For many organizations, there is an unsettling reality that they do not have the adequate visibility over critical data assets within their environment. This is one of many factors that are driving companies to consider Data Loss Prevention (DLP) technologies. In this session, we’ll remove the typical fear, uncertainty and doubt spin surrounding this technology and focus on a holistic solution that leverages this technology to enable your business.
1. Data Loss Prevention
Eliminate the Hype and Enable Your Business
Andrew Engelbert, CISSP, CISM
IT Risk Management
Delivery Services Manager
2. Speaker Bio
• Andrew Engelbert – Delivery Manager, IT Risk Management,
CISSP, CISM
• 12 years IT experience (7 years in Risk Management). Held
various positions at health care, insurance, financial services
and IT consulting organizations.
• Extensive knowledge and experience with both traditional and
non-traditional programmatic and assessment methodologies,
organizational and IT-based policies and procedures, security
controls and current industry standards (ISO, PCI, HIPAA, GLBA,
FACTA).
Corporate Profile
3. Agenda
• Business Drivers
• DLP Problem Space
• Common Challenges
• People, Process and Policy
• Technology Solutions
• Fear, Uncertainty and Doubt
• Enable Your Business
Corporate Profile
5. Business Drivers
• Regulatory, Customer or Business Partner
requirement
• Proactive risk management initiative
– Increased data visibility
• Cost of doing business in today’s world
• Reaction to ‘potential’ data breach (Hopefully not!)
Corporate Profile
7. DLP Problem Space
Data types Risk areas DLP approach
IN MOTION Email Webmail, IM/chat File sharing Encrypted Network
(DIM) (int+ext) blogs, etc. content
DATA IN USE USB sticks CDs/DVDs iPods External Printouts Endpoint
(DIU) hard drives
AT REST Desktops Databases / Mail archives File shares Document Discovery
(DAR) repositories management
systems
Corporate Profile
9. Common Challenges
• Obtaining executive support
• Identifying what are data you trying to protect?
– Data at rest
– Data in transit
– Data in motion
• Understanding your threat landscape
– Business impact analysis
– Existing control points (prevent, detect, respond)
– Establish loss implications
Corporate Profile
10. Common Challenges
• Data collection and analysis
– Volume of data to review can be overwhelming
– False positive research and analysis
• Employee education and awareness
• Undocumented policies and procedures
• Clearly defined roles and responsibilities
Corporate Profile
12. People, Process and Policy
• Get the right people involved
– HR, Legal, InfoSec, LOB leadership, General Council
• Understand the scope of your solution
– Consider a phased approach (Monitor, Discover,
Detect, Prevent)
• Open and honest communication
– Clear, concise, consistent, useful
Corporate Profile
13. People, Process and Policy
• Education and awareness campaign
– Explain requirements and expectations from
regulators, customers and business partners
– Cost of doing business in today’s world
– Identify a single point of contact for questions
Corporate Profile
14. People, Process and Policy
• Business Interviews
– Identify stakeholders within each business unit
– Identify incident owners and points of contact for
specific data classifications
– Capture and distribute specific regulatory
requirements to impacted areas
Corporate Profile
15. People, Process and Policy
• Collect and Review Data
– Target key data entry and exit points based on
scope
– Minimum of 60 to 90 days
• Data Validation
– Elimination of False Positives
– Exact Data Matching & Indexing Capabilities
Corporate Profile
16. People, Process and Policy
• Data Classification
– Identify classification criteria
– Identify data owners
– Review compliance requirements
• Incident Management
– Escalation criteria & processes
– Automation of incident responses
– Enable compliance triggers
Corporate Profile
17. People, Process and Policy
• Data Use
• General Acceptable Use
• Business Partner Contracts
Corporate Profile
19. Technology Solutions
• The threat of a data breach can be significantly mitigated
through the use of today’s DLP technology
• Data loss prevention solutions can provide a clear return
on investment (ROI) and a manageable total cost of
ownership (TCO).
Corporate Profile
20. Technology Solutions
Technology
Solutions
• Choose your approach
• Understand your needs before reviewing vendor
products.
• Leverage risk modeling solutions and expertise
from resources you trust.
• Find the product that addresses your particular
needs.
• Don’t use band aids
Corporate Profile
22. Technology Solutions
Vendor Areas of Focus:
• Endpoint (laptops/desktops)
• Data at Rest (file servers, archives, mail boxes)
• Data in Motion (email, web, IM, P2P)
• Encryption (whole disk encryption, or targeted
data encryption)
• Content Filtering
• Monitor vs Blocking
Corporate Profile
24. Fear, Uncertainty and Doubt
• Data Loss Prevention technology is not the silver bullet.
• The “Whole” solution may not be required.
• Technology alone is not the answer.
• Multiple vendor solutions may be required.
Corporate Profile
26. Enable Your Business
• Leverage executive support
• Establish DLP strategies and objectives
• Educate and communicate
• Highlight relevant data loss examples and explain the
potential impact
Corporate Profile
27. Enable Your Business
• Proactive versus reactive incident management
• Increase your data visibility
• Implement a structured and repeatable DLP policy
development and management process
• Prioritize findings and take action
Corporate Profile
28. Enable Your Business
• Automated the incident response workflow process
• Clearly define roles and responsibilities
• Share results with executive management
Corporate Profile
29. Summary
• Prepare, plan and execute your DLP strategy
• Leverage executive management support
• Communicate, communicate, communicate
• People, Process and Policy approach
• Align DLP technology with your goals and objectives
Corporate Profile