Deloitte GDPR and Privacy Enhancing Technology Event

Cyber Security
GDPR and Privacy Enhancing Technologies

Shane McEntagart ( shmcentagart@deloitte.ie )
9th February 2018
Agenda and Welcome
Event briefing and GDPR alignment with Mark Oldroyd Panel discussion
overview Cyber Security (Sailpoint) Chair: Jacky Fox
Shane McEntagart Liam O’Connor (Deloitte – Cyber
(Deloitte) (Deloitte) David Higgins Security Lead )
(CyberArk) Presenters
Nicola Flannery
Clive Finlay (Deloitte – Data
(Symantec) Privacy)
Headline Verdana Bold
Cyber Security
GDPR and Privacy Enhancing Technologies
Liam O’Connor ( loconnor@Deloitte.ie )
What changes does the GDPR bring?
Facts & figures
72 €203m
4% 7 Hours given to
report a data breach Cost of 4% fine for
Core individual a typical FTSE 100
Potential fines as rights afforded company
a percentage of under the
global turnover GDPR
80+
28,000 190+ New
requirements
Estimated number Countries
in the GDPR
of new Data potentially in
Protection Officers scope of the
required in Europe regulation
(IAPP study 2016)
What changes does the GDPR bring?
Changes compared to the 1995 Directive (95/46/EC)
Broader territorial scope Applies to players not established in the EU but whose activities consist of
targeting data subjects in the EU
Data Protection Authorities will be entitled to impose fines ranging
Enforcement
between 2% to 4% of annual turnover, or 10 – 20 million euros
Explicit obligation to the controller as well as the processor to be able to
Accountability
demonstrate their compliance to the GDPR
Personal data now might include location data, IP addresses, online
Expanded definitions
and technology identifiers
General
Data Data subjects rights Reinforced rights: Access, rectification, restriction, erasure, portability,
objection to processing; no automated processing and profiling
Protection
Regulation Consent Spelled out more clearly and focus on ability of individuals to distinguish
a consent
Data breach notification Report a personal data breach to the Data Protection Authority within 72
hours
Data Protection Authorities (DPA) of main establishment can act as
One-stop shop
lead DPA, supervising processing activities throughout the EU
International data transfers

GDPR Transformation Programme
A best practice privacy programme distinguishes six main focus areas. This can help to
formulate key objectives:
Layer 1 Strategy Strategy
Layer 2 Organisation and accountability Organisation and

Accountability
Policies &
Layer 3 Policy, process & data Data
procedures
Data
Management Transfers
Layer 4 Culture, training & awareness Communication,

Training, Awareness
Privacy Impact
Layer 5 Privacy operations Assessment
Audit Privacy by
and Certification Design
Layer 6 Processing inventory Processing Inventory

GDPR: Implementation Challenges ?
The GDPR presents a number of challenges:
Under Article 32 of the GDPR - Security of Processing – “implement appropriate technical and organisational measures to
ensure a level of security appropriate to the risk, including inter alia as appropriate”
GDPR Alignment With Your Cyber Security Strategy
 Data Breaches
 Risk Based Approach
 Security Best Practice
 Identity & Protect Crown Jewels
 Threat Landscape
 Data Protection & Cyber Security
Interconnected
 Technology As An Enabler
 GDPR & Cyber Security Alignment
 Governance
 Secure
 Vigilant
 Resilient
 Maintaining Compliance After May
9
GDPR – Privacy Enabling Technologies
Complying with the GDPR requires the management of privacy risks. Implementing industry
leading tools can assist privacy governance, risk, and compliance management.
Key elements to consider: Sample of tool classification types:
 Before adopting and implementing privacy  Identity Access Management

technology, companies should go through
prerequisite steps  Unstructured Data Management
 Data Loss Prevention
1. Establish
Governance  Governance, Risk & Compliance Management
 DPIA Automation & Management
2. Define & Implement  Data Breach Management & Reporting
Controls & Processes
 Reporting & Record Keeping
3. Define Requirements  Anonymisation & Pseudonymisation

For Supporting
Technologies  Vulnerability Management
 eDiscovery
4. Discover Existing
Tools That Satisfy  Monitoring – SIEM / SOC
Requirements
 Training & Awareness
5. Assess PET Vendors
Based On Requirement
Gaps
Business-Focused Identity Governance
The Power of Identity
11
Do you know WHERE your
(Sensitive) data is?
2016 Cost of Data Breach Study: Global Analysis -

Ponemon Institute© Research Report
Do you know WHO has access?

