1 Agenda Agenda Information Risk Management and the Data Security System IP and DLP
22
Why DLP…because sensitive information is always moving and transforming
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
Partners
Business Analytics
Replica
Outsourced Dev.
Staging
DiskArrays
DiskArrays
DiskArrays
BackupDisk
BackupTape
BackupSystem
EnterpriseApplications
ProductionDatabase
InternalEmployees
RemoteEmployees
WAN
LAN
WWW
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
File Server
File Server
33
Growing Costs without Results
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
CostBreach Remediation
Regulatory FinesCompliance Efforts
Brand ErosionCustomer Churn
More sensitive information More sharing More credentialed users More markets for stolen data More sophisticated threats More regulations More complex environments
44
Sensitive Information
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
Partners
WAN
LAN
Business Analytics
EnterpriseApplications
Outsourced Dev.
Replica
Staging
BackupDisk
BackupTape
Collaboration &Content Mgmt
Systems
File Server DiskArrays
DiskArrays
DiskArrays
BackupSystem
ProductionDatabase
InternalEmployees
RemoteEmployees
WWW
High ImpactMedium ImpactLow Impact
Data stored on disk
Tape backupApp Data
Replicated DB for DR, bulk
analysis
Data in transit over WAN
Data sent/stored on public
infrastructure
IP shared with partner
Transformed data on
endpoints
Removable and printed media
Transformed data e-mailed
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
Database Data
File Server
Transformed data on FS
Data in CMS
Transformed Data on eRoom or
SharePoint sites
5
Why DLP – Case Study
Global retailer announces security breach, Jan. 2007
Brand Impact
Page 1 news: the most widely publicized breach ever
Millions of customers affected, globally
Major customer inconvenience e.g. Registry of Motor Vehicle
phone lines crash with customers rushing to remove Social
Security Numbers from Drivers Licenses
Customer Alert becomes “permanent” real estate on web
landing page
Earnings Impact Company records $196m charge for compromised customer cardholder records Discloses additional $21m charge to be recorded in 2009
Litigation 27 Putative Class Action lawsuits filed in over a dozen different jurisdictions Litigants include cardholders, card issuers, merchants and pension funds
6
What is Data Loss Prevention ?
Technology to Identify the important or business sensitive
information
Determine the IP
Identify the Critical Information stores
Monitor the flow of Information
Prevent the loss or unauthorized use of data
7
Security IncidentsSecurity Incidents
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
Revenue Growth Customer Retention ComplianceCost Reduction Business Continuity
Sensitive InformationSensitive Information
Data Security: Apply Policy Based on Drivers
Classification
High BizImpact
Medium BizImpact
Low BizImpact
Classification Policy: Description of sensitive data
Classification Policy: Description of sensitive data
Usage Policy: Appropriate handling in different contexts
Usage Policy: Appropriate handling in different contexts
PolicyPolicy
88
DLP Phases
EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork
Discover & MonitorRisk Advisor Services
Data Loss Prevention Suite – Discover Modules
Enforce
Data Loss Prevention Suite – Enforcement Modules
Encryption SuiteEMC IRM Suite
Report & Audit
RSA enVision + DSS Audit Modules
PolicyPolicy
Policy & Strategy
Assessment Services
Security Architecture Services
Security Program & Policy Development Services
9
DLP Product Suite
DLP Datacenter
Monitor
Enforce
Discover
Enforce
DLP Endpoint
DLP Network
Discover and Remediate
ENTERPRISE
MANAGER
Discover and Remediate data at rest in the Datacenter
Monitor sensitive data in motion as it leaves the Network
Enforce sensitive data in motion as it leaves the Network
Discover sensitive data at rest on corporate endpoints including laptops
Enforce sensitive data in use on corporate endpoints including laptops
10
DLP Datacenter
Discovery Use Cases
Discover and remediate
sensitive data and help
put into categories
based on content and
context Segment High, Medium, Low
Impact
Remediate sensitive data by
deleting, quarantining, or
moving
Highlight areas in need
of additional
enforcement Encryption
Access Control solutions
eDRM enforcement products
Prove no sensitive
data existed prior to a
Laptop theft
12
DLP Network – Monitor and Enforce
DLP Network Use
Cases Passively monitor data
leaving the network to
understand IT process
improvement areas and
identify key risk areas
Pass regulatory audits by
proving sensitive
information is being
blocked and or encrypted
as it leaves the network
Protect Intellectual
Property or Strategy and
operations data from
leaving the network
1414
DLP Endpoint - Enforce
DLP Endpoint - Enforce Use Cases• Protect sensitive
data on endpoints from being copied, printed, or saved to a unsecure file system or off to a mobile device
15
Discovery Technical Deployment Specs
End point Agent Support
Grid Worker / Agent
32 BIT OS 64 BIT OS
Windows 2000/
Windows XP/
Windows 2003/
Windows Vista
Windows 2003Windows
Vista
Enterprise or Site Coordinator
32 BIT OS
Windows 2000
Y N N
Windows 2003
Y N N
64 BIT OSWindows
2003Y Y Y*
16
Strategy---Vendor Selection
Define the requirements
Evaluating vendors against requirements
Vendor Presentations
Proof Of Concept against the self evaluated ratings
Product Check
Customer references
18
Project Schedule
July 08 Discussion on the Project Need
Understanding the solution
Define the requirement for risk assessment
Define the DLP requirement criteria’s
August 08 Discussion with Vendors
Securing the Budget?
September – December 08 POC
Q2-09 Starting the Phase I
19
Security Posture
Security Event Monitoring in Bad Shape
Sensitive information flowing across egress and ingress
points
Phishing and malware Attacks
Internal and external threats
Security Framework
21
Roadmap Framework
Define the Security Framework
ISO 27001
Identify and prevent against external threats
Monitoring tools
Protection from Phishing and Malware attacks
HIPS
Prevention from Internal threats
NAC
Protect IP
DLP