CSA Cloud Bytes Webcast: Mitigating the Risks of Cyber Security Featuring Microsoft and Spanning
Information theft is the most expensive consequence of cybercrime, according to a recent Ponemon study. Business interruption following a cyberattack exacts a high price in productivity and business process failures—even greater than the cost of information and revenue losses.
The more data you share in the cloud, the more you expose it to attack. While there’s no one way to achieve absolute security for your data, there’s a lot you can do to safeguard against attacks and to stop them from crippling your business if they do occur.
In this webinar learn ways to more effectively protect your cloud-based data, detect threats, respond to attacks, and recover from them.
Moderator: Hello, and welcome to the Cloud Security Alliance’s webinar series, “Cloud Bytes.” Today’s Cloud Byte is entitled, “Protect, Detect, Respond and Recover: Mitigating the Risks of Cyber Security Threats in the Cloud.” As with all CSA Cloud Bytes, during the slide presentation, you will have the opportunity to submit questions at any time. Just use the Questions tab at the top of your screen. Time will be reserved towards the end of the webcast to address these questions. And without further ado, I turn it over to today’s presenters.
Mat Hamlin: Thanks, Kelly. This is Mat Hamlin. I’m Director of Products at Spanning by EMC. Spanning provides backup and recovery solutions for SaaS applications. I’ve been at Spanning for about 3 years, working on data protection and backup and recovery, and have about 10 years’ experience prior to that in identity management and security.
Will McNae: Right on. Good morning. Hi, my name is Will McNae. I’m with Microsoft, and I’m coming from a role within our Product Marketing teams for our Office 365 and Enterprise Mobility & Security solutions, along with Windows 10. So really, coming from a cohesive, kind of connected story in terms of security. And really, working with Mat and the Spanning team to look at a solution that is best-in-breed in terms of really targeting not only the risks of cyber security, but also how do we detect and then respond to it. So, thank you for joining us today. Why don’t we get right into this and kind of talk about what’s happening in the landscape today?
You know, a lot of things going on in the news. I think we hear about things from day to day. And I’m not here to throw a bunch of fear at you, but there’s a couple of stats that I want to be able to point out. And it’s that middle bullet, I think, on this slide, that is probably one of the most relevant stats right now in that 72% of companies weren’t able to fully restore their computer data. Whether it’s enterprise or small business — that the threat of cyber security is attacking all of us. And it’s really about, “What are your plans from an IT standpoint, from an employee standpoint, and from a boardroom standpoint to mitigate these things?”
When we look at some of the recent stats, the one common theme that I’d like to pose as a question to you is to really figure out, “What’s going on in all these stats that we have, at least on the screen right here?” And the point is that the hackers were getting in through a compromised vendor. And it wasn’t necessarily Wal-Mart’s security that let them in, but it was someone coming in the back door, someone who had been able to get an advantage of an administrative-type credential and come in as a known entity, basically, into these organizations. And, so, that’s really a scary point, especially if you are in an industry where you are supporting other larger entities. So, Mat, do you want to talk to us today about keys to our success?
Keys to Success
Mat: Sure. Thanks. Yeah. Our goal today is to eliminate some of the risks that are out there: some of the ways that you can protect your infrastructure, protect your data that’s in the cloud applications that you’re using today. But, also to talk about, “When an attack occurs, are you prepared? Do you have the right recovery and response plan in place? And have you been working with your organization to educate them on what’s necessary to properly protect company assets?” So, the three keys to success that we hope you come out of today learning a little bit more about is to — we suggest you safeguard your business with modern technology. There are a lot of services and platforms out there like Office 365 and Spanning that give you core business functions, right? Operational productivity, applications for email, and unstructured data. But, they come with a large amount of built-in security encryption, identity management access controls, and best-of-breed data loss prevention. So, those things are part of those applications and things that you get, just as a part of subscribing to their service. Those are great ways to leverage those kinds of platforms for your day-to-day business operations and gain those kinds of protective controls that are in place in those platforms, to just accompany them with that platform.
