1 / 12

Cloud-based Tax Filings

Explore the best practices for cyber resiliency, including cloud-based tax filings, nation-state cyber attacks, and government investments in cyber operations. Learn about the latest security tools and regulations for protecting sensitive data in the cloud. Discover how big cloud providers are enhancing data security and why it's crucial for organizations to embrace cloud technology.

nadias
Download Presentation

Cloud-based Tax Filings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Resiliency: Best Policy &Regulatory PracticesMike YehAssistant General Counsel, Middle East & Africa20 November 2017

  2. Cloud-based Tax Filings The Tax Authority of Mexico (SAT) wanted to upgrade its technology infrastructure to serve the growing demands of 40 million taxpayers who, as a result of changes to local legislation, had to interact electronically with the authority. “In 2015, SAT collected 93.5 billion pesos (about US $5 billion) in additional revenue, a 15 percent increase over 2014.”

  3. [Alleged] Nation State Cyberattacks North Korea – South Korea US presidential elections Operation Aurora Saudi Aramco and RasGas ‘Cast Lead’ and ‘Pillar of Defense’ (Israel/Palestine) Jasmine Revolution USA - ISIS OPM DDoS against Estonia Norway Stuxnet 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 ADP Czech MFA India – Pakistan cyber war Sony Japan Pension Service Yahoo! GhostNet Montenegro Sony Heartbleed security bug North Korea Ukraine power grid Russian banks Russo-Georgian war

  4. Governments investing in cyber operations LEGISLATOR USER 50+ Countries with Defensive Capabilities 30+ Countries with Offensive Capabilities 95+ Countries Developing Cyber Legislation EXPLOITER USA <$6.7bn China ~$1.5bn Germany ~$1.1bn Russia <$300m Estimated spending on cyber operations PROTECTOR France ~$1bn UK ~$2bn N. Korea ~$200m Iran ~$1bn

  5. Tony Scott, U.S. federal government CIO, says big cloud providers are just as secure as today's financial institutions and advises his fellow IT leaders to embrace cloud sooner than later. Federal data security standards will continue to improve, according to Scott, but in many cases big cloud providers already meet those requirements. “I see the big cloud providers in the same way I see a bank. They have the incentive, they have the skills and abilities, and they have the motivation to do a much better job of security than any one company or any one organization can probably do” - US CIO Tony Scott 5

  6. 24x7 intelligent monitoring Biometric, multi-factor authentication Onsite hard disk disposal Fire suppression Perimeter security MICROSOFT DATACENTERS Microsoft invests heavily to help ensure that our datacenters are some of the most secure facilities on the planet

  7. Improved defenses USING OUR INTELLIGENCE TO FIGHT CYBERTHREATS Privacy & Compliance boundary Sort and analyze telemetry data for suspicious behavior SECURITY TOOLS Intelligence from billions of end points SERVICE HEALTH DASHBOARDS Secure Enterprise environment CYBER DEFENSE OPERATIONS CENTER LOGGING & AUDITING 450Buser authentications each month Defend & respond to attacks Insights drive intelligent tools and health dashboards 1BconnectedWindows devices 400Bmonthly emails analyzed for spam and malware

  8. Cloud Regulations GLOBAL ISO 27001 SOC 2 Type 2 SOC 1 Type 2 CSA STAR Attestation CSA STAR Certification CSA STAR Self-Assessment ISO 9001 ISO 27017 ISO 27018 ISO 22301 SOC 3 US GOV Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 Section 508 VPAT SP 800-171 FIPS 140-2 ITAR CJIS IRS 1075 INDUSTRY HIPAA / HITECH Act GxP 21 CFR Part 11 Shared Assessments PCI DSS Level 1 IG Toolkit UK FISC Japan HITRUST MARS-E FERPA GLBA FFIEC MPAA FACT UK CDSA REGIONAL Germany IT Grundschutz workbook Argentina PDPA UK G-Cloud China DJCP China GB 18030 China TRUCS Singapore MTCS New Zealand GCIO ENISA IAF Spain ENS Spain DPA India MeitY Canada Privacy Laws Privacy Shield Australia IRAP/CCSL EU Model Clauses Japan CS Mark Gold Japan My Number Act

  9. Common Policy & Regulatory Pitfalls Waiting to update More stringent security requirements for cloud services Network separation requirements for sensitive data Data residency requirements

  10. Determining What Data Lives in the Cloud Safeguards Data sensitivity levels & volume Suitable for public cloud with security controls Level 1 (90%) Suitable for public cloud with robust security controls on underlying data and redaction Level 2 Secure hybrid or private cloud Level 3 >10x Cost

  11. Digital Geneva Convention Binding Government Agreements Tech Sector Accords Attribution Organization

More Related