Scribd Logo
Upload

Welcome to Scribd!

  • R80 Training: Securing Shadow IT

    Uploaded by

    charlyv3
    10 views23 pages
    checkpoint

    Original Title

    05 Securing Shadow IT

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    checkpoint

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views23 pages

    R80 Training: Securing Shadow IT

    Uploaded by

    charlyv3
    checkpoint

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    R80 TRAINING

    Securing Shadow IT

    Updated Nov. 5, 2020 ©2020 Check Point Software Technologies Ltd. 1


    “The act of purchasing or using
    technology for the workplace without
    the approval or knowledge of the
    IT department is called Shadow IT"
    Gartner

    ©2020 Check Point Software Technologies Ltd. 2


    Shadow IT = Hardware or Software
    that is not supported by the IT

    Devices Services Applications

    ©2020 Check Point Software Technologies Ltd. 3


    Examples for Shadow IT

    Accounting looks for a new way


    to handle employees expenses

    Developers team wants to evaluate new


    solution

    Employee want to keep


    using favorite app

    ​Productivity ​Anywhere Access ​Collaboration

    ©2020 Check Point Software Technologies Ltd. 4


    So, Why Do People Shadow IT?

    Perception on IT Perception on Shadow IT

    Bureaucratic & Slow Response Fast Deployment & Agile Alternatives

    IT build applications & services to last Business process are build for now
    with good architecture to fit all scenarios to answer immediate needs

    ​Productivity ​Anywhere Access ​Collaboration

    ©2020 Check Point Software Technologies Ltd. 5


    SHADOW IT – IS HERE

    More than three quarters (76%) of IT


    decision makers say departments in their
    organization are sourcing and commissioning products and
    services with no input from the IT department

    Recent survey from BT Global Services. n=1000

    6
    Biggest Security Concerns about
    Shadow-IT for CIOs

    Security of the entire IT Security of all the organization's


    infrastructure data

    73% 75%

    Recent survey from BT Global Services n=1000

    ©2020 Check Point Software Technologies Ltd. 7


    Security Risks of
    Shadow IT
    Data Loss

    Vulnerabilities

    Reliability

    Compliance

    ©2020 Check Point Software Technologies Ltd. 8


    Security Risks of Any regulation that requires you to
    Shadow IT KNOW and UNDERSTAND your IT
    ecosystem would have an issue with
    Shadow IT.

    PCI-DSS:
    Fundamental requirement to define the scope of
    network environment.

    NERC CIP (Critical Infrastructure):


    Requires IT owners to understand their IT
    environment in detail

    Sarbanes Oxley / CobiT 5:


    Firms must record data on their internal and
    external operating environment

    ©2020 Check Point Software Technologies Ltd. 9


    What is needed to bring IT out of the shadow

    Discover Apps & Control Activities


    Educate Build Audit Trail
    Evaluate Risk Employees
    & Protect

    360º Visibility & Control


    ©2020 Check Point Software Technologies Ltd. 10
    Check Point
    Safely Empowers
    Shadow IT

    ©2020 Check Point Software Technologies Ltd. 11


    Multi-Layered Solution
    • Detect and control application
    for the security risks usage
    of Shadow IT
    • Check for security best practices to
    keep regulation compliance

    • Engage and educate users

    URL Filtering Application Control Data Awareness


    • Protect business data
    • Single security everywhere

    Identity Awareness Compliance SmartEvent

    ©2020 Check Point Software Technologies Ltd. 12


    360º Visibility into all Web Traffic & Security Events
    Check Point SmartEvent

    See through the mass and


    focus on critical events

    Discover Apps &


    Evaluate Risk Measure potential risk

    Drill down to see the full


    picture

    ©2020 Check Point Software Technologies Ltd. 13


    Comprehensive view into cloud services and applications
    Check Point SmartEvent

    Discover Apps &


    Evaluate Risk

    Cloud
    Services
    Report

    ©2020 Check Point Software Technologies Ltd. 14


    Security Best Practices for regulations and standards
    Check Point Compliance Blade
    Simulate the security impact of changes before
    implemented
    Discover Apps &
    Evaluate Risk

    Real-Time
    Assessment
    of major regulations across
    Check Point Software
    Blades

    ©2020 Check Point Software Technologies Ltd. 15


    Understand Application & Web Traffic
    Application Control & URL Filtering
    Web & Application Security with R80
    Control Activities Largest App Coverage

    & Protect
    • Over 6,500 Applications
    • Over 260,000 Social Network Widgets
    • Over 130 Categories

    ©2020 Check Point Software Technologies Ltd. 16


    Detect and control application usage
    Application Control & URL Filtering
    Web & Application Security with R80
    Control Activities

    & Protect
    Preconfigured
    tags/categories

    User identification
    Allow, block or
    limit usage

    ©2020 Check Point Software Technologies Ltd. 17


    Detect and control cloud services
    Application Control & URL Filtering
    The traditional network has disappeared
    Control Activities

    & Protect

    Identify Cloud Services Allow, block or


    limit usage

    ©2020 Check Point Software Technologies Ltd. 18


    Protect Business Information
    Content Awareness

    Documents are shared and


    Control Activities
    uploaded to cloud services Upload
    pre-earnings
    & Protect report
    Data type and direction to Dropbox

    ©2020 Check Point Software Technologies Ltd. 19


    Engage and educate users
    UserCheck™

    Understand usage needs,


    Educate while enforcing policy
    Employees
    https://aws.amazon.com

    Internet Access Policy


    John Smith,
    http://www.youtube.com

    According to the company policy, access to Amazon Web


    Services requires the IT department approval.
    Need to watch product demo

    This is work related. Reason below:

    Test environment and approved by IT

    Cancel OK

    ©2020 Check Point Software Technologies Ltd. 20


    Unified Logs, Single Story
    Check Point SmartLog

    Single view on security incidents


    Build Audit Trail Know WHEN
    Know WHERE unauthorized access
    documents are sent is attempted

    Know WHO is Know WHAT


    accessing files actions are taken

    ©2020 Check Point Software Technologies Ltd. 21


    Summary

    Check Point Safely Empowers Shadow IT

    Detect & Control Single Security


    Engage & Educate Users
    Application Usage Everywhere

    URL Filtering Application Control Data Awareness Identity Awareness Compliance SmartEvent

    ©2020 Check Point Software Technologies Ltd. 22


    THANK YOU

    ©2020 Check Point Software Technologies Ltd. 23

    You might also like