We also suggest you develop a response and recovery plan. Really, understand what you would do when a cyber security attack happens. It’s not just about removing any access that somebody gains that was the cause of being able to get into your infrastructure and cause damage or getting rid of the ransomware that has infiltrated your organization and then recovering back to a state where your business can operate. Those are critical parts of the process, but you also have legal ramifications amongst the cyber security breach as well. What’s your responsibility for notifying your employees, notifying your customers and partners? Are there legal obligations that you, as an organization, must stand up to in your region of operation? There are federal, state, local, country-specific requirements that — if you get breached, if you lose data — what do you have to disclose? What’s the proper steps along the lines to respond and then communicate about this breach to all of the constituents that you work with?
All right. And lastly, again, just build a culture of security. Security is everyone’s job. Most IT practices are some mix of people, process, and technology. I definitely encourage you to consider the people aspect of that — not just the IT organization, not just the things that you are responsible for — but to educate your entire organization about, the cyber security threats that are out there. Tell them about the controls you do have in place. Tell them what you are doing to protect the data, and what they may see as they use the technology. But also, empower them. Make that part of your culture — to let them know that cyber security risks, security threats affect the business, affect the day-to-day operations of the company itself.
NIST Cybersecurity Framework
And then, really quick, before we go on and get into a little bit of detail about these different areas, I did want to bring up the full overview of the NIST Cybersecurity Framework. NIST is an organization that focuses on security practices. Their pillars of the Cybersecurity Framework are Identify, Protect, Detect, Respond, and Recover. We’re going to focus today on the last four, based off of Will’s and my expertise and the different areas of security and protection that we work on. And we’ll definitely focus, under Protect, around data security. Those are sort of preventative controls and data classification — things that you can put in place to ensure that, the right people have the right access to the right data, and no one else. Understand what data you have and how important it is. Essentially, classify a set of that data, so you can put the right controls around it. And then, some protective technology to make sure that different hackers, or external or internal threats, can’t shut down your service or get in and breach those walls that that you’ve put in place.
Under Detect, obviously, anytime there are attacks in place, anytime there are behaviors internally or externally that affect your data and your technology, you want to have monitoring in place for that, as well as detection of different processes, different unusual behavior. Under Respond, I’ll cover respond and recover. Response is really, first and foremost, about making sure that when an attack occurs, you are able to properly respond internally to get your systems and data back up and continue your business operations. Remove the threat that was there if that’s possible — if it’s something like ransomware — and then, from there, push forward with that sometimes-lengthy process of communications, analysis, mitigations, improvements. Proving to your company and to your internal board and to your external constituents that, “The cybersecurity attack did happen. This is how we responded. This is the process that we have in place. And, we’re going to improve from where we are, but we were in a good place to begin with as well.”
And lastly, Recover. Being able to quickly access and restore any data or systems that were impacted by the cybersecurity attack is vitally important. Making sure that the data that you have under your control — whether it’s on-premises or in a cloud application, like Office 365 — to make sure that you have access to restore that data very, very quickly and efficiently to get back up and running. So, with that, I’ll hand it back over to Will to talk a little bit about some of the preventative and controls side of this cybersecurity story we’re telling, focus on Protect, Detect, and a little bit on the Respond.
Top Mobile Security Challenges
Will: Yeah. Thanks. Thanks, Mat. So, I think it’s the framework. And I just want to let you know — Spanning and Microsoft — we are operating on the same framework as we go through this. And I think that’s one of the best reasons for a comprehensive solution when we’re looking at total protection and getting to that state with you and that journey along this path. Let me just pose a few of the top security challenges that were top-of-mind that we’re trying to solve for and we’re helping organizations solve for today. One of them being this notion that, you know, users are showing up with phones, a bring-your-own-device to work type deal. And in the spirit of trying to support employees to be more productive, to be more flexible, to use technology the way they want to and what they’re comfortable with, it’s really posing a challenge. Right? How do you draw a line between corporate data on that phone, and then personal data? Your Word and Excel apps are sitting right next to Instagram and Snapchat, and Pokémon Go.
