of 14

McAfee 4

Published on June 2016 | Categories: Documents | Downloads: 6 | Comments: 0
110 views

Comments

Content

Securing your Stored Data with DLP
Alex de Graaf
Senior Manager Sales Engineering Emerging Markets EMEA McAfee, Inc.
May 20, 2011

«DLP«
Data Loss? or Data Leakage?
2 May 20, 2011
Confidential McAfee Internal Use Only

Data Loss«
‡ We lose stuff! You put something down, you get distracted, you forget about it and it¶s gone. Stuff falls out of our pockets and bags all the time. ‡ Oktoberfest At Oktoberfest many smart stupid people lost a lot stuff including 410 wallets, 4 wedding rings, 1 toaster, 1 set of dentures, 1 prosthetic leg and 320 mobile phones. ‡ Mobile Phones While wallets are problematic, phones are the biggest issue here.
± Number of phones left in taxis every 6 months = 3 per taxi. ± Number of phones stolen in London alone = 10,000 per month!!! ± Our phones transmit almost 17 billion texts per day, 52% of us store passwords on our phones, 87.5 million of us bank on our phones.

3

May 20, 2011

Confidential McAfee Internal Use Only

Data Leakage«
‡ What part of the computer is causing the most of data leakage?
± The end-user!

‡ As enterprises deploy more systems to promote information sharing, the more information leaks ‡ Are you using the right technology? ‡ Data leakage can not only cause financial loss, but also lead to loss of reputation, loss of clients, cause embarrassment to the Organization and could lead to legal liability.

4

May 20, 2011

Confidential McAfee Internal Use Only

Data & Risk: What¶s driving the need?
Compliance
Are there regulatory risks?

Critical Infrastructure
Are insiders creating vulnerabilities? Are intruders gaining access and removing data?

Competitive Advantage
Are insiders putting the organization at risk? Are you better able to protect your customers¶ and partners¶ data?

Corporate Governance
Do employees respect and adhere to internal policies and controls?

Confidential McAfee Internal Use Only

Data & Risk: Fear of the Unknown
‡ Lost / stolen devices and media ‡ Blogs, Email, Chat ‡ Sensitive information ‡ ³Trusted´ employees

KNOWN

UNKNOWN

³Where´ is the data?

How do I get effective protection in place in a ³timely´ manner? ³What´ data needs protection? ³Who´ should have access to the data?

How do I ³automate´ processes to reduce audit costs?

Confidential McAfee Internal Use Only

Where¶s your Data?

Data-atRest
Identify, Classify and Protect
Desktops Notebooks Databases Mail Archives File Shares Docu Mgmt Sys

Data-inMotion
Monitor, Notify, Prevent

Data-inUse
Enforce, Audit and Respond

Email Webmail IM / Chat Blogs File Sharing

USB Sticks CD / DVD iPod Ext. Hard drives Printouts

Confidential McAfee Internal Use Only

Data & Risk: It¶s all about the data!
Compliance
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ SOX HIPAA PCI Credit Card numbers GLBA FISMA ITAR SB 1386 Others
DPA PA EUDPD P Sol ency II Basel II CPC Art 43 SA-P SA-PL

Intellectual Property
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Customer Lists Price/Cost Lists Target Customer Lists New Designs Company Logo Source Code Formulas Process Advantages Pending Patents

High Business Impact (HBI) Information
‡ ‡ ‡ ‡ ‡ ‡ ‡ Board Minutes Financial Reports Merger/Acquisitions Product Plans Hiring/Firing/RIF Plans Salary Information Acceptable Use

GLBA B

J-SOX J- X

«and Importantly:
What you did not know needed protection
‡ Review of Key Employee actions before they announced departure ‡ Unreported but Important Memos/Reports ‡ Code names of projects not reported to Security department

©

T -93 DTO-93 DPA P

CPA

¡ 

  

¥



¦ ¥

¦ ¥ ¦    ¦ ¦ £¡ ¢   ¦ ©¨ ¡ ¥

PCI

© ¥

PIPEDA PIP A I C FFIEC Sar anes ar Oxley ley HIP HIPAA FISMA I P DPA

¥ ¥§¤

¤ 

¦ ¥¤

  

ITS IT MITS

R-DPL - P

Confidential McAfee Internal Use Only

The DLP Challenge«

DLP Challenge«
³Protect all sensitive data! «and don¶t interfere with the business!´

Simple to say, but «
‡ What data?

‡ From whom? ‡ Where is the data?

Confidential McAfee Internal Use Only

Understand the Risk! The First Step: Understand the Risk!
Data Protection needs to be tightly woven into the business!
Sensitive and confidential information can be lost anywhere The threat comes from the outside AND the inside!

Technology is NOT the hard part
Aligning the business stakeholder is key Raise the awareness level for the threat

Data protection is not a static decision
Information is constantly changing & travelling Partners are changing, so solutions need to evolve

Confidential McAfee Internal Use Only

Understand the Risk!
1. Focus on risk drivers specific to your organization
Compliance, Intellectual Property Business information, staff related information Legal information

2.

Define most critical vectors
Data-at-Rest, Data-in-Motion, Data-in-Use Location of data Focus on data that travels

3.

Determine the functional stakeholders¶ needs
Interview stakeholders; i.e. legal, HR, compliance, « Define their needs & requirements

Confidential McAfee Internal Use Only

Indentify, Classify and Protect your data!

First Step

Second Step

Mine your Data Capture Data Transfers Data Classification

Define DLP Policy Run report

tune & refine

Confidential McAfee Internal Use Only

Questions?

Confidential McAfee Internal Use Only

Sponsor Documents


Recommended

No recommend documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close