toyota motor engineering & manufacturing north america
TRANSCRIPT
Toyota Motor Engineering &
Manufacturing North America.
Data Loss
Prevention
Agenda
• Introduction
• Toyota
• DLP – What is it?
• Data lifecycle
• Terminology
• Traditionally
• New Challenges
• Best Practices
• Toyota & DLP
Introduction
• Jerry Bedwell CISSP CISM
• Risk Management specialist with Toyota Motor Manufacturing and Engineering
• Over 20 years of IT experience, 10+ years in Information Security
• Member of the FBI’s Infragard organization
• Graduate of the 2007 FBI Citizen Academy
The Toyota Way
14 Manufacturing Locations
Headquarters
ComponentVehicle Assembly
Engine Assembly R&D
12 Locally Produced Vehicles
Corolla
Matrix
VenzaTacoma
Highlander
RAV4
Sienna Tundra
SequoiaLexus RX 350
Avalon Camry/Camry Hybrid
DLP – What exactly is it?
• Definition – helps ensure that customer information, personal employee information, and research and development (R&D) data remains safe and secure.
• Most security measures are designed to protect a company's systems. Few such measures can protect against data loss especially once data moves outside the network perimeter. Data loss prevention solutions strategically protect your most important data-sensitive information that could cost your company the most damage to finances or reputation if it were compromised.
• Typical implementations – Data encryption and off the shelf products such as Lumension
• Goal is protection at REST, in MOTION, and in USE
Protecting the data through its lifecycle
Restscanning of storage and other content repositories to identify where sensitive content is located. We often call this content discovery. For example, you can use a DLP product to scan your servers and identify documents with credit card numbers. If the server isn’t authorized for that kind of data, the file can be encrypted or removed, or a warning sent to the file owner.
Motionmonitoring of traffic on the network to identify content being sent across specific communications channels. This would include monitoring email, instant messages, and web traffic for snippets of sensitive source code. In motion tools can often block based on central policies, depending on the type of traffic use.
Usemonitor data as the user interacts with it. For example, they can identify when you attempt to transfer a sensitive document to a USB drive and block it (as opposed to blocking use of the USB drive entirely). Data in use tools can also detect things like copy and paste, or use of sensitive data in an unapproved application (such as someone attempting to encrypt data to sneak it past the sensors).
Terminology
• Information leak prevention
• Data leak/loss prevention/protection
• Data leakage
• Data leak prevention (or content monitoring and filtering)
• . . .
• . . . keeping the valuable stuff where it belongs!
Common sources of data leakage
• User needs to create a report
User extracts data from a secure system and conducts the analysis on a less secure system such as their desktop/laptop. After analysis is complete, the user does not properly dispose of the information
Malicious activity
User copies information to a non-secure system or device (such as a thumb drive)
Outdated hardware is donated
Before the system is delivered, the hard drive is not properly cleaned and sensitive data is not removed
Traditionally…
• Messaging did not have appropriate controlsSolutions aimed at the external threats coming in, not the regulation and governance of internal communications going out
• Products offered inadequate protectionSolutions based on old ideas of “perimeter”
Unable to look into SSL
Unable to provide real-time detection and remediation
• Message analysis was ineffectiveDid not look into the intent of messaging
• Point solutions did not see the whole pictureSilos of policy, monitoring, enforcement, and reporting across different communication channels
New Challenges
• Information protection is an increasingly complex problem
Web, IM, Smart phones, USB devices
• Point solutions are impracticalNeed to move to multichannel protection, and beyond the network
Centralized policy, with distributed enforcement
• Information governance offers value, not just insuranceEnsure proper use and disposition of information in a business context
Enable good things as well as preventing bad things
• DLP products are key tools to help manage information risk
Deployment strategy: learn before acting
DLP solutions are maturing – Lumension, WebSense, Vontu, etc…
• Enterprise users . . . don’t like securityHave little initial knowledge of security
Value convenience
Are often ignorant of reg. security rules/policies
Feel to have the right to employee privacy
• They sometimes do . . . unintelligent thingsSend emails with inappropriate and sensitive content
Copy work-related information onto storage devices
Bring their work (e.g., laptops) into unsafe environments
Let outsiders (e.g., family members) use their work computers
• But also . . . are willing to improveAre receptive to incentives and enforcement
Obey corporate rules when enforced
Would like to be informed before they are about to make mistakes
Are concerned about job safety
• . . . are your company’s main assets!
The greatest Risk is the uninformed employee
Data Loss Prevention: Best Practices
Define DLP Needs
Prioritize Focus Comprehensive Administration and
Reporting
Use Best of Breed Solutions
Ensure Coverage Unobtrusive Solution
Toyota & DLP
• InitiativesComprehensive policies
REQUIRED Annual Information Security Training
ALL computer users must pass a quiz with a score of 80% before given credit for taking the training
Antivirus
ALL desktops and laptops
Standardized desktop and laptop images
Reduced local administrator presence
Users cannot install programs or make system changes without authorization
Enpoint protection using Lumension
Worldwide Presence & Recognition
London
England
Sydney
Australia
Melbourne - Florida
Compliance, Content,
Endpoint Security
Galway - Ireland
Endpoint Security
Luxembourg
Endpoint Security, Encryption
Scottsdale - Arizona
Endpoint Operations,
Platform Architecture
Singapore
16
• Offices worldwide
• More than 5,100 customers in 68 countries
• Strong partner base (400+ worldwide)
• Award-winning and Top ranked
Lumension Solution Strategy
Endpoint
SecurityEndpoint
Operations
Compliance
Endpoint Management & Security
“By 2011, leading enterprise
endpoint protection platform (EPP)
and PC lifecycle management
(PCLM) vendors will offer mature
integrated security and operations
tools. IT organizations should
understand the benefits of these
tools and develop a strategy for
adoption.”
Peter Firstbrook
Gartner Analyst ,2009
17
Background
1. Facilities
2. Systems
3. Organization
`
`
PaperElectronic
File
1. Enter/Exit 2. Carry In/Out 3. Photo
4. Firewall 5. Server 6. Web 7. Email 8. PC 9. Network 10. Mobile 11. Wiretap
12. Assets 13. Information Mgt 14. Contractor 15. Emergency 18. Training17. Regulate
Paper
16. Structure
This is Toyota’s highest priority because most leaks and information
loss occur by mobile device and media.
Mobile device is
high priority!
Toyota Security Guidelines
Removable Media Security
• LumensionLumension client is baked into the standard image
By default, all users are restricted from reading or writing data to/from removable media
Removable Media
Thumb drives, CD/DVDs, Floppy Disks, Local Printers, External Hard Drives
Rolled out Enterprise Wide 2008.
Over 12,000 clients
Centrally manages the removable media environment
Every user that is granted an exception is required to renew that exception annually
Logging
Shadow Copying
Password SecurityAn In-depth Look
Make Your Passwords Strong
Use a combination of characters, numbers, and
special characters when creating your passwords ex;
(A7#e$48C)
To aid memory, use first letter of words from a title or
phrase.
Your Password is YOURS!
Do not share your password with anyone
Do not write your password down
Set Strong Password Policy
Force password expiration at least every 60 days
Old passwords should not be used for at least 6 months
When Creating Passwords, Don’t…
Use words from the dictionary
Use simple patterns