They’re all intermixed, and so that that notion of, “How do you draw a line between what’s sensitive, corporate, and confidential versus shareable, personal? And when that employee brings it into the work environment and then takes it back out of the work environment, what are the things we need to think about, ensuring that that data is either deleted or removed, or pulled back, or not accessible to still be used in those personal apps?” Then, we look at — from the Microsoft perspective — of course, like the Office Mobile apps. How are those apps running on unmanaged devices? Is it running on an Android device? Is it running on an Apple iPad? And is that okay? How do we help your organization make those decisions from an IT standpoint?
And then, what about when users bypass your corporate policies for app usage? The personal apps, the free or the freemium apps that are being brought in the organization, how do you get a handle on even identifying what’s out there in the market. What is happening — what’s being used on your devices to help prevent risk? Passwords are one of those things that, [with] every application, everything we’re using today seems to be requiring its own set of username and passwords. How do you streamline that? How do you help agencies come into your business and give them conditional access for a short period of time, or a specific username and password that you can revoke if that agency’s statement of work is up?
Not only do we need to help you understand about, you know, when the employee brings a device into the work environment, but what about when they take it out? Not even, when the employee maybe leaves the company. But what about, “Hey, I want to upgrade my phone, and I’m going to do it on a Saturday? And I’m going to come back into work on Monday, and I expect my new device to be enrolled into the company IT infrastructure. But what also happens to that device when the person leaves it at the store? Maybe it’s a trade-in. Did they remember to wipe all the company data? Did they remember to delete things, take apps off? Or are they trusting that the cell phone provider is going to do that, in terms of a fresh wipe? So, what can IT do to ensure that those devices are clean?
And then what about this notion of productivity? Sharing things over email — that’s how we’re being productive today. Right? But how do you put some controls around that and help employees know that data is being safe and held confidential if need be? And then, from supporting multiple devices, it’s not getting any easier it seems like. New devices are coming into the organization, so having a solution that can manage multiple OS’s. Both, from a PC standpoint, from a Mac standpoint, or from a mobile device standpoint — including tablets and phones — it doesn’t matter the manufacturer anymore. You need a solution to be able to cover all that technology.
So, when we think about, “What was it like in the old days?”, it used to be a lot easier to protect against attacks. Right? You could put up a firewall. You could install antivirus software. Your company, if it was basically dealing with particular sensitive information, could also issue PCs to employees, and then get them to be locked down using your strict policies. This protected your company in what we call “the perimeter.” All right? Ensuring that, you knew information that was inside company walls was safe from intrusion.
But that’s not the world we’re living in anymore. Right? There are no perimeters around companies. Because information isn’t just living inside of your company walls today. It’s getting stored in cloud services. It’s getting saved on employees’ personal devices. People are accessing your data through cloud-based apps or SaaS apps. And there’s the applications that employees sign up for on their own — LinkedIn or Twitter, or Facebook, and all those apps that we are encouraging our employees to use and be smart about. But those applications are in your organization today.
So, you want to support the notion of working anywhere, anytime, and on any device. Right? I mean, that is the path we’re on, it seems like, today. It provides convenience and additional productivity. So, the question then becomes, how do you protect your data and your network? You still have to do that. And, so, the thing to be thinking about is that every time a user is attempting to access that data, like you have to know what’s going on, so you can help control risk. And there is a lot of potential security risk out there today, especially, in IT. So, you need a way to really help employees use their own devices while still using their favorite tools.
Microsoft’s Security Posture
All right. Microsoft, for the past 15 years — this strategy of managing security risk — has been to protect, detect, and respond. And then that’s going to be a common theme you’re going to hear from myself and from Mat, as we go forward. So, let’s dive into a little bit about the Protect piece, and then we’ll get into the detection as well. There’s a lot of technology out there today around protection. That’s readily available. Usually, it’s protecting endpoints like applications or devices. But here’s the problem: most companies have already been breached. And if there’s one thing I can get you to think about today, it would be this: I would like you, — I’d like to challenge you, actually, to be thinking about your organization in terms of a proactive stance.
