SlideShare una empresa de Scribd logo

The Need for DLP now - A Clearswift White Paper

Ben Rothke
Ben Rothke

This white paper discusses the need for data loss prevention (DLP) solutions and provides guidance on implementing a DLP strategy. It notes that while companies secure physical assets like office supplies, data is often less protected. The paper outlines a multi-step approach to deploying DLP, including data discovery, classification, developing a DLP strategy involving multiple departments, addressing interim needs with secure gateways, and eventually selecting and testing DLP products. It emphasizes that DLP requires a long-term, systematic approach rather than being a quick fix, and should be integrated with other security and awareness practices.

Educación
1 de 8
Descargar para leer sin conexión
White paper The Need for DLP now A Clearswift White Paper Ben Rothke, CISSP CISA DLP (data leak prevention) Introduction is a powerful technology Anyone who has tried to replace a laser toner cartridge in corporate America knows the that can be used to plug the hassle. If you are lucky and there happens to be one in the supply closet, then signatures holes in the data leakage dam and a few keys later, the toner can be removed from the hollowed sanctums of the that is affecting a myriad office supply closet. As soon as the toner is taken, the door to the supply room is closed organizations worldwide. and secured. While DLP is a broad set of Evidently, firms feel there is a significant risk to leaving expensive toner cartridges features, of which would require a much longer unsecured, in the hands of employees who may pinch them. document, Clearswift is happy For some reason, these firms think that their trusted employees can’t be trusted with to offer this white paper as office supplies, which require them to be stored in locked areas. an introduction to the topic of DLP, which is one of the The truth is that a few bad apples can quickly steal thousands of dollars’ worth of office most important and powerful supplies and companies understand that they must be secured. tools in the information security industry toolkit. For similar reasons, companies will place asset tags on every chair, table, laptop, microwaves, etc. If these items are left unsecured and undocumented, the worst will likely happen. But when it comes to the terabytes of confidential and proprietary data on corporate networks, companies often use kid gloves to secure the data. This begs the question, why are office supplies subject to a higher level of security than the data? First off, take a moment and think of the myriad different types of data in your organization that need information security controls. Without much of an effort, you should be able to think of 10 types within in under a minute. Data types such as the following are just a few of the many in your organization: - Finance/spreadsheets HR - M&A - Customer private data - Social security numbers - Client lists - Sales forecasting data - R&D - Legal - Credit card numbers - Contact information - Marketing strategies For many years, Sun Microsystems noted that the network is the computer. With that, the network is the data, as data is the gold for many organizations. Imagine if it occurred that 500 office chairs were stolen, with asset tags. Not really such a big deal, as they are insured. But if a few gigabytes of data are lost from an organization, that can often mean significant impact and consequences, including: - Class action lawsuit - Public embarrassment - Expense to recover - Compliance violation (PCI DSS, Sarbanes-Oxley, GLBA, EURO-SOX, HIPAA/HITECH, UK Data Protection Act, California Senate Bill SB 1386, and many more) - Loss of customer trust - Diminished competitive advantage - Negative branding - Financial consequences With that, many organizations are turning to a DLP solution to help them in gaining control over their seemingly uncontrolled data stores. 1
Why DLP? There are a number of reasons why you want to consider a DLP solution. Gartner notes in their 2010 Buyer’s Guide to Content-Aware DLP http://www.gartner.com/DisplayDocume nt?id=1421941&ref=g_sitelink that content-aware DLP solutions offer a significant array of capabilities to organizations. Their key findings are that DLP: - Helps organizations to develop, educate and enforce effective business practices concerning the access, handling and transmission of sensitive data - Provides reporting and workflow to support identity and access management (IAM), regulatory compliance initiatives, intellectual property protection and data policy compliance management Those two areas alone are domains which nearly every company is struggling with. Other areas where DLP has shown to be of significant value is: - Helps organizations to develop, educate