Cloud Services Risk Assessment Report - Veracomp Adria

2y ago
59 Views
2 Downloads
732.95 KB
16 Pages
Last View : 16d ago
Last Download : 8m ago
Upload by : Aydin Oneil
Transcription

Cloud ServicesRisk Assessment ReportShadow IT Analytics & Business Readiness RatingsJanuary 1, 2015Based on all data sources from December 1, 2014 to December 31, 2014

Legend & TerminologyShadow ITCloud or SaaS Services already adopted by users in your enterprise without prior approval from IT These services may pose risk exposure or compliance issues.AccessBusiness Readiness Rating (BRR)AdministrativeBRR (on a scale from 1-100) is assigned to cloud services based on a comprehensive set ofattributes such as whether a cloud service meets certain compliance certifications, hasmulti-factor authentication and requires strong password rules.ServiceBusinessInformationalAttributes are categorized into seven dimensions and each dimension is graded on a star chart.ComplianceAudit ScoreUser-Weighted Average BRR of all services discovered. Simply put, more users usingservices with low BRR, lower the average BRR or Audit Score.MoreUsersHigh Risk Services&DataLowBRRServices LowAuditScore 49Services with BRR less than 50Med Risk Services50 79Services with BRR between 50 and 79 inclusiveNew ServicesServices discovered for the first time in the user defined time rangeUsersRepresented by username, user ID, IP address or random number (in case of anonymization)SessionsHTTP sessions represent how “chatty” the service is.DestinationsGeographic location(s) of where the service is hostedLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Data Sourcesfrom Dec 1, 2014 to Dec 31, 20140.13.0-15JUNIPEROCT1 2nd0.13.0-16KU-Cisco BSD192.168.25-allMcAfee Normal FilterBernMcAfee Normal OutputBlueCoatFirewallMZ - PAN IETF DEFAULTCheckpoint July 17MZ - BarracudaCheckpoint New DelimiterMZ - Cisco BSD DefaultCisco 2ndOct1PA-200-ALL.tar.gzCisco ASAPA-ALLCisco-AppzPAN 0.15.2Cisco-BSDPAN BSD DEFAULTcisco-lmdbPAN BSD ISOcisco-newPAN IETF CUSTOMCiscoASA-Oct1PAN IETF AltoJuniper at Juniper SRXCiscoGP-CustomMcAfee Web GatewayGP-NewMcAfee Web GatewayJP-SRXJuniper SRXJP-SRX-2Juniper SRXJP-SRX-GoogleJuniper SRXJuniper-0.16.0-7Juniper SRXLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Table of ContentsEXECUTIVE SUMMARY4-9Risky Services4Most Used Services5New Services6Most Active Users7Service Categories8Service Hosting Locations & Data Centers9LIST OF DISCOVERED SERVICES10LIST OF USERS17RECOMMENDATIONS24Learn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Risky ServicesBased on all data sources from Dec 1, 2014 to Dec 31, 2014421Serviceswere discoveredin your environmentAudit Score ofall discovered services is56189out of 421 services (45%)are at medium or higher riskMOST USED SERVICES54 of these services (29%) are used by at least 20% of usersNEW SERVICES18 of these services (10%) are new servicesUSERS1,189 of 2,230 users (53%) use these servicesCAT E G O R I E S7 of 14 categories (50%) belong to these servicesDATA U P LOA D45GB of 241GB uploads (19%) to these servicesDATA D OW N LOA D128GB of 609GB downloads (21%) from these servicesSESSIONS138,000 of 431,250 sessions (32%) are by these servicesD E S T I N AT I O N S3 of 30 destinations (10%) host these servicesLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Most Used ServicesBased on all data sources from Dec 1, 2014 to Dec 31, 2014421Serviceswere discoveredin your environment135out of 421 services (32%)are used by at least 20% of usersRISKY SERVICES31 of these services (23%) are at medium or higher riskNEW SERVICES10 of these services (16%) are new servicesUSERS1,784 of 2,230 users (80%) use these servicesCAT E G O R I E S8 of 14 categories (57%) belong to these servicesDATA U P LOA D56GB of 241GB uploads (23%) to these servicesDATA D OW N LOA D491GB of 609GB downloads (81%) from these servicesSESSIONS305,761 of 431,250 sessions (71%) are by these servicesD E S T I N AT I O N S12 of 30 destinations (40%) host these servicesLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