Think of yourself as already being breached. And I think the stats, the data that is available today is pretty clear in the sense that attackers can stay within your organization for up to 200 days without being known. Things are happening at a very rapid pace. The bad guys aren’t going anywhere, they’re just getting better funded. And, so, if you can put on more of a proactive stance about, “Hey, let’s just take an attitude of we have been breached. What do we need to do about it?”, I think you’re going to be in a much better place going forward. And we have the tools and the solution here to help you do that.
The next thing is about detection, is detecting those intrusions. And the resources you need, need to be more advanced than what we’ve been working with over the last few years. Not only having a security camera basically at your front door watching who’s coming in, but having some automation in there, tools that can help you respond to it in an intelligent way.
Enterprise Mobility + Security
I know a lot of companies don’t have full-time security experts, nor the volumes of data or data centers dedicated to churning through data, developing intelligence through what we call “machine learning,” but Microsoft does. And you know what? You can take advantage of that and take advantage of our security expertise and resources through our solutions like Office 365 and our Enterprise Mobility + Security, and even Windows 10 Enterprise if you’re going down that path.
So, let’s talk about a couple of specifics, and let me dive into the Microsoft and Spanning solution together, just kind of looking at this cohesive solution. Our solution provides protection and response across a number of things. It uses user identity, which I think is a real core differentiation that Microsoft has in the marketplace, where we look at the identity of the user, not just the device that they may be using. And we also protect the device itself and the applications that are running on it, and also file content. But no other solution in the marketplace is providing this comprehensive range of security. And we support all types of devices, not just those running the Microsoft operating systems. And unlike other solutions, we work both inside and outside your organizational wall. So, on-premise and in the cloud.
We allow companies to manage applications and devices without having to lock them down. And I think that is, or can be, very frustrating for employees when you are wrapping things in a non-robust container, or you’re locking my phone down, and you’re controlling it or you’re restricting it, and I can’t use my phone like I used to. You’re containerizing my contacts so that I can’t copy information out of it, but you’re turning it into an unusable mode of trying to be productive.
And then, listen, you know what? Accidents happen, right? Accidents happen, everything from copying data out of the wrong place, or accidents happen from sometimes even leaving “doors” open somewhere. And hackers like to infiltrate networks by infecting the devices and often through phishing attacks or malware, and they can deploy those by email attachments.
So, here’s kind of the process that it usually goes down… Infected devices connect to an organization’s network. Hackers can then activate the malware, and then they can get in through the organization until they find some sort of an administrative privilege. They keep working their way up through a network inside your company. And again, they can stay quiet inside your organization for usually up to 200 days without being detected. They’re very hard to detect. And, so, you have to be able to protect the data that’s both stored on the device and that’s being stored across a network. And Microsoft helps organizations manage those devices and applications to make it possible for employees to access company resources from virtually anywhere on almost any device. And I want to repeat, definitely, Microsoft devices, but also Apple and Android.
So, let me just close with this before I turn it back over to Mat, and I want to let you know that the protection and detection are two very important pieces of a cohesive solution. But if you’re not able to get information that’s in a usable format, like if we’re not telling you what to do next or putting some automation tools in there, then we’re not getting you all the way to the goal line, in terms of being able to protect your organization. And with parts of our solution, one of them being called “Advanced Threat Analytics,” it can actually detect things. Intrusions that are coming in that are not normal behavior, or logins that are coming from other parts of the world that you know you don’t have employees traveling at that point. But it can also give you the recommended next steps.