and enforce effective business practices concerning the handling and transmission of sensitive data - Dynamic application of policy based on the classification of content determined at the time of an operation - Early detection – which equates to earlier mitigation For many originations, they see DLP software and hardware as the answer to their information security problems. As I wrote in DLP – A security solution, not a security savior http://www.btsecurethinking.com/2009/12/dlp-%E2%80%93-a-security-solution- not-a-security-savior/, over the last few years. DLP has achieved critical mass. So what exactly is this security remedy called DLP? DLP refers to a set of software and hardware solutions that identify monitor and protect data, mainly via content inspection and contextual security analysis. One of the main benefits of a DLP solution is that it can detect and prevent the unauthorized use and transmission of confidential (as defined by the organization) information. DLP sounds like a slam-dunk security solution that every organization can use. Yet, as important as protecting data is, there’s more to DLP than simply rolling out a DLP solution. As noted in the beginning of this white paper, many organizations have much better knowledge of how many pencils they have in their supply closets, as opposed to how much data they have on their networks. DLP tools have data discovery capabilities and can scan data repositories and identify data. A decision can then be made if that data needs to be part of the protections scheme. The data can also be indexed as a way in which to start a process of determining who the data owner is. When looking at a products data discovery capabilities, one key area to look at is how many different data types it is able to identify. There are literally hundreds of different file formats in use; from Microsoft Office documents, multimedia, encrypted, zip, source code and many more. How does data leak? There are literally hundreds of ways (many of them in a manner many organizations can’t fathom) in which data can leak. The following table lists but a few of them. Careless mistakes, Accidently sending email Fat finger Disgruntled worker often when to a group rather than doing repetitive van individual mundane tasks Attaching the Not being careful when Hitting the send Malicious intent wrong file rushing to a deadline button too early Corporate espionage Outsourcers, business Poor firewall rules Lost USB, memory partners, contractors, card, DVD, etc. etc., with poor security practices Lost smartphones Lost backup tapes Data storage devices Phishing not properly sanitized Malware Insecure transmission of personal identifiable and other restricted data 2
Ultimately, think beyond DLP It is important to note that when considering a DLP solution, many companies are far too myopic and think that DLP works in a vacuum. Pragmatic firms don’t take such an approach and make sure to integrate DLP as part of their overall information security framework. The use DLP as one spoke in the larger information security wheel. By integrating DLP with other technologies and tools, including end-user awareness and training, DLP can be a very strong link in the information security chain. A multi-step approach to DLP nirvana So how does one take the theory of DLP and put it into practice? The following are a few steps to protect your data if you decide to deploy a DLP solution: Step 1 – Level set Realize that the DLP will not solve all of your data security issues, or mitigate its risks. DLP is but one part of a larger set of information security tools. Step 2 – You can only protect your data if you know where it is Every year, public companies produce annual reports. In the balance sheet section, a company notes how much cash on hand it has. These companies are expected to accurately know this and other crucial financial details. Yet how many of these companies can produce an annual report for their data? The following should be a simple question for an organization - how much data resides on your networks? How much of that data is in long-term storage? Archived? Perhaps 1 in 100 organizations can produce a reasonable answer regarding their data libraries. The main point to consider is that there is far too much data in motion that companies are oblivious to. It is impossible to protect data an organization is unaware of, where it is stored, or where it is traversing. Therefore, the first step in data protection is to identify where the corporate data is. By performing a data discovery project, you can find all the data on your network. Note though that this is a detailed endeavor. Expect it to take weeks if not months to locate, diagram and document all of your major data storage locations. 3
