Docstoc

Securing Sensitive Information

Document Sample
Securing Sensitive Information Powered By Docstoc
					          Securing Sensitive
             Information
 Discovery, Monitoring and Control


Robert Griffin
Director, Technical Marketing
RSA, the Security Division of EMC
    What’s Happening To Customer / Employee Data




2      Source: Privacy Rights Clearing House, Data Loss Database, RSA Research & Analysis
                          Cost of Data Breaches


         Average Cost Per Breach                                          Breach Costs Break Down




    Average Cost Per Breached Record

                                                         Tangible financial impact
                                                          Long-term damage to brand equity
                                                          Total cost per breach is increasing
                                                          44 US States have notification laws
                                                          EU & Australia data privacy policies



3
                       Source: Ponemon Institute 2008 Annual Study on Cost of a Data Breach
     Challenge: Expanding Information



    Endpoint         Network        Apps/DB             FS/CMS          Storage




                                Enterprise Production   File Server    Backup Tape
                               Applications Database

Internal Employees

                                 Business    Replica    SharePoint     Disk    Backup
                                 Analytics              eRoom, etc.   Arrays    Disk
     Challenge: Expanding Identities


                 Remote Employees               Partners                 Customers



                     Channels                   Channels                   Channels

                                           Partner Entry Points     Customer Entry Points
                       VPN



    Endpoint             Network              Apps/DB               FS/CMS                     Storage




   Contractors        Privileged Users     Privileged Users       Privileged Users          Privileged Users




                                          Enterprise Production      File Server              Backup Tape
                                         Applications Database
Internal Employees



                                           Business    Replica      SharePoint                Disk    Backup
                                           Analytics
                                           A l ti                   eRoom etc.
                                                                    eRoom, etc               A
                                                                                             Arrays    Disk
Challenge: Expanding Infrastructure


Mobility                                      Cloud


         Remote Employees          Partners                   Customers

                               Partner Entry Points        Partner Entry Points
               VPN


Endpoint          Network       Apps/DB               FS/CMS                 Storage


                  Privileged     Privileged           Privileged             Privileged
 Contractors
                    Users          Users                Users                  Users

                                       Virtualization
 Internal                        Enterprise                                  Backup
                                 Apps                 File Server            Tape
Employees                        Production
                                                                             Disk Arrays
                                 Replica              SharePoint
                                                      eRoom, etc.
                                                                                  p
                                                                             Backup
                                     B i
                                     Business                                Disk
                                     Analytics
         Challenge: Increasing Threats


                  Remote Employees                 Partners                  Customers


        IP Sent to      Channels            App, DB or Encryption
                                                   Channels                   Channels            Stolen
                             Stolen IP                                   Fraud
     non trusted user                             Key Hack                                      Credentials
                                              Partner Entry Points
                                              P       E     P i          Partner Entry P i
                                                                         P       E     Points
                          VPN


    Endpoint                Network              Apps/DB               FS/CMS                      Storage



   Contractors
    Endpoint
                           Network Users
                         Privileged Leak      Privileged Users
                                                  Privileged         Privileged Users
                                                                      Inappropriate             Privileged Users
                                                                                                 Tapes lost or
                          Email-IM-HTTP-
    theft/loss              FTP-etc.            User Breach               Access                      stolen



                                             Enterprise Production      File Server               Backup Tape
                               Public       Applications Database
     Data Leak
Internal Employees                              Unintentional        (Semi) Trusted              Discarded disk
                           Infrastructure
   Via USB/Print           Access Hack           Distribution         User Misuse                   exploited


                                              Business    Replica      SharePoint                 Disk    Backup
                                              Analytics                 R
                                                                       eRoom, etc.               Arrays    Di k
                                                                                                           Disk
                  Challenge: Increasing Regulation