So, in terms of our two solutions working together, there’s a very powerful tool for you to be able to get very advanced tools, very enterprise-focused, at prices that are lower, that really any business at this point can afford. And when you look at the amount of money that is being spent in terms of incidents, or having to pay out in terms of fines, it’s really something that I’d like to challenge you to really take a hard look at to figure out, “Does this work for us? Can we live, can we keep going in normal business without a solution like this from these companies?” And so, with that, Mat, I will turn it over to you to talk about, “What next?”
Top Challenges After an Attack
Mat: Thank you. I think that’s a great overview of the situations that we see organizations get into, and a good overview of the preventative controls that are necessary in today’s environment. I also really like your discussion about, “Operate as you have already been breached.” That, I think, focuses the efforts and shines light on processes that sometimes get overlooked. So — doing everything you can to reduce your risk posture — a great place to start is just to push on those processes. Pretend you have been breached or operate as you have, and you’re in a mode where you’re trying to improve where you are because it’s imperative.
So, I’m going to cover the activities and risks, and processes associated with what happens after an attack. There’s a statistic later, I believe it says something like 27% of small to medium businesses have suffered from a cybersecurity attack. So, you need to operate as if it’s going to happen. It’s just a matter of time. What we see, and I think Will and I both — just in talking with lots of customers and prospects and industry analysts is — after an attack occurs, we continue to see these top challenges from businesses of all size. I think that the activities that a business takes after a cybersecurity attack are fairly similar in pattern, regardless of the size of the company. But, if you’re a larger company, and you do have a funded security team or a security response team, there’s still a lot of activity that needs to happen, and even more in a large organization.
The topics I’ll cover today apply to businesses of all sizes. I think the breadth and scope of what needs to happen does get larger as the business grows larger, but they’re challenges for everyone. I think everyone can benefit from the discussion here. What we see is that sometimes the required response is not well understood. Many times, especially in a small to medium business, where there isn’t a dedicated security professional on-staff, when a breach occurs, obviously getting the business back up and running, closing the holes that were used to penetrate the network or access data, and remove those threat vectors. But what happens after that? “What are we supposed to do? Who are we supposed to notify? How are we going to change and improve our process?” I don’t think those are well understood in a number of organizations.
We see an incomplete or inadequate response plan. Again, operate as if you’ve been breached. And what steps are you taking to resolve the issues that have come to light because of that breach, and how are you going to improve that process? We see lack of funding to properly execute those response and recovery plans. Even if you know what you should do, do you have the investment, do you have the budget to go properly execute those plans and what you think you need to do? Steps to completely recover are unclear. Even after you’ve been attacked, well-known plans under a variety of different scenarios about what you need to go do, both from a technology standpoint and data standpoint and a communication standpoint. I think that those are unclear, and that the breadth of what people are planning for could improve.
We do see the inability to properly recover lost or damaged data. In scenarios where a malicious insider or outsider does get into an environment, they can take data, or steal data. You see that a lot in some of the headlines that Will showed before. But they can also come in and update data, delete data, hold data ransom and encrypt that data, and an organization’s ability to get that information back to continue the business forward, we continue to see that real data loss is occurring because of these activities. If the organization does have a required RTO — a recovery time objective — there’s a defined process in place and a defined metric that says, “If we get breached, if there’s a malicious attack internally, if data gets lost or systems go down, what is our expected time to be back up and running, and productive?” Some don’t have properly defined RTOs related to all the applications that they’re leveraging for their core business processes.
Sometimes there is an RTO in place, but an organization’s ability to meet that RTO in the variety of scenarios that we’re talking about sometimes isn’t well executed and well tested. How do you get data back into Office 365 if there’s just been a mass deletion? How do you recover from a cybersecurity attack, which the best course of action was to remove a significant amount of data from your mobile devices, potentially, for corporate-sponsored or bring-your-own-device? If you’re trying to clean things up, how do you get the data back out to the right format, so you keep people productive? And is that in line with the business’s understanding of what you’re providing for them? And then, lastly, really just a lack of a communication plan, both internally and externally. When an attack happens, is there a clear and formulated communications plan from your organization to the rest of the company, and to your partners and to your customers?