Step 3 – Data classification Not all data is equal. You therefore need a project to classify data to understand what needs to be protected and the reason for it. Detail the risks to confidentiality and list common risk scenarios that may arise from inappropriate data leakage. Think of security as insurance for your data and you only need to insure items of value. The first step in a DLP endeavor is to define what your valuable or sensitive data is. How much of your data is secret? More than you think. According to Forrester http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.pdf, secrets comprise two-thirds of the value of firms’ information portfolios. Despite the increasing mandates enterprises face, custodial data assets aren’t the most valuable assets in enterprise information portfolios. Proprietary knowledge and company secrets, by contrast, are twice as valuable as the custodial data. And as recent company attacks illustrate, secrets are targets for theft. Step 4 – DLP strategy A DLP solution can’t be deployed in a vacuum. Organizations need to develop a formal DLP strategy that details the specific business and technology needs and requirements. Many vendors position their DLP solutions differently, so it is important that you document their DLP solutions differently. And it’s important that you document your requirements, and not simply map it to their product offering. A mistake that too many organizations make is that they get into the minutia of DLP, before developing their high-level DLP strategy. First start with the high-level objectives, and only then, do deep into the requirements. When you do get to the requirements phase, realize that DLP is not strictly an IT solution. Organizations that have effectively deployed DLP did it with input from various entities in their origination. While this is not a definitive list, ensure that at the very least, these departments are included: - Business owners - Legal - IT audit - Finance - Internal audit - Information security - Technology operations Note that the legal department is mentioned in the above list. For many IT professionals, working with legal is a foreign concept to them; but that should not be the case. Given that DLP includes monitoring of proprietary and personal data, your corporate legal department needs to give their approval to the DLP project to ensure that the monitoring does not violate any laws or requirements. For those entities in the European Union, this can’t be overemphasized as EU directive on data protection can quickly be violated with DLP if you are not careful. As you develop your strategy, take into consideration that DLP is a long-term endeavor; read: years not months. DLP is undoubtedly not a plug and play technology. From the time you start thinking of DLP, until the point that it is fully deployed and optimized, requires time and dedication. 4
What do you do when the CIO wants the DLP working now, not next year? Note that the previous paragraph uses years and DLP in the same sentence. But what about those firms that don’t want a full-blown enterprise DLP solution, rather an interim solution to get up and running quickly? What do you do when the CIO balks about the extended time to production and insists that the DLP solution be up and running this quarter, not next year. The Clearswift Secure Web and Email Gateway solutions are a perfect complement for those that want the functionality of a DLP solution without the extensive time and effort required. The Secure Gateways incorporates basic as well as advanced DLP capabilities natively. From built-in e-mail encryption, to anti-spam/anti-malware capabilities and more, theGateways have been well-received by large clients, as well as small and midsize businesses (SMBs) that are with DLP deployments of less than 3,000 users. The content security gateways can be quickly deployed to stop data leakage issues, and you can see the positive effect within hours. Many organizations prefer this approach, as it can rapidly immediately be put into execution, showing direct results. For those organizations that want to take this approach, the first step would be to identify the data in transit today so that accidental leakage (such as inadvertent transmittal of confidential documents) can be detected by the email and web gateways and stopped before its leaks out. In fact, Gartner writes in 2010 Content-Aware Data Loss Prevention FAQs that firms should “develop a two- to three-year road map for the deployment of capabilities from initial monitoring only to active blocking”. For those that don’t want to for that two- to three-year road map to complete, Clearswift Secure Web Gateway is an effective respite. Gartner also write that organizations can balance DLP feature richness against cost by knowing at the outset what the type and scale of the problem is that you are trying to solve. From this, you can then develop both the business requirements of the technology and the supporting processes, and also the tolerance for operational costs that are likely to be incurred post-deployment. Finally, many DLP initiatives get immediately blackballed when organizations see the price tag, which is often exorbitant. In Budgeting the Costs of Content-Aware DLP Solutions - Gartner in the report notes that the average DLP full solution price ranges from $350,000 to $750,000. The Clearswift Secure Gateways are a fraction of that cost. 5