Sarbanes-Oxley Act (SOX) ~ PCAOB ~ SAS 94 ~ AICPA/CICA Privacy Framework ~ AICPA Suitable Trust Services Criteria ~ SEC Retention of Records, 17 CFR 210.2-06 ~
SEC Controls and Procedures, 17 CFR 240.15d-15 ~ SEC Reporting Transactions and Holdings, 17 CFR 240.16a-3 ~ Basel II ~ BIS Sound Practices for the Management and
Supervision of Operational Risk ~ Gramm-Leach-Bliley Act (GLB) ~ Standards for Safeguarding Customer Information, FTC 16 CFR 314 ~ Privacy of Consumer Financial
Information Rule ~ Safety and Soundness Standards, Appendix of 12 CFR 30 ~ FFIEC Information Security ~ FFIEC Development Acquisition ~ FFIEC Business Continuity
Planning ~ FFIEC Audit ~ FFIEC Management ~ FFIEC Operations ~ NASD ~ NYSE ~ Recordkeeping rule for securities exchanges SEC 17 CFR 240 17a 1 ~ Records to be  exchanges,                         240.17a-1
made by exchange members, SEC 17 CFR 240.17a-3 ~ Records to be preserved by exchange members, SEC 17 CFR 240.17a-4 ~ Recordkeeping, SEC 17 CFR 240.17Ad-6 ~
                                             Remote Employees                                               Partners                                       Customers
Record retention, SEC 17 CFR 240.17Ad-7 ~ HIPAA (Health Insurance Portability and Accountability Act) ~ HIPAA HCFA Internet Security Policy ~ NIST Introductory Resource
Guide for [HIPAA] (800-66) ~ CMS Core Security Requirements (CSR) ~ CMS Information Security Acceptable Risk Safeguards (ARS) ~ CMS Information Security Certification &
Accreditation (C&A) ~ FDA Electronic Records; Electronic Signatures 21 CFR Part 11+D1 ~ Federal Energy Regulatory Commission (FERC) ~ North American Electric
Reliability Council (NERC) ~ VISA CISP (Cardholder Information Security Program) ~ Mastercard SDP (Site Data Protection) Program ~ American Express DSS (Data Security
Standard) ~ PCI DSS (Payment Card Industry Data Security Standard) ~ FTC ESIGN (Electronic Signatures in Global and National Commerce Act) ~ Uniform Electronic
Transactions Act (UETA) ~ FISMA (Federal Information Security Management Act) ~ FISCAM (Federal Information System Controls Audit Manual) ~ FIPS Security Requirements for
                                                      Channels                                                                                               Channels
Cryptographic Modules 140-2 ~ FIPS Guideline for the Analysis of LAN Security Channels Application Profile for GILS 192 ~ Clinger-Cohen Act (Information Technology
                                                                                                             191 ~ FIPS
Management Reform Act) ~ National Strategy to Secure Cyberspace ~ GAO Financial Audit Manual ~ DOD ...Standard for Electronic Records Management Software...5015-2 ~
CISWG Report on the Best Practices Subgroup ~ CISWG Information Security Program Elements ~ NCUA Guidelines for Safeguarding Member Information 12 CFR 748 ~ IRS
                                                                                                   Partner Record retention:
                                                                                                                       y                            Partner Entry 98 25
                                                                                                                                                        processing… Points
Revenue Procedure: Retention of books and records 97-22 ~ IRS Revenue Procedure: Entry Points automatic data processing y 98-25 ~ IRS Internal Revenue Code Section
                                                                    97 22
501(c)(3) ~ Federal Rules of Civil Procedure ~ Uniform Rules of Civil Procedure ~ ISO 15489-1 Information and Documentation: Records management: General ~ ISO 15489-2
                                                         VPN
Information and Documentation: Records management: Guidelines ~ DIRKS: A Strategic Approach to Managing Business Information ~ Sedona Principles Addressing Electronic
Document Production ~ NIST ...Principles and Practices for Securing IT Systems 800-14 ~ NIST ...Developing Security Plans for Federal Information Systems 800-18 ~ NIST
Security Self-Assessment Guide... 800-26 ~ NIST Risk Management Guide... 800-30 ~ NIST Contingency Planning Guide... 800-34 ~ NIST ...Patch and
8 0 0 - 4 1
                  Endpoint
Incident Handling Guide 800-61
                                                          20% of IT staff time
V u l n e r a b i li t y M a n a g e m e n t P r o g r a m 8 0 0 - 4 0                                   ~ N I S T G u i d e l in e s o n F ir e wa l l s a n d F i r e wa l l P o l ic y
                          ~ N I S T S e c u r i t y C o n t r o l s f o r F e d e r a l I n f o r m a t i o n S y s t e m s 8 0 0 - 5 3
                                                              Network
800-64 ~ ISO 73:2002 Risk management -- Vocabulary ~ ISO 1335 Information technology – Guidelines
