Enabling Dropbox for Business

Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute!

Enabling Dropbox for Business

Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.

Excellent security team and controls in

place to protect your data from hackers

More and more enterprises are confident

trusting their data with Dropbox

Can be deployed with a

Single Sign-On solution

Dropbox for Business is a secure solution

Johnny.B.Good

•••••••••••••••


Johnny.B.Good

•••••••••••••••

What is not secure…

Password-based authentication has

inherent limitations

Human Nature – intentional or accidental

misuse of a valuable tool

Even if the tool is secure, organizations need

to govern their use of the tool

Compliance Risks?

Compromised Credentials?

Malicious Insiders?

Data Governance?

Malware Threats?

Unsecured BYOD Access?


No malicious intent just bad practice

Determined internal threat

Compromised devices or credentials

Inappropriate sharing of

critical content

Broad sharing of data

outside of specified groups

Moving restricted data

between services

Sending data to external sources

without considering implications

Failing to limit collaborators

to appropriate groups

Disgruntled employee

Dishonest Employee

Employee leaving to

join competitor

Terminated employee

who still has access

Uploading critical data

to personal storage

Phishing attacks

Man in the middle

Keystroke loggers

Stolen device

Stolen credentials

Socially engineered theft

Threat Vectors

12%7%80%

Aberdeen Group reportSaaS Data Loss — The Problem You Didn’t Know You Had (2014)


Zeus-style malware hidden under

user https session

Illegal transactions made.Data stolen and uploaded

under https session! No visibility

Malware Example

Zeus-like Malware targets Cloud Apps

Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute. 6

Who Controls Sharing?

Sharing has become

democratized (no longer top-

down controls)

Even file owners no longer fully control how their files are shared

Alice shares a file with

Bob

Shadow Data

Bob shares that file publicly

without Alice’s knowledge

READ WRITEREAD ONLY

READ ONLYREAD ONLY

READ ONLYREAD ONLY

READ WRITE

READ WRITE

READ WRITEREAD WRITE

READ WRITEREAD ONLY

READ WRITEREAD ONLY

READ WRITEREAD ONLYREAD ONLY

READ WRITE

READ ONLY

READ WRITEREAD ONLYREAD WRITE

READ WRITEREAD ONLY

READ ONLYREAD ONLY

READ WRITEREAD WRITE

READ WRITE

READ ONLY

READ ONLY

READ ONLY

READ ONLY

READ ONLYREAD ONLY

READ ONLYREAD ONLY

READ ONLYREAD ONLY

READ ONLY


Inadvertent Sharing

Legacy Sharing

Over Sharing

Public Shares /“Loose” Shares

Inherited File & Folder

Permissions

Forgotten Shares

Shadow Data

former staff freelance contractorfrom 2007

media contact with access to master

“marketing” folder


files stored in the

cloud per user

(average)

All Company

68%

files per user are

broadly shared

(average) External

19%

13%

Public

contain compliance related data

PII

56%29%

PHI

15%

PCI

20%of these files

2037 185

5% of users responsible for 85% of risk!

Shadow Data


Bob

Shared

Payroll.docx

with Alice

But it’s not that

simple Alice is anExternal Collaborator

UsingDropbox

From anUnmanaged Device

The File ContainsPII Risk

From anAnomalous Location

Required Granularity of Visibility and Control


Relies on outdated perimeter concept

Does not understand cloud app activity at a granular level

Is not context aware

Many times ignores encrypted traffic

Assumes links are safe

Traditional Security Approaches Fall Short

Traditional Company Environment

?


Gaining Visibility into Cloud Apps

Gateway

front door

back door


StreamIQ™

Deep visibility into

encrypted cloud traffic

Extracts all cloud

service objects and

activities (upload,

download,

share, delete)

Understands internal

vs. external

collaborators

ContentIQ™

Machine learning, semantic

analysis, natural language

processing, etc. used to provide

accurate file classification and

risk assessment (PII, PCI,

HIPAA, Source Code, etc.)

Use the above in policy to easily

alert, block, or remediate

ThreatScore™

Dozens of machine learning models

run per-user against StreamIQ™

events to tease out weak signals

indicating compromise, intentional

malicious activity, or accidental risky

behavior

Never before possible at this scale100’s of thousands of users harnessing the power of the cloud

Data Science Enables File Sharing in the Cloud


Data Science PoweredTM Cloud App Security

Elastica GW

Cloud APIs

FW Logs

ElasticaCloudSOC™

Business Readiness Rating™

ThreatScore™

Content Classification

Granular Cloud Usage

PII PCI PHI Source Code

StreamIQ™

ContentIQ™

Machine Learning Semantic Analysis Natural Language Processing Graph Theory

Data Science Powered™ Cloud App Security

Fully understand how files are being shared in your organization

Quick and Easy – setup in minutes.Start seeing results in a couple hours!

Expose risky content and develop policy/coach users

Find PII, PCI, HIPAA, Encrypted/Compressed Files, Source Code and more

Drill down on risky behaviors and perform immediate incident response

Find compromised user accounts, suspicious behavior, malware

Get your Shadow Data Risk Assessment from your local Elastica team today!

Visit us to learn how

you can find risks and

protect critical content

in your file sharing

apps.

elastica.netEnabling Dropbox for Business

Enabling Dropbox for Business

Technology

copyright c

confidential information

critical data

restricted data

data governance

bob shadow data bob

file owners

solution dropbox