Embed Size (px)
DESCRIPTION
Cloud apps like Salesforce are appealing to Financial Institutions due to ease-of-use, accessibility, and ability to reduce costs. The problem is that regulatory and compliance burdens prohibit most from adoption cloud apps. The Gramm-Leach-Billey Act (GLBA) requires financial institutions to protect their customers’ publicly identifiable information (PII). And according to the FFIEC, "Financial institutions should employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit.” There are three possible approaches to providing this level of protection with Salesforce. In this webinar, Zee Afzal, CIO/COO of Capital Bank will discuss all three options, and share his experiences of successfully transitioning to Salesforce. Learn more about the Bitglass solution at http://www.bitglass.com/solutions/salesforce-security
Citation preview
Security & Compliance on Salesforce.com
Practical Advice for the Financial Services Industry
Zahid AfzalCIO/COOCapital Bank
Rich CampagnaVP, ProductsBitglass
Malware Stealing Salesforce Data ● Sep 8 2014, Dyre Malware captures user credentials & data
Gramm-Leach-Bliley Act (GLBA) ● Financial institutions must protect their customers’ non-public personally
identifiable information (PII).
Federal Financial Institutions Examination Council (FFIEC)● Financial institutions should employ encryption to mitigate the risk of
disclosure or alteration of sensitive information in storage and transit. ● Encryption strength sufficient to protect the information from
disclosure until such time as disclosure poses no material risk,● Effective key management practices,● Robust reliability, and● Appropriate protection of the encrypted communication endpoints.
Security & Compliance in the Cloud
Refs: GLBA - http://www.business.ftc.gov/, FFIEC - http://ffiec.gov
• Business Goals• Agile response to customer
• Unified view of data from 16 business segments
• Grow customer relationships
• Targeted data for sales, service and marketing
● Business Solution● Enterprise wide sales and service realignment
● Move from sales playbook to relationship playbook
● IT Solution: Salesforce.com for CRM
Case Study
1. Adopt Salesforce “as-is.”
2. Leverage special on-premises database option.
3. Encrypt data in Salesforce with a cloud
encryption gateway.
Available Options
● Pros
• Easier migration
• Cost effective
● Cons
• Risks compliance
• Limited visibility
• Data stored in the cloud
Adopting Salesforce “As Is”
● Pros
• Full control over data
• Compliance and security
Cons
• Custom development, installation and
maintenance
• Potential response time issues
• Higher cost
On-Premise Database for Salesforce
● Pros
• Full control over data
• Compliance and security
• Cost effective
● Cons
• First-gen solutions offered weak encryption
Employ a Cloud Encryption Gateway
Fast-forward to today
© 2014 Bitglass – Confidential: Do Not Distribute
Bitglass Cloud Encryption Gateway
Local Employees
Corporate Office
BYODRemote Employees
Public-Cloud App + Private-Cloud Data● Unlimited mobility - any device, anywhere
● Encrypted data stored in private cloud
© 2014 Bitglass – Confidential: Do Not Distribute
Bitglass Cloud Encryption Technology
● AJAX VM tech robust to application updates
● Ease-of-management, one-click setup
● True encryption: AES-256 + 256-bit initialization
● Sort, search, auto-complete, wild-card…
● Validated by top crypto experts
• Taher Elgamal, CTO Security, Salesforce.com
• Marty Hellman, Professor, Stanford University
*Patents pending
© 2014 Bitglass – Confidential: Do Not Distribute
Total Data Protection
SSN → LZKAFDKLZ
Visibility, AlertsAccess ControlDLPNo software, any device30 min deployment
In the Cloud
At Access
On the DeviceClientless Selective WipeDevice Security PoliciesFile EncryptionWatermarking/Data TrackingNo software, any device30 min deployment
Full strength AES-256Searchable, sortableReviewed by security expertsNo software, any device30 min deployment
www.bitglass.com
Thank You!