                                                                                                         Apps/DB
M a p p i n g . . . I n f o r m a t i o n a n d . . . S ys t e m s t o S e c u r i t y C a t e g o r i e s 8 0 0 - 6 0
                                                                          ~ NIST Security Considerations in...Information System Development
                                                                                                                                                      FS/CMS                                       Storage
                                                                                                                                                                                                             ~ N I S T . . .
                                                                                                                                                                     ~ N I S T C o m p u t e r S e c u r i t y
                                                                                                                                                                                                                                      for
management of IT Security                             ~ ISO 17799:2000 Code of Practice for Information Security Management                                                                            ~ ISO 27001:2005
...Information Security Management Systems -- Requirements ~ IT Information Library (ITIL) Planning to Implement Service Management
~ IT Information Library (ITIL) ICT Infrastructure Management ~ IT Information Library (ITIL) Service Delivery ~ IT Information Library
(ITIL) Service Support ~ IT Information Library (ITIL) Application Management                                                            ~ IT Information Library (ITIL) Security Management
~ COSO Enterprise Risk Management (ERM) Framework ~ CobiT 3rd Edition ~ CobiT 4th Edition ~ ISACA IS Standards, Guidelines,
a n d P r o c e d u r e s f o r A u d i t i n g a n d Privileged. .
                                                                Control.                               Privileged                                                                              Privileged
                                                                                    ~ N F P A 1 6 0 0 . . . D i s a s t e r / E m e r g e n Privileged e m e n t a n d B u s i n e s s C o n t i n u i t y . . .
                                                                                                                                                   cy Manag
~ I n f o r m a tContractors F o r u m ( I S F ) S t a n d a r d o f G o o d P r a c t i c e ~ I n f o r m a t i o n S e c u r i t y F o r u m ( I S F ) S e c u r i t y A u d i t o f N e t w o r k s ~
                     ion Security
                                                                                                                                                                                                     Users
A R i s k M a n a g e m e n t S t a n d a r d , j o i n t l y i s Users y A I R M I C , A L A R M , Users M ~ B u s i n e s s C o n tUsers I n s t i t u t e ( B C I ) G o o d P r a c t i c e G u i d e l i n e s
                                                                  sued b                                      and IR                                  inuity
~ I I A G l o b a l Te c h n o l o g y A u d i t G u i d e - I n f o r m a t i o n T e c h n o l o g y C o n t r o l s ~ I S S A G e n e r a l l y A c c e p t e d I n f o r m a t i o n S e c u r i t y P r i n c i p l e s ( G A I S P )
~ CERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE) ~ Cable Communications Privacy Act Title 47 § 551 ~
T e l e m a r k e t i n g S a l e s R u l e ( T S R ) a m e n d m e n t 1 6 C F R 3 1 0 . 4 ( b ) ( 3 ) ( i v) ~ C A N S P A M A c t ~ C h i l d r e n ' s O n l i n e P r i va c y P r o t e c t i o n A c t ( C O P P A )
16 CFR 312 ~ Children's Online Privacy Protection Act (COPPA) 16 CFR 312 ~ Driver's Privacy Protection Act (DPPA) 18 USC 2721 ~ Family
Education Rights Privacy Act (FERPA) 20 USC 1232 ~ Privacy Act of 1974 5 USC 552a ~ Telemarketing Sales Rule (TSR) 16 CFR 310 ~ Video
                                                                      Specter Leahy
Privacy Protection Act (VPPA) 18 USC 2710 ~ Specter-Leahy Personal Data Privacy and Security Act ~ AR Personal Information Protection Act SB 1167 ~
AZ AmendmentInternal Revised Statutes 13-2001 HB 2116 ~ CA Information Practice Act SB 1386 ~ CA General Security Standard for Businesses AB 1950 ~
                         to Arizona
                                                                                                 Enterprise Production                             File Security