$158 is the
average cost per
lost or stolen
Is the access APPROPRIATE?
record
Can you PROVE it?
12
71% 80% 1 in 7 89%
of staff have of company data is employees will sell believe they are
access to data they held in unstructured their credentials for now at risk from
should not see content $150 insider threat
Ponemon Institute Report Forbes Report SailPoint Survey IT Governance Report
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 13

Employee Vendor
Partner
Contractor
Copyright © SailPoint Technologies, Inc. 2016. All rights reserved.
SECURITY PARADIGMS HAVE SHIFTED
FROM NETWORK-CENTRIC…
Copyright © SailPoint Technologies, Inc. 2016 All rights reserved.
TO USER-CENTRIC
Copyright © SailPoint Technologies, Inc. 2016 All rights reserved.
GDPR Highlights
What is it? Sanctions & litigation risk

• Homogenous Data privacy law • Fines: 4% of annual revenue or
• All organizations processing EU €20m
citizen data • Breaches notified to regulator
• Live date May 2018 within 72 hours
• Unstructured data in scope • Citizen compensation lawsuits
• 28 PII conventions • Audit, Clean up, reputation
Data Access Governance Governance & Compliance

• Privacy Policies • Data Protection Officers
• Data Discovery • Data owner accountability
• Need to know basis access • Least privilege principle
• Retention Policies • Breach disclosure
• Breach detection & Disclosure • Fine grained audit trails

SailPoint’s Relevance to GDPR
Technology (15 Articles)

People
(18 Articles)
SailPoint Relevant (12 Articles)
Identity Governance Identity Governance

80% for Files for Applications
Coverage (11 Articles) (6 Articles) Process
(66 Articles)

IAM Market Leader
Gartner IGA MQ 2017, Continued Leader
Forrester IMG Wave 2016, Continued Leader
Kuppinger Cole IDaaS Compass 2017, Leader
850+
Customers and
40%
International
Growing Business
World’s
Founded
in 2005 LARGEST
Dedicated Identity
by IAM
& Access
veterans Management
Vendor
95%
Customer
Satisfaction
Customers by Vertical
Banking/Financial Services Insurance Health/Pharma Manufacturing Energy/Utilities Other

Guaranteeing the Appropriateness of Access
Sustainable Identity
Governance
Process
FULFILLMENT
Provisioning
Management
VALIDATION
Behaviour,
REQUEST Policy, Roles and
Business Interface Risk Analysis
Management
Identity Lifecycle
Management Process
Get Visibility
Authoritative Applications
Sources And Services
Identity Collection
Build Current State Correlation
Entitlement Cataloguing
Discovery & Classification

Get Clean
Analytics
Reporting
Validate Current State Access Certification
Governance Insights
Identity Collection

Stay Clean
Policy Enforcement
Business Role Modelling
Define Desired State Risk Analysis
Owner Identification
Analytics
Reporting
Governance Insights
Identity Collection

Manage & Secure
Lifecycle Processes
Self-Service
Manage & Secure Identity Context Distribution
Policy Enforcement
Business Role Modelling
Define Desired State Risk Analysis
Owner Identification
Analytics
Reporting
Governance Insights
Identity Collection

SailPoint Vision: Comprehensive Governance
Access
Applications & infrastructure File storage systems
Mainframes Databases File servers Cloud storage
CRM/HR/ Applications NAS Collaboration

Financial systems
Identity Governance

SailPoint Vision: Comprehensive Governance
Access
Applications & infrastructure File storage systems
Mainframes Databases File servers Cloud storage
CRM/HR/ Applications NAS Collaboration

