25 Key Findings Cloud  data  is  growing,  but  privacy  concerns  persist   •   88%  expect  their  cloud  data  volume  to  increase  in  2015   •   87%  are  concerned  about  privacy  of  data  in  the  cloud   Data  privacy  is  important  –  but  don’t  depend  on  employees   •     84%  report  data  privacy  importance  is  increasing  in  2015   •     82%  have  employees  who  don’t  follow  data  privacy  policies   Data  privacy  is  challenging  for  IT   •     93%  report  challenges  with  data  privacy   •     91%  have  data  privacy  controls,  but  they  are  incomplete   •     77%  struggle  to  keep  up  with  regional  requirements  for  data  privacy  
  • 26. What You Need to Know About SaaS and Data Privacy
  • 27. 27Data Protection and Governance at the Edge “Druva has been a phenomenal answer to Dell for protecting our data” About Druva Company •  Fastest growing data protection and governance company •  Over 3,000 customers •  Protecting 3.0m+ endpoints globally Ranked #1 by Gartner two years running Brad Hammack IT Emerging Technologies Data  Protec>on  2014  
  • 28. 28Data Protection and Governance at the Edge inSync Efficient Cloud-based Endpoint Data Protection
  • 29. 29Data Protection and Governance at the Edge Dramatic Shift in Cloud Adoption 2013 75%   25%   2014 20%   80%  
  • 30. 30 Common Privacy Inquiries / Use Cases Regional   Employee   Corporate   Scenario  
  • 31. 31Data Protection and Governance at the Edge Delivering Privacy on a Foundation of Security •  Infrastructure Security & Operations: Where is the infrastructure? How is it controlled and to what extent certified? •  SaaS Operations: What certifications and security controls does the SaaS provider have in place? •  Data Residency: What are the regional, cross-geography data controls? •  Data Security: How is the data encrypted in transit and stored at-rest? What is the durability of the data? •  Data Privacy: What controls are in place to provide ethical walls? What data can my SaaS provider access? IaaS Infrastructure: Compute + Storage PaaS Distributed Database Services SaaS Application Services
  • 32. 32Data Protection and Governance at the Edge As a Cloud Provider, Security = Survival •  SOC 1, SOC 2 & SOC 3 ISO 27001 •  PCI Level 1 •  FedRAMP •  AWS GovCloud (US) •  MPAA best practices alignment Customer are running SOX, HIPAA, FISMA, DIACAP MAC III sensitive ATO, ITAR, … Facilities Physical security Physical infrastructure Network infrastructure Virtualization infrastructure IaaS   PaaS  
  • 33. 33Data Protection and Governance at the Edge Most IaaS/PaaS Certifications Don’t Pass to the SaaS Level IaaS Infrastructure: Compute + Storage PaaS Distributed Database Services SaaS Application Services •  Druva Certifications & Audits o  ISAE-3000 o  TRUSTe certified privacy o  EU Safe Harbor o  HIPAA Audited •  Regular VAPT Testing (White Hat) •  SkyHigh CloudTrust program partner •  Audits renewed annually ISAE 3000 TRUSTe EU Safe Harbor HIPAA BAA Skyhigh Enterprise-Ready
  • 34. 34Data Protection and Governance at the Edge AWS Global Footprint •  >1 million active customers across 190 countries •  900+ government agencies •  3,400+ educational institutions •  11 regions, including ITAR-compliant GovCloud and the new region in Germany •  28 availability zones •  53 edge locations
  • 35. 35Data Protection and Governance at the Edge Authentication Controls (AD, SSO) Configurable Group Policies (Data Access, Sharing, Visibility) Full Admin and End-User Audit Trails SaaS Layer Application Addressing Enterprise Data Protection RequirementsSaaS Provider Security Approach Global Deduplication (unique blocks) & Metadata Separation (data is dereferenced) PaaS Layer (DynamoDB) S3 Buckets, Data Scrambling via Envelope Encryption Block-Only Object Storage IaaS / Storage Layer (EC2, S3, Glacier)
  • 36. 36Data Protection and Governance at the Edge Envelope Key Management & Encryption •  Works like a bank safety-deposit box o  Unique encryption key generated per customer o  Key itself is encrypted with customer credentials and stored as a token •  They key itself is inaccessible by anyone o  Only exists during the client session o  Never leaves the system o  Removes the need for key management •  Druva cannot access/decrypt customer data with stored token
  • 37. 37Data Protection and Governance at the Edge Internal Privacy Controls •  End-user privacy controls either by policy or opt-out feature (no admin data visibility) •  Containerization on mobile devices, extendable via MDM (MobileIron) •  Exclusionary settings for backup and collection process •  Full data auditing for compliance response for PHI & PII •  Admin visibility to audit trails restricted via policy Employee Privacy •  Privacy controls •  Data segregation •  Corporate visibility Corporate Privacy Material Data •  Officer data shielding •  Compliance auditing •  Tracking + monitoring
  • 38. 38Data Protection and Governance at the Edge Scenario-based Privacy •  Delegated roles for compliance and legal counsel •  Full data and audit trail access for compliance, investigation and litigation requirements Scenario / Exceptions •  Compliance audits •  Investigations •  eDiscovery collection
  • 39. 39 Addressing Key Privacy Use Cases Regional   Employee   Corporate   Scenario   •  Compliance audits •  Investigations •  eDiscovery collection •  Privacy controls •  Data segregation •  Restricted visibility •  Officer data shielding •  Compliance auditing •  Tracking + monitoring •  Data residency •  Local administration •  Data Storage Privacy
  • 40. 40Data Protection and Governance at the Edge Key Takeaways •  Be sure to check the certifications and how they apply to the overall stack, just because the IaaS/PaaS is certified it doesn’t mean the SaaS layer is. •  For data residency ensure your cloud data isn’t moving around to non-compliant locations, have the vendor sign an agreement and show documented ability to comply •  Encryption models continue to evolve, make sure your provider can’t divulge your data without you knowing •  Data privacy laws are still emerging and tend to be ambiguous, best place to get the answers to stay compliant is working with your legal team, don’t guess
  • 41. 41 Next Steps: Experience the Druva Advantage Try Druva for yourself at druva.com/trial druva.com dave.packer@druva.com
  • 42. 42Data Protection and Governance at the Edge Delivering Privacy on a Foundation of Security •  ✔ Infrastructure Security & Operations: Where is the infrastructure? How is it controlled and to what extent certified? •  ✔ SaaS Operations: What certifications and security controls does the SaaS provider have in place? •  ✔ Data Residency: What are the regional, cross-geography data controls? •  ✔ Data Security: How is the data encrypted in transit and stored at-rest? What is the durability of the data? •  ✔ Data Privacy: What controls are in place to provide ethical walls? What data can my SaaS provider access? IaaS Infrastructure: Compute + Storage PaaS Distributed Database Services SaaS Application Services