Data Protection and Response Services
I’m going to go through some scenarios related to Protect, Respond, and Recover. Under Protect, being a backup and recovery vendor, we’re going to focus on data protection. A lot of what Will was talking about earlier I usually put in the bucket of data security, data loss prevention, [and] data leakage. They’re those preventive controls that help you understand what data you have, where it should move, how it should move there, and then making sure that you’re closing all those security holes or doors that might be penetrated. Data protection is more about managing the data that your company uses every day, that your company creates, that are vital to business operations. If you’re in an organization where you’ve got legal contracts, if you’re in a highly regulated industry where communications with patients or with partners is subject to a criminal or civil litigation scenario. So, there are situations where the data that your company uses and produces must be available at all times. And any amount of waft of that data, whether it’s an update or you’ve destroyed existing content or written it, or completely deleted data, you need to be able to have full control over that data. It is data that you create, you produce, and you own, so you need to be able to have a copy of that to be able to recover very quickly.
I’ll talk a little bit about response, and I would say the ‘nontechnical’ aspects of the response responsibility for your organization. Really, focused on some cybersecurity services out there that can help the organization if you are small or medium and don’t have that investment or internal team to carry out those responsibilities. And then, lastly, Recover is the last pillar in the NIST Cybersecurity Framework. How are you going to recover from an attack? And, again, being a backup and recovery vendor, you’ll see time and time again, articles online about ransomware, [and] about cybersecurity attacks. And most of the time, somewhere in the last paragraph, it says, “First and foremost, make sure you back up your data so that you can recover it.” That ends up being the punchline in many of the end of those articles.
Which is, even with great security — even moving to modern technology like Office 365, using the Enterprise Mobility + Security, and all the preventative controls that you have in place, properly managing the entities and access — all of those things will greatly reduce your risk posture. But things can still happen, right? People with legitimate access to data internally in your organization can make mistakes, or they can destroy data maliciously. You still have ransomware attacks that come in through phishing, where you may or may not have people to detect that and control your employees’ behavior. And then ransomware itself, a lot of times when it encrypts files, it’s very difficult to understand if an encryption was legitimate or malicious — by the provider, by the Office 365 platform, or from whatever it might be. So, things still happen. We see it time and time again. We’ve done a lot of large recoveries for our customers over time.
So, a little bit about ‘Protect.’ There’s a statistic here, 80% of small to medium businesses don’t use data protection. That’s a pretty broad-sweeping statement. But, in general, this comes from some research that shows that business data across the whole organization, very often, isn’t fully protected to the level that it needs to be. Focusing on our combined solution here, which is really related to cloud data — data that you have in Office 365 and in the cloud applications, SaaS services — 47% of the organizations rely solely on the cloud provider for that data protection. And this is where a combined solution will put you in the lowest risk level that you can be.
Microsoft does a great job of making sure that the Office 365 platform is highly available, very resilient, resilient to threats and changes, [and] very reactive. If there’s a new ransomware that comes out, if it affects a few of their customers because it’s very well-unknown — very, very new — they react very quickly and can deploy security to react to that. But at the end of the day, their responsibility is to run the application, make sure it’s highly available to your organization so you can always get to your email, to your unstructured data, or to your CRM data potentially. And then, make sure they’ve done everything possible to give you the power to control the security of that data. But at the end of the day, that data you put into Office 365 is your data, it’s your responsibility.
If you ask Microsoft to change data, delete data, move data, or change permissions, they will carry out those tasks. That’s part of the SLA. There are just some scenarios where it’s not possible for them to understand if the change was intended, legitimate, if it was being done by a user who has proper access, if it’s malicious, or if it’s external. So normal operations of working with data can lead to data loss in situations where Microsoft as the application provider can’t know whether it was intended or not. Right? So, that’s where additional backup and recovery and data protection from someone like Spanning can help. It gives you that control over being able to have access to that data and restore it, in case of these scenarios where there are some gaps.