Financial systems
Identity Governance

SailPoint Platform: The “Business” of Identity
Certification Policy Automated Identity Data
Self-Service
& Remediation Enforcement Lifecycle Events Analytics Classification
Business
Functionality Analytics Role & Risk Business Process Change Password Activity
& Reporting Modeling Management Automation Management Monitoring
Flexible
Aggregation & Provisioning Broker
Change
Fulfillment Manual Security/ Unstructured
Provisioning Service Desk Provisioning PUM Mobile Specialist
and Connectors Work
Integration Integration Integration
GRC Data
Integration Integration Integration Management
Data Items
Collection
Mainframe
SailPoint Identity+ Alliance Partnership

SailPoint Open Identity Platform
Ground to Cloud Deployment Options
Managed
On Premise Public Cloud SaaS
Service

Azure AD Access Management + SailPoint
Single Sign-On
Conditional Access and Multi-factor Authentication
Risk-based Identity Protection

B2B Collaboration
Self-Service Password Reset Password Reset Extension
User and Group Management and Provisioning Fine-grained & Life Cycle Provisioning
Access Request
Access Certification
Compliance & Audit Reporting
Policy-based Workflow & Approvals

Azure Solution Architecture
Cloud and On-Premises Applications
Workflow Governance
Change
Notification
HR Application
Modeling Provisioning
(Authoritative Source)
Directory
• Groupm, Entitlementx
• Groupn, Entitlementy
• …
Provisioning
Access
Authentication
End User

WHAT ARE ANALYSTS SAYING
“By 2021, organizations with

complementary/integrated
IGA and DAG capabilities will
suffer 60% fewer data breaches.”
–Gartner (2017)

Identity at the Center of Security
Security Incident & IT Service
Event Management Management
Data Loss Mobile Device

Prevention Management
Privileged User Governance, Risk,

Management & Compliance
Data Applications &

Governance Infrastructure

Beyond GDPR: Enterprise Identity Governance
Protect access to all applications and data – on-premises and in the cloud
 Access Request
 Access Certification
 Provisioning Workflow Applications Data stored
& Systems in files
 Access Policies
 User Risk-based Modeling
 Password Management Benefits
 Data Classification
• Greater visibility into access risks
 Activity Monitoring • Centralize all access to applications and data
• Reduced complexity by providing a consistent set of controls
 Permission Analysis

Thank You
The Privileged Pathway…
…to Critical Data
David Higgins,
Director of Customer Development, EMEA
Agenda
• The Human Element
External:
• The Privileged Pathway
• Isolating the Attack
Internal:
• The forgotten Data Access Vector
37
Key GDPR Requirements and Privileged Security
Data protection by design and

Article 25 by default
Article 32 (2) Security of processing
PROTECT ACCESS to sensitive personal data
Notification of a personal data Detect and RESPOND RAPIDLY to breaches early

Article 33 breach in the attack lifecycle
Data protection impact ASSESS RISK and test the effectiveness of data
Article 35 assessment protection processes
Protection from non- DEMONSTRATE COMPLIANCE and prove you

Article 82 compliance have the necessary security controls in place
38
CyberArk: Proactive Protection, Detection & Response
PROTECT RESPOND ASSESS RISK DEMONSTRATE

ACCESS RAPIDLY COMPLIANCE
Improve your
Secure the Monitor, detect, security posture Have the
privileged pathway alert, and respond by identifying all operational
and privileged to high-risk activity privileged user controls to prove
access to systems and enable and application compliance and
containing security teams to accounts and protect yourself
personal data stop attackers conduct from litigation
before they can penetration
access personal testing to ensure
data the right security
controls are in
place
39
External
40
Data Breach – Attackers: The Privileged Pathway
ENDPOINT INFRASTRUCTURE DATA LOCATION
41
The Starting Position
Because many existing implementations of Active Directory Domain

