Fred Cobb, Director of Enterprise Security Solutions and Healthcare Compliance Services with Sword & Shield Enterprise Security, shares his thoughts around a recent security case study and best practices with an (anonymous) customer in the media and entertainment industry. The customer has officially sanctioned a single cloud storage solution. During a risk assessment, it is discovered that more than 25 cloud storage solutions are in daily use with little-to-no audit or eDiscovery capabilities. Further investigation reveals that PHI, CC data, PII and other confidential and business sensitive data is being transferred from corporate servers to the cloud storage location.
- Could this be happening in your environment?
- What policies and procedures are in place in your organization to help control data leakage from an administrative perspective?
- Is your corporate confidential and business sensitive data being propagated to cloud storage by employees without regard to data sensitivity?
- Does your organization have defined data governance practices?
- What technology tools can you use to audit data-at-rest in the cloud storage location and data-in-transit to and from the cloud storage service provider?
- What tools can be used to help prevent this type of data leakage from occurring?
Mr. William Fredrick (Fred) Cobb is a senior IT professional with a proven record of IT and business analysis achievements and experience that have involved systems engineering, systems architecture, security program development, network administration, security operations center design, life cycle management, IT project management, and ITIL/ITSM implementation. Specialized in all phases of IT operations and IT security, Fred has served as an Enterprise Administrator, Information Systems Security Officer, Virtual Chief Security Officer (vCSO), and Data Center Operations Manager for multiple critical business operations. Fred’s recent work includes the design and implementation of a secure test lab for the Missile Defense Agency, project management work on classified projects with Air Force Space Command and the design of a classified system security program for a large company in the nuclear energy industry. Fred’s recent work here at Sword & Shield has been focused on a variety of high profile projects for the FBI’s Criminal Justice Information Systems (CJIS) division as well as his vCSO role for many of Sword & Shield’s customers in the health care and retail industries.
A native of the Knoxville, Tennessee area, Fred‘s earlier career began at Digital Equipment Corporation’s (DEC) field offices where he held multiple technical roles. Fred continued his career at DEC when DEC was purchased by Compaq. Compaq eventually merged with Hewlett-Packard (HP). Fred left HP after more than 20 years to pursue other opportunities in his areas of expertise.
Fred has received formal recognition from many of the customers he has supported including the U.S. Postal Service, Philips Consumer Electronics, General Electric, Coca-Cola, Home and Garden Television (HGTV), and Caterpillar.
In addition to his technical work, Fred has also been an IT instructor for a number of years and has helped over 900 students in their pursuit of various Microsoft, CompTIA, and VMware certifications. He has held the Microsoft Certified Trainer certification for fifteen years.
Fred’s current certifications include:
- Certified Information Systems Security Professional (CISSP)
- Payment Card Industry Qualified Security Assessor (QSA)
- Healthcare Information Security and Privacy Practitioner (HCISPP)
- AlienVault Certified Systems Engineer (ACSE)
- Microsoft Certified Systems Engineer (MCSE)
- Microsoft Certified Technical Trainer (MCT)
- VMware Certified Professional (VCP)
- Windows 2008 Certified (MCITP)
- Certified Project Management Professional (PMP)
- Information Technology Infrastructure Library (ITIL) Certified
- Factory Trained at DEC, Compaq, HP, IBM, Silicon Graphics, and Sun
Fred holds a B.S. in Applied Management from Tusculum College.