New ServicesBased on all data sources from Dec 1, 2014 to Dec 31, 2014421Serviceswere discoveredin your environment16out of 421 services (4%)are newly discovered during this periodRISKY SERVICES12 of these services (75%) are at medium or higher riskMOST USED SERVICESNone of these services is used by at least 20% of usersUSERS63 of 2,230 users (3%) use these servicesCAT E G O R I E S2 of 14 categories (14%) belong to these servicesDATA U P LOA D931MB of 241GB uploads ( 1%) to these servicesDATA D OW N LOA D2GB of 609GB downloads ( 1%) from these servicesSESSIONS4,947 of 431,250 sessions (1%) are by these servicesD E S T I N AT I O N S2 of 30 destinations (7%) host these servicesLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Most Active UsersBased on all data sources from Dec 1, 2014 to Dec 31, 2014887Usersin the company access421 SaaS services20% of active users (177 users) use:ALL SERVICES50 of 421 services (12%)RISKY SERVICES42 of 189 risky services (22%)NEW SERVICES8 of 16 new services (50%)DATA U P LOA D56GB of 241GB data upload (23%)DATA D OW N LOA D491GB of 609GB data download (81%)SESSIONS305,761 of 431,250 sessions (71%)Learn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Service CategoriesBased on all data sources from Dec 1, 2014 to Dec 31, 201414Categoriesbelong to the 489 servicesdiscovered in your environment7of these categories (50%)belong to the risky servicesOnline Surveys (48%)Inbound Marketing (43%)TO P R I S K Y CAT E G O R I E SBASED ON USERSSurvey Data Analysis (31%)Customer Experience Management (28%)E-commerce (27%)Video Platform (48%)IT Training (43%)TO P R I S K Y CAT E G O R I E SB A S E D O N DATA U S AG EEmployee Career management (31%)Software Development (28%)Supply Chain Management (27%)Social Networking (48%)Video Platform (43%)TO P R I S K Y CAT E G O R I E SBASED ON SESSIONSIT Training (31%)Media (28%)Supply Chain Management (27%)Learn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Service Hosting Locations & Data CentersBased on all data sources from Dec 1, 2014 to Dec 31, 2014Locations of the risky andmost used servicesLocations of thetop 5 data centersD E S T I N AT I O N S T H AT H O S TRISKY SERVICES35 of 145 destinations (24%)host the 189 risky servicesD E S T I N AT I O N S T H AT H O S TMOST USED SERVICES63 of 145 destinations (43%)host the 135 most used servicesDATA C E N T E R S T H AT A R EMOST USEDTop 5 of 12 data centersaccount for 59% of 32GB total trafficAsburn (49%)Mountain View (42%)Amazon Web Services (31%)United StatesUnited States13 locations, privateCambridge (38%)Seattle (28%)Windows Azure (12%)United StatesUnited States5 locations, privateUnknown (35%)Santa Monica (9%)CloudScaling (8%)United StatesUnited States1 location, hosted on RackspaceSan Antonio (30%)San Jose (5%)Rackspace Cloud (5%)United StatesUnited States1 location, privateSeattle (21%)San Francisco (4%)Softlayer (3%)United StatesUnited States3 locations, privateLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