We’ll talk about ‘Response.’ Will talked about making sure that the modern technology you do have in place gives you clear guidance, as much as possible on what happened, “What do I need to do next, to remove the threat, to remove the malware or ransomware, and get my systems back up and running?” So, great technology there to understand, “Operationally, what do we need to do to get back up and running?” Obviously, being able to get data back into a usable format is part of that. But, for here, I kind of want to talk about the non-technology side of the equation — after the breach happens, when you’re focused on getting your systems back up and running, understanding & doing the investigation to identify what happened. Oftentimes, there’s a large set of tasks that need to occur after that, and it’s really about people and process.
There are required responses in many states, in many regions. If you operate in a regulated industry — whether it’s education, state and local, healthcare, financial services, insurance — there are, clear and documented, the required activities that you have to take as an organization when a cybersecurity data loss event occurs, and those needed around applications as well. And, so, there are a number of services out there that will be your response team; kind of, on-call, in case a cybersecurity attack happens. You can spin up those services, and they will help you execute all of those various tasks, as well as, included in some of those packages is cybersecurity insurance. So, taking on the burden of monetary loss related to these, both first- and third-party damages, business income loss, by partnering with an insurance provider. You’ll get a link at the end of the presentation where you can go and learn more about that.
But, if you’re worried about this legal implication of a breach and what your response needs to be, there’s a lot that gets very complicated, and it takes a lot of resources internally to fully understand and execute on that. By having something that is a great opportunity to leverage an expert in that area — leverage services that will spin up and react immediately once a breach happens — and both take care of and help you through those processes to do what you need to do. And at the same time, it being an insurance provider or cybersecurity insurance, they will also cover the cost of this. They will cover the cost of impacted third-parties and potentially even cover your business loss as well. So, take a look at that.
Then, lastly, ‘Recover’ — your ability to get back to an operational state for your organization is critical. Every minute, hour, day of downtime has a quantifiable material impact on your organization, both from your ability to transact with partners and customers, but also from employee productivity. Downtime, again, has a huge financial impact. So, here, I’ve got a statistic – 72% of customers that were surveyed in the research here were not able to fully restore their data. And when we say, “fully restore,” the data itself is important, but getting the data back into a usable format and into a usable state is also very, very important.
So as an example, if you lose 100 documents because of a malicious behavior, if it gets deleted and wiped — cleared out of recycling bins and you’re trying to get those back — you may have some controls in place or mechanisms to get those files back. But how long does it take you to get them back, to verify that they’re correct, [that] this is the right version? And then understand, “Who had access to that data? Who needs access to that data? Who is off currently looking for it and recreating it? How do I push it back out to the devices that it was on previously?” So sometimes a full recovery, you have to consider not just the data but the metadata and the access to the information. Because until that information is back and is available to the people who need it, it’s not a full recovery.
Another stat here is that 33% of respondents had took three or more days to recover that data. And this is why I would suggest, [going] back to Will’s suggestion, operate as if you’ve been breached. Go through that process. If you’re aware that it takes over three days to get your data back, is that acceptable or not? What steps can you take to lower that number, to improve your RTO as it were? Spanning products focus 100% on backup and recovery of SaaS data, so we have products for Office 365, Salesforce, and Google Workspace. I’m responsible for driving product direction and strategy, and one of the pillars we hold up as a lens for almost all that we do is restore production, “How can we get data back in the fastest manner possible with the highest fidelity possible?” I always say, for a person who has lost data or identified that data’s been lost or changed, the fastest way to get it back is to allow them to recover the data. So, our products have administrative interfaces, where data can be found and restored. We also enable end users to find and restore their own lost data.
Keys to Success
Okay. So, just to wrap up, I wanted to bring back this slide just to kind of summarize what we’ve talked about. Again, cybersecurity attacks and cybersecurity threats continue to happen, continue to escalate. We definitely suggest taking a look at your existing technology, existing security practices and, consider updating those. And move to a modern technology — Software as a Service platform like Office 365 — which will give you the business functions that you need, as well as comes with a massive amount of built-in security protection against resiliency. You know, you can react to changes in the environment — react to new threats — and provide new features and new functionality quickly to all other customers who are actually not always trying to patch something on-premises. That happens automatically in the platform, giving you that resiliency in there as well.