So why does it often take a year or more to fully deploy a DLP solution? This is due to the fact that yet another mistake organizations make is attempting to take their data anarchy, and have it managed by DLP. Making DLP work means taking small steps at first, and then expanding on that. Many IT projects fail from too large of an initial scope. Therefore, start small, get initial victories and successes, and then expand. At the commencement of the project, start with the most critical and sensitive data; such as confidential data and laptops and mobile devices. Once you get that in order, then move to other systems and those with less critical data. Most organizations have far too much data to try to secure with DLP in one fell swoop. Since laptops were mentioned, note that while laptops and notebooks are great productivity tools, they are also one of the greatest mechanisms in the world of data leakage and data theft. Their level of convenience and accessibility are in direct response to the raw amount of data that can be compromised. In fact, a committed adversary will target the laptop of an executive or senior management, given the treasure trove of data residing on it. It is worth noting that this step does not have anything to do with vendors, as that is in step 5. You’re ready for primetime DLP strategy should be complete before engaging with a DLP vendor. Many DLP projects sometimes lose funding between the strategy stage and the deployment stage. In order to gain greater management support and business justification for the project, a good idea is to determine the number of DLP violations. Showing management DLP metrics such as how many credit card or social security numbers were quarantined is a great way to demonstrate the value of DLP technology. Finally, for those serious about a DLP strategy, the report from Gartner Develop an Enterprise Strategy for Data Loss Prevention http://www.gartner.com/ DisplayDocument?id=1383713 is quite valuable, and can be used as a guide. Step 5 – Product selection, testing and deployment Once the requirements are documented, the next step is to create a pilot to test a number of DLP products. Ensure various use cases are tested to analyze the product in different scenarios. Have specific and objective metrics to ensure value controls are tested and that your outputs are accurate. 6
Conclusion Overall, DLP is a great security technology, but it is not security pixie dust that can magically secure your network. The steps listed here are a few of the many that need to be done for a formal DLP rollout. By taking such a tactical approach to DLP, you can ensure that it really does prevent your data from being lost. For many organization, an enterprise-grade DLP solution may be overkill. Given the cost and effort required, many organizations are finding that it is better in the long run for them to start with the Clearswift Secure Gateway solution, given that it provides the short-term benefits and immediate interim success it can provide. These organizations find that once they have the Secure Web and Email Gateway solutions fully deployed and working, it is only then that they decided to consider a full-blown DLP package. About the author Ben Rothke, CISSP, CISM, CISA is a New York City based senior security consultant with BT Professional Services and has over 15 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography and security policy development, with a specialization in the financial services and aviation sectors. Ben is the author of Computer Security - 20 Things Every Employee Should Know http://books.mcgraw-hill.com/getbook.php?isbn=0072262826&template=osborne (McGraw-Hill), and writes a monthly security book review for Security Management magazine. He is also a frequent speaker at industry conferences, such as CSI, RSA, and MISTI, holds numerous industry certifications, and is a member of ASIS, CSI, Society of Payment Security Professionals and InfraGard. 7
Get in Touch Clearswift Ltd 1310 Waterside Arlington Business Park Theale Reading Berkshire RG7 4SA Tel : +44 (0) 118 903 8903 Fax : +44 (0) 118 903 9000 Sales: +44 (0) 118 903 8700 Technical Support: +44 (0) 118 903 8200 Email: info@clearswift.com