Services have been operating for years at risk of credential theft,
organisations should assume breach and consider the very
real possibility that they may have an undetected compromise of
domain or enterprise administrator credentials
—MICROSOFT,
“MITIGATING PASS-THE-HASH AND OTHER
CREDENTIAL THEFT, VERSION 2,” 2014
…doesn’t matter how much you train and educate your users…
42
43
PAS Hygiene Program Goals
Step 1 Focus first on eliminating irreversible network takeover attacks (e.g., Kerberos Golden Ticket).
Step 2 Control & secure infrastructure backdoor accounts.
Step 3 Limit lateral movement.
Step 4 Protect 3rd party privileged accounts.
Step 5 Manage SSH keys on critical Unix servers.
Step 6 Defend cloud & DevOps backdoors.
Step 7 Secure shared IDs for business users (integrate and accelerate adoption of MFA).
44
1 Step 1: Irreversible Network Takeover Attacks
Manage Domain Admin and
Enterprise Admin Credentials
Kerberos Attack Detection
Enforce Tiered Account Model
INFRASTRUCTURE Session DOMAIN

ENDPOINT Isolation
CONTROLLERS
Enforce Application Control on

Domain Controllers
45
Step Two: Control & Secure Infrastructure and End Point
2 Well-known Infrastructure Accounts
Manage Local Administrator Manage Local Administrator Manage Domain Admin and
Accounts Accounts on Windows Enterprise Admin Credentials
Manage Root Accounts on UNIX/Linux Kerberos Attack Detection
Enforce Tiered Account Model
Session
ENDPOINT Isolation Isolation
CONTROLLERS

Domain Controllers
46
3 Step Three: Limit Lateral Movement
Manage Local Administrator Manage Local Administrator Manage Domain Admin and
Accounts Accounts on Windows Enterprise Admin Credentials
Application Control Manage Root Accounts on UNIX/Linux Kerberos Attack Detection
Least Privilege Manage 3rd Party Application Accounts Enforce Tiered Account Model
Block Credential Theft
Session
ENDPOINT Isolation Isolation
CONTROLLERS

Domain Controllers
47
Secure the Eco-System
Cᵌ Alliance
IAM
SIEM
Malware
Analytics
Monitoring &
IT Service Discover
Management
(ITSM)
Threat
Authentication Response
Secure &
Manage COTS
App Cred.
Authentication
Validated
Secured
Solutions HSM
Directory
Services
48
Internal
49
Data Access – Infra Admins: The Forgotten Vector
Application User
FILE
SHARES
Business
User APPLICATION
Application Environment
DBA Access
DATABASE
3P RD
ARTY
OPERATING SYSTEM
STORAGE
Infrastructure Admin Access
IT Admins
50
Session Management for Critical Assets / Accounts
Privileged
User
MFA
ITSM
IAM
HSM Native Support for RDP and SSH Based
SIEM Clients
51
Identifying Key Risks – Lateral Movement
52
Identifying Key Risks – Domain Compromise
53
Get Your Head in the Cloud
A Practical Model for Enterprise Cloud Security
Technology Considerations for the GDPR
Know your Process Data Embed Protect

Personal data Lawfully privacy Personal Data
PROTECT PERSONAL INFORMATION THROUGH ITS LIFECYCLE

Copyright © 2016 Symantec Corporation
56
What is the one word you need to be wary of when talking about the cloud

57
CONTROL

58
All the benefits you receive from moving to the cloud: agility, elasticity, and low
cost are received by giving up…

59
CONTROL

60
All the challenges you face in the cloud: security, compliance, data residency,
data privacy and management are rooted in your lack of…

61
CONTROL

62
The only reason you have not moved your critical workloads to the cloud is
because you cannot afford to give up…

63
CONTROL

64
CONTROL
How do you give it away and keep it at the same time?

65
This is your enterprise – your realm of complete
CONTROL

66
Before the cloud, you held your infrastructure and applications safe
within its walls
----
----
----
---

67
Then the cloud happened…
----
----
----
---

68
…your infrastructure started moving over
and you lost some
CONTROL
----
----
----
---

69
…your applications started moving over too ----
----
----
---
----
----
----
---

70
----
----
and you lost more

----
---
CONTROL
----
----
----
---

71
Additionally… cloud endpoint, mobile, BYOD, ----
----
have all spiraled… ----

---
----
----
----
---

72
----
----
out of your ----

---
CONTROL
----
----
----
---

73
Enterprise Perimeter Regional Home Coffee Mobile IoT IoT Cars Aircraft
Office Office Shop Personal Home
CONTROL
How do we regain it?