CA Public Records Military Veteran Discharge Documents AB 1798 ~ CA OPP Recommended Practices on Notification ofServer Breach ~ CO Prohibition against Using Identity                        Backup Tape
                    Employees                                                                 Applications Database
Information for Unlawful Purpose HB 1134 ~ CO Consumer Credit Solicitation Protection HB 1274 ~ CO Prohibiting Inclusion of Social Security Number HB 1311 ~ CT Requiring
Consumer Credit Bureaus to Offer Security Freezes SB 650 ~ CT Concerning Nondisclosure of Private Tenant Information HB 5184 ~ DE Computer Security Breaches HB 116 ~ FL
Personal Identification Information/Unlawful Use HB 481 ~ GA Consumer Reporting Agencies SB 230 ~ GA Public employees; Fraud, Waste, and Abuse HB 656 ~ HI Exempting
disclosure of Social Security numbers HB 2674 ~ IL Personal Information Protection Act HB 1633 ~ IN Release of Social Security Number, Notice of Security Breach SB 503 ~ LA
Database Security Breach Notification Law SB 205 Act 499 ~ ME To Protect Maine Citizens from Identity Theft LD 1671 ~ MN Data Warehouses; Notice Required for Certain
Disclosures HF 2121 ~ MO HB 957 ~ MT To Implement Individual Privacy and to Prevent Identity Theft HB 732 ~ NJ Identity Theft Prevention Act A4001/S1914 ~ NY A4254, A3492
[no title] ~ NV SB 347 [no title] ~ NC Security Breach Notification Law (Identity Theft Protection Act) SB 1048 ~ ND Personal information protection act SB 2251 ~ OH Personal
                        Internal
information -- contact if unauthorized access HB 104 ~ RI Security Breach Notification Law H 6191 ~ TN Security Breach Notification SB 2220 ~ TX Identity Theft Enforcement and
Protection Act SB 122 ~ VT Relating to Identity Theft HB 327 ~ VA Identity theft; penalty; restitution; victim assistance SharePoint Notice of a breach of the security SB 6043 ~ EU
                                                                                                    Business           Replica                     HB 872 ~ WA                               Disk          Backup
Directive on PE
Di      i           Employees i C
                 Privacy land El
                      i                                 i i        2002/58/EC
                                d Electronic Communications 2002/ 8/EC ~ EU Di                      Analytics Protection 9 /46/EC ~ US eRoom etc.C
                                                                                                   iA l Data P
                                                                                          Directive on D     ti          i 95/46/EC               eRoom, etc Commerce EU S f H b PDisk P i i l ~
                                                                                                                                                  D
                                                                                                                                                  Department of    f                       A
                                                                                                                                                                                           Arrays                i
                                                                                                                                                                                          Safe Harbor Privacy Principles
...Consumer Interests in the Telecommunications Market Act No. 661 ~ Directive On Privacy And Electronic Communications 2002.58.EC ~ OECD Technology Risk Checklist ~
OECD Guidelines on...Privacy and Transborder Flows of Personal Data ~ UN Guidelines for the Regulation of Computerized Personal Data Files (1990) ~ ISACA Cross-border
Privacy Impact Assessment ~ The Combined Code on Corporate Governance ~ Turnbull Guidance on Internal Control, UK FRC ~ Smith Guidance on Audit Committees Combined
Code, UK FRC ~ UK Data Protection Act of 1998 ~ BS 15000-1 IT Service Management Standard ~ BS 15000-2 IT Service Management Standard - Code of Practice ~ Canada
Keeping the Promise for a Strong Economy Act Bill 198 ~ Canada Personal Information Protection and Electronic Documents Act ~ Canada Privacy Policy and Principles ~ Argentina
Personal Data Protection Act ~ Mexico Federal Personal Data Protection Law ~ Austria Data Protection Act ~ Austria Telecommunications Act ~ Bosnia Law on Protection of
Personal Data ~ Czech Republic Personal Data Protection Act ~ Denmark Act on Competitive Conditions and Consumer Interests ~ Finland Personal Data Protection Act ~ Finland
Amendment of the Personal Data Act ~ France Data Protection Act ~ German Federal Data Protection Act ~ Greece Law on Personal Data Protection ~ Hungary Protection of
Personal Data and Disclosure of Data of Public Interest ~ I celand Protection of Privacy a s regards the Processing of Personal Data ~ Ireland
    Information Risk Management