Recomendados

Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2olambel
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives- Mark - Fullbright
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 

Recomendados

Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2olambel
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives- Mark - Fullbright
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentAubrey Owens
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud PrivacyAct-On Software
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48Resilient Systems
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson
 
IT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperIT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperSarahSanders60
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdfLaLaBlaGhvgT
 

Más contenido relacionado

La actualidad más candente

Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentAubrey Owens
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson
 
IT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperIT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperSarahSanders60
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 

La actualidad más candente (20)

Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Big data security
Big data securityBig data security
Big data security
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case Assessment
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
 
IT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperIT Asset Retirement Plan White Paper
IT Asset Retirement Plan White Paper
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 

Similar a The Need for DLP now - A Clearswift White Paper

Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdfLaLaBlaGhvgT
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
The 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementThe 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementJumpCloud
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellenceMudit Mangal
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialDana Gardner
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
Cloud Computing Panel - NYCLA
Cloud Computing Panel - NYCLACloud Computing Panel - NYCLA
Cloud Computing Panel - NYCLARaj Goel
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)pabatan
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
Clearswift | Leading Provider of Advanced Content Threat Protection
Clearswift | Leading Provider of Advanced Content Threat ProtectionClearswift | Leading Provider of Advanced Content Threat Protection
Clearswift | Leading Provider of Advanced Content Threat ProtectionCIO Look Magazine
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 

Similar a The Need for DLP now - A Clearswift White Paper (20)

Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
The 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementThe 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity Management
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellence
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to Maturity
 
Data Security.pdf
Data Security.pdfData Security.pdf
Data Security.pdf
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
Cloud Computing Panel - NYCLA
Cloud Computing Panel - NYCLACloud Computing Panel - NYCLA
Cloud Computing Panel - NYCLA
 
Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)Enterprise Digital Rights Management (Persistent Security)
Enterprise Digital Rights Management (Persistent Security)
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
 
Clearswift | Leading Provider of Advanced Content Threat Protection
Clearswift | Leading Provider of Advanced Content Threat ProtectionClearswift | Leading Provider of Advanced Content Threat Protection
Clearswift | Leading Provider of Advanced Content Threat Protection
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Big data security
Big data securityBig data security
Big data security
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
 

Más de Ben Rothke

Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Ben Rothke
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionBen Rothke
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systemsBen Rothke
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comBen Rothke
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligattBen Rothke
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperBen Rothke
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010Ben Rothke
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceBen Rothke
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftBen Rothke
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 

Más de Ben Rothke (20)

Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 

Último

Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 

Último (20)

Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

The Need for DLP now - A Clearswift White Paper

  • 1. White paper The Need for DLP now A Clearswift White Paper Ben Rothke, CISSP CISA DLP (data leak prevention) Introduction is a powerful technology Anyone who has tried to replace a laser toner cartridge in corporate America knows the that can be used to plug the hassle. If you are lucky and there happens to be one in the supply closet, then signatures holes in the data leakage dam and a few keys later, the toner can be removed from the hollowed sanctums of the that is affecting a myriad office supply closet. As soon as the toner is taken, the door to the supply room is closed organizations worldwide. and secured. While DLP is a broad set of Evidently, firms feel there is a significant risk to leaving expensive toner cartridges features, of which would require a much longer unsecured, in the hands of employees who may pinch them. document, Clearswift is happy For some reason, these firms think that their trusted employees can’t be trusted with to offer this white paper as office supplies, which require them to be stored in locked areas. an introduction to the topic of DLP, which is one of the The truth is that a few bad apples can quickly steal thousands of dollars’ worth of office most important and powerful supplies and companies understand that they must be secured. tools in the information security industry toolkit. For similar reasons, companies will place asset tags on every chair, table, laptop, microwaves, etc. If these items are left unsecured and undocumented, the worst will likely happen. But when it comes to the terabytes of confidential and proprietary data on corporate networks, companies often use kid gloves to secure the data. This begs the question, why are office supplies subject to a higher level of security than the data? First off, take a moment and think of the myriad different types of data in your organization that need information security controls. Without much of an effort, you should be able to think of 10 types within in under a minute. Data types such as the following are just a few of the many in your organization: - Finance/spreadsheets HR - M&A - Customer private data - Social security numbers - Client lists - Sales forecasting data - R&D - Legal - Credit card numbers - Contact information - Marketing strategies For many years, Sun Microsystems noted that the network is the computer. With that, the network is the data, as data is the gold for many organizations. Imagine if it occurred that 500 office chairs were stolen, with asset tags. Not really such a big deal, as they are insured. But if a few gigabytes of data are lost from an organization, that can often mean significant impact and consequences, including: - Class action lawsuit - Public embarrassment - Expense to recover - Compliance violation (PCI DSS, Sarbanes-Oxley, GLBA, EURO-SOX, HIPAA/HITECH, UK Data Protection Act, California Senate Bill SB 1386, and many more) - Loss of customer trust - Diminished competitive advantage - Negative branding - Financial consequences With that, many organizations are turning to a DLP solution to help them in gaining control over their seemingly uncontrolled data stores. 1
  • 2. Why DLP? There are a number of reasons why you want to consider a DLP solution. Gartner notes in their 2010 Buyer’s Guide to Content-Aware DLP http://www.gartner.com/DisplayDocume nt?id=1421941&ref=g_sitelink that content-aware DLP solutions offer a significant array of capabilities to organizations. Their key findings are that DLP: - Helps organizations to develop, educate and enforce effective business practices concerning the access, handling and transmission of sensitive data - Provides reporting and workflow to support identity and access management (IAM), regulatory compliance initiatives, intellectual property protection and data policy compliance management Those two areas alone are domains which nearly every company is struggling with. Other areas where DLP has shown to be of significant value is: - Helps organizations to develop, educate and enforce effective business practices concerning the handling and transmission of sensitive data - Dynamic application of policy based on the classification of content determined at the time of an operation - Early detection – which equates to earlier mitigation For many originations, they see DLP software and hardware as the answer to their information security problems. As I wrote in DLP – A security solution, not a security savior http://www.btsecurethinking.com/2009/12/dlp-%E2%80%93-a-security-solution- not-a-security-savior/, over the last few years. DLP has achieved critical mass. So what exactly is this security remedy called DLP? DLP refers to a set of software and hardware solutions that identify monitor and protect data, mainly via content inspection and contextual security analysis. One of the main benefits of a DLP solution is that it can detect and prevent the unauthorized use and transmission of confidential (as defined by the organization) information. DLP sounds like a slam-dunk security solution that every organization can use. Yet, as important as protecting data is, there’s more to DLP than simply rolling out a DLP solution. As noted in the beginning of this white paper, many organizations have much better knowledge of how many pencils they have in their supply closets, as opposed to how much data they have on their networks. DLP tools have data discovery capabilities and can scan data repositories and identify data. A decision can then be made if that data needs to be part of the protections scheme. The data can also be indexed as a way in which to start a process of determining who the data owner is. When looking at a products data discovery capabilities, one key area to look at is how many different data types it is able to identify. There are literally hundreds of different file formats in use; from Microsoft Office documents, multimedia, encrypted, zip, source code and many more. How does data leak? There are literally hundreds of ways (many of them in a manner many organizations can’t fathom) in which data can leak. The following table lists but a few of them. Careless mistakes, Accidently sending email Fat finger Disgruntled worker often when to a group rather than doing repetitive van individual mundane tasks Attaching the Not being careful when Hitting the send Malicious intent wrong file rushing to a deadline button too early Corporate espionage Outsourcers, business Poor firewall rules Lost USB, memory partners, contractors, card, DVD, etc. etc., with poor security practices Lost smartphones Lost backup tapes Data storage devices Phishing not properly sanitized Malware Insecure transmission of personal identifiable and other restricted data 2