75
----
----
----
---
WE NEED A NEW CONTROL POINT

76
Protecting
Cloud Workload
Protection Infrastructure
Does it really matter, isn’t Amazon (or
Microsoft) providing all the security I need ?
Let’s have a quick look under the covers

78
AWS “Shared Security Model”
Where? What needs to be Protected? Who is Responsible?
Customer Data
Workloads
Platform, Applications, Identity & Access Management

Customer
Operating System, Network & Firewall Configuration
Client Side Data Encryption & Server Side Encryption Network Traffic Protection
Data Integrity Authentication (File system and/or Data) (Encryption, Integrity, Identity)
Infrastructure
Compute Storage Database Networking

Security Services include
IAM, MFA, CloudWatch, VPC
CloudTrails, AWS Config,
AWS Global Regions Inspector, Other…
Edge Locations
Infrastructure Availability/Zones
Key Customer Challenges for Security in Public IaaS Cloud
Loss of Visibility: Infrastructure deployment leaves a blind spot in security
1 Shared Responsibility Model
For Security in Public Cloud
•
•
What instances are running? What is deployed on them?
What Regions, VPC, Subnets are they part of?
• What if there is a known vulnerability? Should they be In Scope for compliance
Apps
Data Customer responsible for
OS Security
Loss of Control: New network paradigm still requires security with new tools
Physical AWS/Azure responsible • How can I detect and eliminate rogue instances in Security Implementations?
Infrastruct
ure
for Security • My old tools do not work as there are no SPAN/TAP ports for Network
• How do I ensure AV is deployed and applications are segmented to be compliant?
2 Speed and Agility in Public Cloud Risk & Compliance: Need Security monitoring to meet compliance
• Gain insight into the potential known and unknown vulnerability exploits on the software
Private Cloud Public Cloud
1-2 server 6 servers
deployed in you AWS/Azure accounts
releases per releases per
15,000%
increase
• Prioritize & Remediate with ample network and asset context
year minute
100 servers per 500 servers per 5X

admin admin increase
Built into the
Cloud Native Delivery: Need efficient deployment
Bolted-on process • How can I deploy security technology at cloud speed?
• How can I detect my infrastructure scale out and ensure that security is in lock step?
Pain Points
Copyright articulated
© 2015 in customer validation
Symantec Corporation
80
Cloud Workload Protection – The IaaS Control Point
Instances in auto-scaling group with policies

applied
Complete instance mapping with real-

time protection status
Automatic policy recommendations
Continuous Visibility Across Cloud Workloads

81
RT-FIM
Identify potential threats and apply security

policies in the same view
Application Isolation & OS Hardening

User & Process Behavioral Analysis
82
Agent Not Installed

Policy Not Applied
Protected
Discover and view security postures of workloads wherever they

are
Shut down rogue instances to reduce attack

surfaced
Global Security Dashboard

With Drill-Down Capability 83
Protecting
Information
Extending cyber controls and processes to the cloud
Cloud Data Protection &
Shadow IT Discovery
Cloud API Enforcing Cloud Policy &

Remediation
Cloud DLP
Outside
Perimeter
CASB Gateway Cloud IAM & User Analytics
Cloud Malware Detection
Cloud Incident Response &

Investigation
Cloud Investigations
Proxy Events
Cloud Compliance
Encryption & Tokenization
Enterprise
Perimeter
Extending cyber controls and processes to the cloud
Cloud Data Protection &
Shadow IT Discovery
Cloud API Enforcing Cloud Policy &

Remediation
Cloud DLP
Outside
Perimeter
CASB Gateway Cloud IAM & User Analytics
Cloud Malware Detection
Cloud Incident Response &

Investigation
Cloud Investigations
Proxy Events
Cloud Compliance
Tokenization
Enterprise
Perimeter
Cloud Data Protection & Enforcing Cloud Policy & Cloud Incident Response &
Cloud IAM & User Analytics Cloud Compliance
Shadow IT Discovery Remediation Investigation
Data Protection Sources