List of Discovered ServicesBased on all data sources from Dec 1, 2014 to Dec 31, 2014Newly discovered serviceUsed by at least 20% of all k Managementfeedbackify.comPusherRealtime Messagingpusher.comPluralsightIT Training, Developer Trainingpluralsight.comBitcasaFile Sharingbitcasa.comSecurity MetricsHosted Vulnerability Scannerssecuritymetrics.comAdvertServeInventory Managementadvertserve.comCompeteBusiness Intelligence, Digital Marketingcompete.comInsighteraPredictive Analyticsinsightera.comgoroostDesktop Alertsgoroost.comComscoreMarketing Analytics, Brand neladvisor.comJanrainSocial Media Managementjanrain.comPolldaddyOnline Surveyspolldaddy.comSinaMediasina.comKampyleCRM, Customer Experience Managementkampyle.comWebsnaprStock QuestBackCustomer Experience Managementquestback.com1&1 Control PanelWebsite Creation Tools1x1controlpanel.comUserZoomMarket Research, Online Usability Testinguserzoom.comTrafficSessions253%6.0 GB73.4 GB7%253%4.7 GB941.0 MB1%152%645.0 MB645.0 MB 1%49656%941.0 MB4.7 GB 1%8 1%73.4 GB6.0 GB 1%232%6.0 GB73.4 GB7%222%4.7 GB941.0 MB1%8 1%645.0 MB645.0 MB 1%101%941.0 MB4.7 GB 1%7 1%73.4 GB6.0 GB 1%354%6.0 GB73.4 GB7%344%4.7 GB941.0 MB1%789%645.0 MB645.0 MB 1%131%941.0 MB4.7 GB 1%121%73.4 GB6.0 GB 1%2 1%6.0 GB73.4 GB7%3 1%4.7 GB941.0 MB1%303%645.0 MB645.0 MB 1%142%941.0 MB4.7 GB 1%101%73.4 GB6.0 GB 1%7%1% 1%1% 1%7%1% 1%1% 1%7%1% 1%1% 1%7%1% 1%1% 1%Learn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud AppsDestinations13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%

List of Discovered ServicesBased on all data sources from Dec 1, 2014 to Dec 31, 2014Newly discovered 15116117118119120121122123124125Used by at least 20% of all usersGainsight126Customer Success ManagementXYDO127Social NetworkingLandmark Farm Software128Farm ManagementGlispa Affiliate Interface129Online MarketingWalker Information130Customer ResearchQlikView131Business Intelligence, Big DataOB10132Supply Chain ManagementHuman Information Project Data133Reporting, AnalyticsTiscali Email Services134EmailYapStone135Online Payments, Payments PlatformNeedle136E-CommerceAppcelerator137Mobile Developer ToolsCint138Panel ManagementMoz139Search Engine Optimization & MarketingCarFax140Vehicle TrackingRepublic Project141Marketing Campaign ManagementCardMeeting142Collaboration, MessagingPythonanywhere143Collaboration, HostingSatmetrix144Customer Experience ManagementSecurity Metrics145Hosted Vulnerability ScannersCarlson Wagonlit146TravelDiagramly147Online DiagrammingAgilOne148Business Intelligence, Predictive eTelecommunications, TelephonyForteE-Commerce, Payment SystemsIPVanish VPNSecurity, VPNPlacedLocation-Aware Mobile AdvertisingDIYSEOOnline Marketing, Search Engine OptimizationYolaWebsite Creation ToolsEmail CheckerEmail ValidationPusherRealtime MessagingNutanixCloud ManagementCritsendEmail DeliveryPhishTankSecuritySyncForcePortfolio ManagementMyCignaHealth Insurance, Health CarePRWebPublic RelationsBshareFile SharingActiveConversionMarketing AutomationEventsforceEvent ManagementMailgunEmail, Email DeliveryInformatica CommunitiesBig Data, Warehouse ManagementAppsflyerTrackingFusebillBilling ManagementInfor XtremeERP, CRM, Supply Chain ManagementEquinix Cloud ServicesData Centers, Cloud ServicesNewton SoftwareSocial Media RecruitingUserZoomMarket ResearchLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