  • 3. Ultimately, think beyond DLP It is important to note that when considering a DLP solution, many companies are far too myopic and think that DLP works in a vacuum. Pragmatic firms don’t take such an approach and make sure to integrate DLP as part of their overall information security framework. The use DLP as one spoke in the larger information security wheel. By integrating DLP with other technologies and tools, including end-user awareness and training, DLP can be a very strong link in the information security chain. A multi-step approach to DLP nirvana So how does one take the theory of DLP and put it into practice? The following are a few steps to protect your data if you decide to deploy a DLP solution: Step 1 – Level set Realize that the DLP will not solve all of your data security issues, or mitigate its risks. DLP is but one part of a larger set of information security tools. Step 2 – You can only protect your data if you know where it is Every year, public companies produce annual reports. In the balance sheet section, a company notes how much cash on hand it has. These companies are expected to accurately know this and other crucial financial details. Yet how many of these companies can produce an annual report for their data? The following should be a simple question for an organization - how much data resides on your networks? How much of that data is in long-term storage? Archived? Perhaps 1 in 100 organizations can produce a reasonable answer regarding their data libraries. The main point to consider is that there is far too much data in motion that companies are oblivious to. It is impossible to protect data an organization is unaware of, where it is stored, or where it is traversing. Therefore, the first step in data protection is to identify where the corporate data is. By performing a data discovery project, you can find all the data on your network. Note though that this is a detailed endeavor. Expect it to take weeks if not months to locate, diagram and document all of your major data storage locations. 3
  • 4. Step 3 – Data classification Not all data is equal. You therefore need a project to classify data to understand what needs to be protected and the reason for it. Detail the risks to confidentiality and list common risk scenarios that may arise from inappropriate data leakage. Think of security as insurance for your data and you only need to insure items of value. The first step in a DLP endeavor is to define what your valuable or sensitive data is. How much of your data is secret? More than you think. According to Forrester http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.pdf, secrets comprise two-thirds of the value of firms’ information portfolios. Despite the increasing mandates enterprises face, custodial data assets aren’t the most valuable assets in enterprise information portfolios. Proprietary knowledge and company secrets, by contrast, are twice as valuable as the custodial data. And as recent company attacks illustrate, secrets are targets for theft. Step 4 – DLP strategy A DLP solution can’t be deployed in a vacuum. Organizations need to develop a formal DLP strategy that details the specific business and technology needs and requirements. Many vendors position their DLP solutions differently, so it is important that you document their DLP solutions differently. And it’s important that you document your requirements, and not simply map it to their product offering. A mistake that too many organizations make is that they get into the minutia of DLP, before developing their high-level DLP strategy. First start with the high-level objectives, and only then, do deep into the requirements. When you do get to the requirements phase, realize that DLP is not strictly an IT solution. Organizations that have effectively deployed DLP did it with input from various entities in their origination. While this is not a definitive list, ensure that at the very least, these departments are included: - Business owners - Legal - IT audit - Finance - Internal audit - Information security - Technology operations Note that the legal department is mentioned in the above list. For many IT professionals, working with legal is a foreign concept to them; but that should not be the case. Given that DLP includes monitoring of proprietary and personal data, your corporate legal department needs to give their approval to the DLP project to ensure that the monitoring does not violate any laws or requirements. For those entities in the European Union, this can’t be overemphasized as EU directive on data protection can quickly be violated with DLP if you are not careful. As you develop your strategy, take into consideration that DLP is a long-term endeavor; read: years not months. DLP is undoubtedly not a plug and play technology. From the time you start thinking of DLP, until the point that it is fully deployed and optimized, requires time and dedication. 4