Develop a response and recovery plan. Know what you’re going to do when an attack happens. Definitely run through those scenarios. Understand who’s responsible for what, “Who’s responsible for identifying what happened? Who’s responsible for recovery? Who do you need to tell? Who’s going to tell the board? Does your legal team have insight into what you’re doing and what may be coming their way?” And then, lastly, communicate, communicate, communicate. The more awareness you can bring to your organization about the threats, about your existing controls — what you have in place to protect data as much as possible without impacting their daily lives as much as possible — it will just increase the awareness across your organization and empower them to feel confident that what they’re doing as much as possible is in a controlled environment that is somewhat transparent to them. It’ll give them confidence to work throughout the day and not have fears of wondering, “Is what I’m doing going to cause a problem? Is my behavior going to lead to a cybersecurity attack?” You want them to be very aware of that, but you also want them to be very aware of controls that are in place.
All right. And, so, on the last slide here, I just have a couple of links. If you’re interested in learning more about Spanning, we have a specific Cybersecurity section, spanning.com/cybersecurity. I also have a link here to our Resources section which has a whole set of information, datasheets and videos, and case studies, if you’re interested in learning more. And then, Will, do you want to talk about the Microsoft pieces here?
Will: Yeah. Thanks, Mat. Listen, we’ve got a “Just to Get Started” page at microsoft.com/ems, and that will get you to our Enterprise Mobility + Security page, where you can learn about more of the technologies that go into this suite of solutions, including our Azure Active Directory Premium components and Azure Rights Management, and also Intune for device management. And then, the second link there is really talking about the overarching security story for Microsoft today, and where we’re going across solutions — so across Office 365 all the way to Windows 10 and other products that are coming into this fold — and to really kind of round out the holistic approach here. So again, Mat, great job. And really, I love how we can put actionable tools into a next step for you to really take some action today.
Mat: Yeah. Agreed. Thanks, Will. So, at this time, I think we’ll cover any questions that have been asked along the way. Okay. I don’t see any questions in the queue at this point. If you have any questions, please feel free to pop them into the questions area. We’ll be happy to answer them.
Will: You know, Mat, maybe one question is, if someone wants to learn more, can they reach out to you? Is that the right approach? What’s the next step for information beyond just clicking on those links?
Mat: Yeah, absolutely. I think the cybersecurity-specific landing page we have on our website is a good start to get some foundational information. I’m very open, if anyone personally on here would like to have more information or just wants to chat about these different topics, feel free to email me directly. I’m happy to chat, [email protected]
Okay. At this time, I still don’t see any questions in the queue. I think we’re running up just about on time. I think we’re about 50 minutes in. So, with that, I guess I’ll say, thank you, Will, very much, great information. Thank you to Cloud Security Alliance for the opportunity to present today on the “CloudBytes” webinar series. Anything else, Will?
Will: Well, that’s it. Thanks for being a great partner. Thank you for including us in this solution, and we’re really excited about, you know, helping mutual customers really protect and get proactive in their stance on cybersecurity.
Mat: All right. Thanks, everyone. Kelly, back to you.
Moderator: All right. Thank you, guys, so much. The recording of this webinar will be available within minutes of the conclusion. Simply use the same link to re-watch. You can also re-watch this webinar, the other recorded webinars, or sign up for new ones by going to www.cloudsecurityalliance.org/research/cloudbytes. If you have additional questions, or you’re a CSA corporate member and would like to schedule your own CloudByte, please email the Cloud Security Alliance Research team at [email protected] Lastly, please remember to subscribe to this channel, so you can stay up to date on all things cloud. Thank you for attending today’s webinar and have a wonderful day.