                   Business / Regulatory Drivers

1                            Define Policy
                         Classification & Control Policy


2                          Discover/Detect



     High Value
                                                             Inadequate
    Information,           Information
                           I f       ti                      controls
      Identities           Infrastructure                  Information
     Credentials                Risk                         or process
       or Assets




3                      Implement & Enforce
4                        Monitor R   t
                         M it & Report
 Discover Your Sensitive Data


                                                        Protect Corporate
         Comply With Regulations
                                                     Competitive Advantage




                             y
                    Personally Identifiable   Personal Health
 Credit Card Data
 C dit C d D t                                                    C      t Secret Data
                                                                  Corporate S   tD t
                       Information (PII)      Information (PHI)




Unstructured                     Semi-Structured                            Structured
Monitor Your Sensitive Data




                           Compliance
          g      y
        Regulatory Data
                            Obj ti
                            Objectives




          Corporate       Governance &
           Secrets        Risk Objectives
Secure Your Sensitive Data


 User Action       Data Sensitivity         User Identity




   LOW                      RISK                  HIGH



   ALLOW       Q
               QUARANTINE          MOVE        ENCRYPT



    NOTIFY      JUSTIFY            BLOCK        SHRED



    AUDIT        COPY              DELETE      RMS (DRM)
Discovering Sensitive Information
           Reducing Your Sources of Risk:
                                  Data at Rest


                Discover                            Analyze                         Remediate




                             Rescan sources to measure and manage risk




     File shares, Servers,     300+ File types           Databases & Repositories           Remediation
     Laptops
      •Windows file shares     •Microsoft Office Files   •SharePoint                 • Secure Delete
      •Unix file shares        •PDFs, PSTs               •Documentum                 • Manual/Auto Move
      •NAS / SAN storage
       NAS                     •Zip files
                                Zip                      •Microsoft Access           • Manual/Auto Quarantine
      •Windows 2000, 2003      •CATIA files              •Oracle, SQL                • Notifications
      •Windows XP, Vista                                 •Content Mgmt systems       • eDRM
14
Business Policy to Information Discovery


                B i
                Business Policy
         Business policies P li                   Enterprise
                                                   Assets
   “An appropriate set of procedures for
information labeling and handling shall be           Systems
                                     • Establish business
      developed and implemented in
                 Governance                        e.g Customer
accordance with Team
                                     policy for DLP discovery
                 the classification scheme                                              Requirements
                                                   Management
       adopted b th organization.” • Investigation of DLP
        d t d by the         i ti ”                                                     •Assessment
                                 findings that violate                                  requirements
                                                 Information
                                 policy         e.g. Customer                           •DLP policies &
                                 •
    Regulations: e.g PCI, EU Data, Update policies toData                               rules
         Protection Directive    reflect changes in
                                 business, technology
                                 and threats
                     Audit Procedures

     Verify customer data is only shared with authorized third
        parties, verify customer data is encrypted at rest
                                                                                                  DLP Administrator



       Status & Exceptions
       •Assessment findings                                                       DLP Policies
       •Escalated incidents                                        Content blades: Credit Card Number, Drivers
                                                                     Licence number, Social Security number

                                                                  DataCenter        Endpoint         Network
                                                                  Move if not    e.g Block USB      e.g Block,
                                                                   encrypted        notify user    notify sender
W
W
h
W
h
 H
                                       DLP Policies
h
eo
a
rw
o
t
e