  • 5. What do you do when the CIO wants the DLP working now, not next year? Note that the previous paragraph uses years and DLP in the same sentence. But what about those firms that don’t want a full-blown enterprise DLP solution, rather an interim solution to get up and running quickly? What do you do when the CIO balks about the extended time to production and insists that the DLP solution be up and running this quarter, not next year. The Clearswift Secure Web and Email Gateway solutions are a perfect complement for those that want the functionality of a DLP solution without the extensive time and effort required. The Secure Gateways incorporates basic as well as advanced DLP capabilities natively. From built-in e-mail encryption, to anti-spam/anti-malware capabilities and more, theGateways have been well-received by large clients, as well as small and midsize businesses (SMBs) that are with DLP deployments of less than 3,000 users. The content security gateways can be quickly deployed to stop data leakage issues, and you can see the positive effect within hours. Many organizations prefer this approach, as it can rapidly immediately be put into execution, showing direct results. For those organizations that want to take this approach, the first step would be to identify the data in transit today so that accidental leakage (such as inadvertent transmittal of confidential documents) can be detected by the email and web gateways and stopped before its leaks out. In fact, Gartner writes in 2010 Content-Aware Data Loss Prevention FAQs that firms should “develop a two- to three-year road map for the deployment of capabilities from initial monitoring only to active blocking”. For those that don’t want to for that two- to three-year road map to complete, Clearswift Secure Web Gateway is an effective respite. Gartner also write that organizations can balance DLP feature richness against cost by knowing at the outset what the type and scale of the problem is that you are trying to solve. From this, you can then develop both the business requirements of the technology and the supporting processes, and also the tolerance for operational costs that are likely to be incurred post-deployment. Finally, many DLP initiatives get immediately blackballed when organizations see the price tag, which is often exorbitant. In Budgeting the Costs of Content-Aware DLP Solutions - Gartner in the report notes that the average DLP full solution price ranges from $350,000 to $750,000. The Clearswift Secure Gateways are a fraction of that cost. 5
  • 6. So why does it often take a year or more to fully deploy a DLP solution? This is due to the fact that yet another mistake organizations make is attempting to take their data anarchy, and have it managed by DLP. Making DLP work means taking small steps at first, and then expanding on that. Many IT projects fail from too large of an initial scope. Therefore, start small, get initial victories and successes, and then expand. At the commencement of the project, start with the most critical and sensitive data; such as confidential data and laptops and mobile devices. Once you get that in order, then move to other systems and those with less critical data. Most organizations have far too much data to try to secure with DLP in one fell swoop. Since laptops were mentioned, note that while laptops and notebooks are great productivity tools, they are also one of the greatest mechanisms in the world of data leakage and data theft. Their level of convenience and accessibility are in direct response to the raw amount of data that can be compromised. In fact, a committed adversary will target the laptop of an executive or senior management, given the treasure trove of data residing on it. It is worth noting that this step does not have anything to do with vendors, as that is in step 5. You’re ready for primetime DLP strategy should be complete before engaging with a DLP vendor. Many DLP projects sometimes lose funding between the strategy stage and the deployment stage. In order to gain greater management support and business justification for the project, a good idea is to determine the number of DLP violations. Showing management DLP metrics such as how many credit card or social security numbers were quarantined is a great way to demonstrate the value of DLP technology. Finally, for those serious about a DLP strategy, the report from Gartner Develop an Enterprise Strategy for Data Loss Prevention http://www.gartner.com/ DisplayDocument?id=1383713 is quite valuable, and can be used as a guide. Step 5 – Product selection, testing and deployment Once the requirements are documented, the next step is to create a pilot to test a number of DLP products. Ensure various use cases are tested to analyze the product in different scenarios. Have specific and objective metrics to ensure value controls are tested and that your outputs are accurate. 6
  • 7. Conclusion Overall, DLP is a great security technology, but it is not security pixie dust that can magically secure your network. The steps listed here are a few of the many that need to be done for a formal DLP rollout. By taking such a tactical approach to DLP, you can ensure that it really does prevent your data from being lost. For many organization, an enterprise-grade DLP solution may be overkill. Given the cost and effort required, many organizations are finding that it is better in the long run for them to start with the Clearswift Secure Gateway solution, given that it provides the short-term benefits and immediate interim success it can provide. These organizations find that once they have the Secure Web and Email Gateway solutions fully deployed and working, it is only then that they decided to consider a full-blown DLP package. About the author Ben Rothke, CISSP, CISM, CISA is a New York City based senior security consultant with BT Professional Services and has over 15 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography and security policy development, with a specialization in the financial services and aviation sectors. Ben is the author of Computer Security - 20 Things Every Employee Should Know http://books.mcgraw-hill.com/getbook.php?isbn=0072262826&template=osborne (McGraw-Hill), and writes a monthly security book review for Security Management magazine. He is also a frequent speaker at industry conferences, such as CSI, RSA, and MISTI, holds numerous industry certifications, and is a member of ASIS, CSI, Society of Payment Security Professionals and InfraGard. 7
  • 8. Get in Touch Clearswift Ltd 1310 Waterside Arlington Business Park Theale Reading Berkshire RG7 4SA Tel : +44 (0) 118 903 8903 Fax : +44 (0) 118 903 9000 Sales: +44 (0) 118 903 8700 Technical Support: +44 (0) 118 903 8200 Email: info@clearswift.com