List of UsersBased on all data sources from Dec 1, 2014 to Dec 31, 2014Top 20% user by trafficTop 20% user by sessions# Risky / All Services1234567891011121314151617181920413558Most used service: BitcasaMost used risky service: Gainsight413457Most used service: Office 365Most used risky service: Bitcasa413451Most used service: BitcasaMost used risky service: Websnapr413566Most used service: Cisco WebExMost used risky service: CrunchBase413976Most used service: Google MailMost used risky service: Tiscali Email Services413479Most used service: SkypeMost used risky service: OB10413469Most used service: PaypalMost used risky service: Walker Information413556Most used service: BitcasaMost used risky service: YapStone413552Most used service: ExperianMost used risky service: QlikView413540Most used service: Salesforce Force.comMost used risky service: Satmetrix413562Most used service: Google MailMost used risky service: CarFax413682Most used service: BitcasaMost used risky service: Appcelerator413689Most used service: PolldaddyMost used risky service: Polldaddy413544Most used service: SalesforceMost used risky service: Cint413516Most used service: Yahoo MailMost used risky service: Moz413430Most used service: UserVoiceMost used risky service: Pythonanywhere413772Most used service: Google DevelopersMost used risky service: Republic Project413494Most used service: PardotMost used risky service: Needle413023Most used service: Bamboo-AtlassianMost used risky service: Cint413569Most used service: Yahoo MailMost used risky service: YolaTrafficSessions15/ 1759% risky6.0 GB73.4 GB7%14/ 1689% risky4.7 GB941.0 MB1%14/ 1649% risky645.0 MB645.0 MB 1%15/ 1599% risky941.0 MB4.7 GB 1%9/ 1556% risky73.4 GB6.0 GB 1%11/ 1487% risky6.0 GB73.4 GB7%10/ 1397% risky4.7 GB941.0 MB1%10/ 1338% risky645.0 MB645.0 MB 1%4/ 1253% risky941.0 MB4.7 GB 1%8/ 1217% risky73.4 GB6.0 GB 1%12/ 11610% risky6.0 GB73.4 GB7%8/ 1157% risky4.7 GB941.0 MB1%11/ 11310% risky645.0 MB645.0 MB 1%3/ 1093% risky941.0 MB4.7 GB 1%0/ 1020% risky73.4 GB6.0 GB 1%5/ 985% risky6.0 GB73.4 GB7%9/ 989% risky4.7 GB941.0 MB1%10/ 9111% risky645.0 MB645.0 MB 1%8/ 869% risky941.0 MB4.7 GB 1%7/ 848% risky73.4 GB6.0 GB 1%7%1% 1%1% 1%7%1% 1%1% 1%7%1% 1%1% 1%7%1% 1%1% 1%Most used services by trafficLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud AppsDestinations13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%13,2313%310%3,092 1%13%9,5802%13%45 1%13%2,537 1%27%

List of UsersBased on all data sources from Dec 1, 2014 to Dec 31, 2014Top 20% user by 115116117118119120121122123124125Top 20% user by sessions413558126Most used service: Bitcasa413457127Most used service: Office 365413451128Most used service: Cisco WebEx413566129Most used service: Bitcasa413976130Most used service: Google Mail413479131Most used service: Skype413469132Most used service: Paypal413556133Most used service: Experian413552134Most used service: Office 365413540135Most used service: Bitcasa413562136Most used service: Salesforce Force.com413682137Most used service: Salesforce413689138Most used service: GitHub413544139Most used service: Bitcasa413516140Most used service: Skype413430141Most used service: Polldaddy413772142Most used service: Yahoo Mail413494143Most used service: UserVoice413023144Most used service: Google Developers413569145Most used service: Office 365413430146Most used service: Google Mail413772147Most used service: Peopleclick Authoria413494148Most used service: Pardot413023149Most used service: Bamboo-Atlassian413569150Most used service: Zendesk413558Most used service: Gandi413457Most used service: HubSpot413451Most used service: QuestBack413566Most used service: SurveyMonkey413976Most used service: Yahoo Mail413479Most used service: SurveyMonkey413469Most used service: Concur413556Most used service: Wistia413552Most used service: JIRA413540Most used service: Janrain413562Most used service: Google Mail413682Most used service: ChannelAdvisor413689Most used service: Feefo413544Most used service: Keen IO413516Most used service: Office 365413430Most used service: Marketo413772Most used service: Pusher413494Most used service: Skype413023Most used service: Feedbackify!413569Most used service: Feedbackify!413430Most used service: Bitcasa413772Most used service: AdvertServe413494Most used service: SlideShare413023Most used service: Google Support413569Most used service: LithiumMost used services by trafficLearn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