     1     Identification                   2        Notification                    3      Remediation



 1.      Policies identify a violation by specifying
          –     What: the identification of content is done by Content Blades. You can further manage this
                                                   type,
                by specifying attributes like file type file size
          –     Who: same content might be a violation for some people or AD groups, departments, while
                perfectly ok for others.
          –     Where: in the network, datacenter, endpoint or all; or in a particular subset of scans identified
                by a scan group (which can represent a BU, geography); or a specific user action (at copy or
                   print)
                at print).
 2.      Policies set up notification by defining
          –     Who: who is responsible for handling the incident (the user creating it, the administrator, the
                user’s manager)
          –     What: what is in the notification (eg. notification customized per AD group or policy, include
                links)
          –     How: Send an email, pop up a window, integrate into Remedy or SIEM solution
 3.      Remediation
          –     What: different remediation options including encryption, quarantine, block, copy, move,
                delete, apply rights management.
          –     How: thru automated actions at the time of the incident; thru workflow that can leverage AD
                hierarchy; facilitated actions, or manual actions with incident management
                  Data Identification


   Identifying sensitive data requires multiple techniques.



     Attributes         Described Content      Fingerprinting
Transmission
                        Detection Rules      Full & partial match
metadata
                        Context R l
                        C t t Rules          D t b
                                             Databases
File size, type, etc.
                        Exceptions           Files
Owner, sender, etc.


           Th       h i           id             l
           These techniques provide accurate results
                  in identifying sensitive data
Data Discovery and Remediation
         Configuration Analysis

                 Infrastructure




Infrastructure     Infrastructure       Infrastructure
                                        I f t t
     Logs          Vulnerabilities      Configuration




                                                         Information




                                     Information         Information   Information
                                       Location            Sharing        Usage
                     User Identity Analysis



Name
                                         Who has access to data
Title
                                         What controls are in effect
Business group
                                         What is the level of risk
Organization hierarchy
                                         Remediation approaches
Special privileges
Use Case: Information Discovery
                Analyst gets full picture of
                     where sensitive
                information is located and
                    how it is protected
Monitoring Sensitive Information
             Protecting Data in the Network:
                      Data in Motion


                   Monitor                     Analyze                     Enforce




           Email                Instant Messages             Web Traffic          Remediation
     •SMTP email              •Yahoo IM            •FTP                    •Audit
     •Exchange, Lotus, etc.   •MSN Messenger       •HTTP                   •Block
     •Webmail
      Webmail                 •AOL Messenger
                               AOL                 •HTTPS                  •Encrypt
     •Text and attachments                         •TCP/IP                 •Log


23
                           Correlating Event Information


                                                             Malicious Code Detection       Real-Time Monitoring
                                                                   Spyware detection            Troubleshooting
                            Access Control Enforcement                                                                    Configuration Control
                              Privileged User Management                                                                  Lockdown enforcement


         Unauthorized
                                                                                                                                                  False Positive
       Service Detection
                                                                                                                                                    Reduction
              Leakage
           IP L k


                                                              Web server           Web cache & proxy logs
User Monitoring                                               activity logs                                                                                        SLA Monitoring
                                                                                                Content management logs


                                                           Switch logs
                                                                                                        IDS/IDP logs


                                                       VA Scan logs                                                Router logs


                                            Windows logs
                      Windows                                                                                                    VPN logs
                    domain logins

                                                                                                                                            Firewall logs
                        Wireless
                         access
                          logs                                                                                                                         Linux, Unix,
                         Oracle Financial                                                                                                            Windows OS logs
                               Logs

                                  Mainframe                                                                                                  Client & file
                                     logs            DHCP logs                                                                                server logs

                                                San File           VLAN Access
                                                 Access           & Control logs                                           Database Logs
                                                  Logs
                    Incident Workflow
    Consolidate Violations

Violation
Event 1
Violation
Event 2
Violation    Policy Based    Security
E
Event 3
      t     L i l Grouping
            Logical G  i     Incident
Violation
Event 4
Violation
Event “n”                                   Send Alerts Based on Risk

                                                               Alert Security
                                                    HIGH          Officer

                                        Security   MEDIUM     Alert Manager
                                        Incident

                                                    LOW       No Alerts. Audit
                                                                   Only
          Use Case: Security Incident
Analyst                              DLP detects if
investigates                           confidential
malware                              Information is
outbreak                           leaving network
Securing Sensitive Information
           Reducing Your Sources of Risk:
                                  Data at Rest


                Discover                            Analyze                         Remediate




                             Rescan sources to measure and manage risk




     File shares, Servers,     300+ File types           Databases & Repositories           Remediation
     Laptops
      •Windows file shares     •Microsoft Office Files   •SharePoint                 • Secure Delete
      •Unix file shares        •PDFs, PSTs               •Documentum                 • Manual/Auto Move
      •NAS / SAN storage
       NAS                     •Zip files
                                Zip                      •Microsoft Access           • Manual/Auto Quarantine
      •Windows 2000, 2003      •CATIA files              •Oracle, SQL                • Notifications
      •Windows XP, Vista                                 •Content Mgmt systems       • eDRM
28
Using Encryption to Secure Data at Rest

                      Application Based

                                       Fil Based
                                 DB or File B  d

                                           Host Based


                                                  SAN Based

                                                        Platform Based

Clients



          LAN                             SAN                        WAN

                Servers
     Enterprise Key Management


                     LTO4 Tape
                 (IBM, HP, Quantum)




            Cisco SME
           SAN Encryption




                                      Key
                                      Manager




                  Application
                  Encryption

30
             Protecting Data in the Network:
                      Data in Motion


                   Monitor                     Analyze                     Enforce




           Email                Instant Messages             Web Traffic          Remediation
     •SMTP email              •Yahoo IM            •FTP                    •Audit
     •Exchange, Lotus, etc.   •MSN Messenger       •HTTP                   •Block
     •Webmail
      Webmail                 •AOL Messenger
                               AOL                 •HTTPS                  •Encrypt
     •Text and attachments                         •TCP/IP                 •Log


31
              Securing Data in Motion

Monitor Risk Exposure for Data in Motion
•   A dit data i motion
    Audit d t in     ti
•   Notify sender of inappropriate communication
    Notify and escalate to senders manager

Prevent Risk Exposure for Data in Motion
    Real-Time Blocking of Transmissions
          Email active mode
          Web, Secure Web and FTP active
          mode via Proxy’s

Remediate Risk Exposure for Data in
   Motion
    Quarantine
          Hold till Approved by manager, SOC,
          etc.
          etc
          Sender Self Remediation (justify
          actions)
          Automated timed release to prevent
          business impact
    Encrypt
          Redirect to perimeter encryption engine
          (PGP, IronPort, etc)
    Block
                                                    32
           Protecting Data at the Endpoint:
                     Data in Use


                Monitor                           Analyze                        Enforce




           Print & Burn           USB                    Copy and Save As             Actions & Controls
     •Local printers      •External hard drives       •Copy to Network shares    • Allow
     •Network printers    •Memory sticks              •Copy to external drives   • Justify
     •Burn to CDs/DVDs
      Burn                •Removable media
                           Removable                  •Save As to external       • Block
                                                      drives                     • Audit & Log


33
Rights Management Services




           Persistent
           Protection

  Encryption
               +        Policy:
                                  • Access Permissions
                                  • Use Right Permissions
    Use Case:
    Protecting Data with Rights Management
1. RMS admin 
creates RMS 
templates for data 
    p
protection              Rights Management             Legal 
                                                                          Outside law 
                                                                                                    Others
                                                                             firm                              Legal
                                                                                                             Contracts
2. DLP admin                                       View, Edit,                                                 RMS
                                                                               View             No Access
designs policies to                                   Print

find sensitive data 
and protect it                                          Find Legal Contracts              Contracts
using RMS                                            Apply Legal Contracts RMS            DLP Policy

                                     DLP
3. DLP discovers 
and classifies 
sensitive files                                                                       Legal department

4. DLP applies 
RMS controls 
RMS controls                                                                           Outside law firm
based on policy            Laptops/desktops


5.  Users request                             File shares         SharePoint
files ‐ RMS provides                                                                        Other

policy based access
 Discovering,
 Discovering Monitoring and
Managing Your Sensitive Data
                                                        Protect Corporate
         Comply With Regulations
                                                     Competitive Advantage




                    Personally Identifiable   Personal Health
 Credit Card Data                                                 Corporate Secret Data
                       Information (PII)      Information (PHI)




Unstructured                     Semi-Structured                            Structured
Questions?

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:10/17/2011
language:English
pages:37