Web
Gateway
Endpoint
DLP Enforce
Threat
Intelligence
DLP Enforce
Management Server
On-premises
DLP Detection
26% of Cloud Docs

are Broadly Shared1
DLP Enforce
New Challenges Management Server
Proliferation of Cloud Apps
Shadow Data Problem

Compromised Accounts
On-premises
DLP Detection
Shadow IT Enforcing Cloud Policy & Cloud Incident Response &
Discovery & Controls Remediation Investigation
Extending DLP into cloud

applications
Extend DLP to Cloud Apps
Apply Existing DLP Policies to Cloud DLP Enforce
Management Server
Leverage existing DLP Workflow
Gain Full CASB Functionality

• Inline Blocking and Offline
Remediation
• Shadow IT Analysis
• User Behavior Analytics
On-premises
DLP Detection
Enterprise Perimeter Regional Home Coffee Mobile IoT IoT Cars Drones
Office Office Shop Personal Home
Where to start ? Understand what’s important to your business and where it is
Complete a Shadow Data Risk Assessment
External and public content exposures,

including compliance risks
Inbound risky content shared with Risky users and user activities
employees (e.g., malware, IP)
There is only one word you need to know when talking about the cloud

97
CONTROL

98
Bring all that control together

99
… to give comprehensive information security with

100
GDPR – Privacy
Enhancing
Technologies
Panel Discussion – Q&A
30 minutes
This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining from action on any of the
contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in
this publication.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street Square,
London, EC4A 3BZ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by
guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NWE LLP do not provide services to
clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2017 Deloitte LLP. All rights reserved.

Deloitte GDPR and Privacy Enhancing Technology Event

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Deloitte GDPR and Privacy Enhancing Technology Event

Încărcat de

Drepturi de autor:

Formate disponibile

Cyber Security

GDPR and Privacy Enhancing Technologies

International data transfers

Layer 1 Strategy Strategy

Layer 2 Organisation and accountability Organisation and

Layer 4 Culture, training & awareness Communication,

Layer 6 Processing inventory Processing Inventory

 Before adopting and implementing privacy  Identity Access Management

3. Define Requirements  Anonymisation & Pseudonymisation

2016 Cost of Data Breach Study: Global Analysis -

Do you know WHO has access?

Can you PROVE it?

Ponemon Institute Report Forbes Report SailPoint Survey IT Governance Report

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 13

What is it? Sanctions & litigation risk

• Unstructured data in scope • Citizen compensation lawsuits

• 28 PII conventions • Audit, Clean up, reputation

Data Access Governance Governance & Compliance

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 17

Technology (15 Articles)

Identity Governance Identity Governance

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 18

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 20

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 22

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 23

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 24

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 25

Applications & infrastructure File storage systems

Mainframes Databases File servers Cloud storage

CRM/HR/ Applications NAS Collaboration

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 26

Applications & infrastructure File storage systems

Mainframes Databases File servers Cloud storage

CRM/HR/ Applications NAS Collaboration

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 27

SailPoint Identity+ Alliance Partnership

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 29

Conditional Access and Multi-factor Authentication

Risk-based Identity Protection

Self-Service Password Reset Password Reset Extension

Compliance & Audit Reporting

Policy-based Workflow & Approvals

Cloud and On-Premises Applications

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 31

“By 2021, organizations with

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved.

Data Loss Mobile Device

Privileged User Governance, Risk,

Data Applications &

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved.

Copyright © SailPoint Technologies, Inc. 2016. All rights reserved. 34

• The Human Element

Data protection by design and

Notification of a personal data Detect and RESPOND RAPIDLY to breaches early

Protection from non- DEMONSTRATE COMPLIANCE and prove you

PROTECT RESPOND ASSESS RISK DEMONSTRATE

ENDPOINT INFRASTRUCTURE DATA LOCATION

Because many existing implementations of Active Directory Domain

Step 2 Control & secure infrastructure backdoor accounts.

Step 3 Limit lateral movement.

Step 4 Protect 3rd party privileged accounts.

Step 5 Manage SSH keys on critical Unix servers.

Step 6 Defend cloud & DevOps backdoors.

INFRASTRUCTURE Session DOMAIN