dlp - a survey of strategies success factorsdrivers of dlp adoption • regulatory • corporate...
TRANSCRIPT
Our Framework
• DLP Defined
• The Problem
• Consequences & Impacts
• Solution Technology Review
• Strategies
Drivers of DLP Adoption• Regulatory
• Corporate Governance
• Due Diligence & Due Care
• Inflection point in threat / countermeasures
• Acceleration of innovation
• Political Impetus
• Information Economy will drive shift
Mass Collaboration
• Changes everything (How you work)
• More good people and ideas are outside your organization
• Organizational boundaries dissolving
• Harder to control, but higher return
• Value created through participatory platforms
• Innovation shift from in‐house
• GoldCorp, Inc.
Scenario
Problem: Henry has to complete an employee payroll spreadsheet by 9 a.m. on Monday, only he doesn't get the assignment until 4:30 Friday afternoon.
Henry’s Solution: "No problem," Henry says. "I'll just send it to my Yahoo account and do it from home this weekend."
What’s wrong with this picture?Confidential data, such as employee ID and payroll information, should never be sent to an unauthorized external address and never be sent in the clear. Henry wasn't trying to steal company information, he was just trying to get his job done. Here's where data‐leak‐prevention products excel. All those we tested will stop the data from leaving or alert someone in this type of situation.
Meet Henry from HR
Consequences & Impacts
• Significant.• Loss of customer & corporate data; • Loss of confidence / market share; • Business disruption: financial impact (TJX & Heartland); law enforcement involvement
• Theft of capital equipment• Productivity loss• Increased operational expense• Do it yourself or have it crammed down your throat
Engage Business Units
• Closest to the problem
• May need to help articulate business case
• Avoid “We are security of Borg”
THE INFORMATION OWNERS:Executives, Business Managers, Users, I.T. Staff
Understand Information & Risks
• Not all information is created equal
• Identify Data Owners
• Taxonomize or Classify Data
• Risk analysis: Exposure or Leaks
• Value / Risk Matrix
• Tiered controls aligned with Info Risk/Value
Be Opportunistic
• Not all information is created equal
• Internal Information vs. Customer Information
• Regulated Information
• Crown Jewels first!
• Consider Enclaveapproach– Information Value
– Functional Business Unit
Policy is Borrrringgggg
• Ready… FIRE!.. Aim…
• Failure indicators:–No policy–Poor indoctrination –Narrow your policy focus
Policy Win Themes
• Workable Policies–Realistic; Understandable; Aligned –Standards‐aligned
• Train, Measure, Improve–Available & accessible–Ongoing training–Event Metrics & Root cause analysis
Policy Win Themes
• Simplify Enforcement
• Institutionalize–Cross functional teams
–Compliance & Risk initiatives
– Ethics
–Metrics tied to incentives
– Strong Leadership
–Date & state‐based policy review
Prerequisites
• PMO
• Strong Identity Management
• Dedicated Teams
• Ownership Standards• Phased Deployment
• Confidentiality & NDAs• Adjacent needs
Low/No Cost Mitigation
• Reconnaissance
• Specialized Audit
• Standardized Computing Environment
• HIPS
• Training
• Protective Markings
• Embrace RBAC, GPOs, UAC/UBE
Data in Motion Considerations
• Training the Solution & Hidden Costs
• Flexibility of Analysis –Content vs. Context
–Partial matching / Fingerprinting
• Integration with Existing infrastructure
• Protocol Support
• Reporting / Filtering / Blocking
• Workflow
Data at Rest Considerations
• Discovery: Endpoint, Server and Storage
• Remote vs. Agent based scanning
• Analysis–Content vs. Context
–Rules & Expressions
– Fingerprinting
– Exact file & Partial Document matching
–Bayesian, Dictionaries, Metadata
• Enforcement
Architectural Considerations
• Passive vs. Active• Learning, Monitoring, Filtering, Blocking
• Centralized vs. Distributed• Network vs. Endpoint • Oversight