RecommendationsHere are some insights and actions you can take based on Shadow IT discovery and analytics:1Understand usage details for services in your organization with high risk and high usage:Feedbackify!, Pusher, Pluralsight, Bitcasa, Security Metrics, etc.2Consider adopting popular SaaS Services that are more business ready. Find and compare equivalentservices in the Audit App to research and evaluate.3Identify and streamline services belonging to the same categories. Choosing the one with lower riskcan help you better manage and secure information assets that belong to the company, save yourbusiness , while being flexible to the business needs.For instance, there were 15 file sharing services discovered:Google Drive, Bitcasa, Box, Dropbox, OneDrive, etc.4Protect your company’s data using Elastica’s Securlets that provide you with advanced security controlseven for the Cloud Services that are business ready such as Box or Google Drive. Users can stillperform actions with or without malicious intent that can harm your enterprise such as share sensitivecontent with the outside world or steal IP upon leaving the company.Learn more about AuditElastica CloudSOC The Security Operations Center for Your Cloud Apps

Auditshadow ata Science Powered Cloud App SecurityElastica is the leader in Data Science Powered Cloud Application Security. Its CloudSOC platform empowers companies to confidently leverage cloud applications and services whilestaying safe, secure and compliant. A range of Elastica Security Apps deployed on the extensibleCloudSOC platform deliver the full life cycle of cloud application security, including auditingof shadow IT, real-time detection of intrusions and threats, protection against intrusions andcompliance violations, and investigation of historical account activity for post-incident analysis.3055 Olin Avenue, Suite 2000, San Jose, CA 95128sales@elastica.net elastica.net

MZ - PAN IETF DEFAULT Palo-Alto MZ - Barracuda Barracuda MZ - Cisco BSD Default Cisco PA-200-ALL.tar.gz Palo-Alto PA-ALL Palo-Alto PAN 0.15.2 Palo-Alto PAN BSD DEFAULT Palo-Alto PAN BSD ISO Palo-Alto PAN IETF CUSTOM Palo-Alto PAN IETF DEFAULT Palo-Alto ScanSafe ScanSafe SonicFW Sonicwall Squid-IPDetect Squid Squid-IPS-1 Squid TZ-0804

Related Documents:

sites cloud mobile cloud social network iot cloud developer cloud java cloud node.js cloud app builder cloud cloud ng cloud cs oud database cloudinfrastructureexadata cloud database backup cloud block storage object storage compute nosql

Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment

2 Abbreviations 3 Chapters 1 Introduction 4 2 Overview of cloud services 6 2.1 Cloud composition 6 2.2 Different cloud service models 7 2.3 Industry experience with cloud 8 3 Why European banks use cloud services 9 4 Understanding of cloud computing 13 4.1 Cloud-specific considerations under a risk-based approach 14

Risk Matrix 15 Risk Assessment Feature 32 Customize the Risk Matrix 34 Chapter 5: Reference 43 General Reference 44 Family Field Descriptions 60 ii Risk Matrix. Chapter 1: Overview1. Overview of the Risk Matrix Module2. Chapter 2: Risk and Risk Assessment3. About Risk and Risk Assessment4. Specify Risk Values to Determine an Overall Risk Rank5

FlexPod Hybrid Cloud for Google Cloud Platform with NetApp Cloud Volumes ONTAP and Cisco Intersight TR-4939: FlexPod Hybrid Cloud for Google Cloud Platform with NetApp Cloud Volumes ONTAP and Cisco Intersight Ruchika Lahoti, NetApp Introduction Protecting data with disaster recovery (DR) is a critical goal for businesses continuity. DR allows .

for a combination of the Cloud Deployment Models (Public Cloud, Virtual Private Cloud, Government Community Cloud) and Cloud Service Models (Infrastructure as a Service, Platform as a Service, and Software as a Service). The CSPs shall be required to offer the Cloud services according to the Cloud Services Bouquet prepared by MeitY.

cloud provider market with its Amazon Web Services (AWS ) offerings. We explored the public cloud platforms of both and found several areas that companies looking for strong cloud performance may see advantages with IBM Cloud over AWS. This is purely a research report and reflects publicly available data. IBM Cloud has more cloud-

CLOUD PLATFORMS IN CONTEXT: THREE KINDS OF CLOUD SERVICES Figure 1: Cloud services can be grouped into three broad categories. To get a grip on cloud platforms, it's useful to start by looking at cloud services in general. As Figure 1 shows, services in the cloud can be grouped into three broad categories. Those categories are: