Embed Size (px)
Citation preview
- 1 - © SEEBURGER AG 2013
Preventing Data Breaches from Internal Risks
- 2 - © SEEBURGER AG 2013
Objectives
• Identify How Internal Data Security Policies are Being Outflanked.
• Look at What Kinds of Data are Most at Risk.
• Strategies to Identify and Plug the Gaps.
• Discuss Managed File Transfer as a 360-Degree Solution for End-to-End Data Transfers
- 3 - © SEEBURGER AG 2013
“What were the most common causes of data breach(es) occurring in the past 12 months?”
Base: 583 North American and European IT security executives and technology decision makers whose firms had experienced a breach in the past 12 months
Source: "Understand The State of Data Security And Privacy: 2012 to 2013", Heidi Shey, 9/20/12 – Forrester Research, Inc.
- 4 - © SEEBURGER AG 2013
Types of data compromised in recently reported breaches
Base: 508 North American and European security decision makers at companies with 20 or more employees and who have had a breach in the past 12 months
Source: "Protect Your Competitive Advantage By Protecting Your Intellectual Property From Cyber Criminals", Heidi Shey, July 13, 2012 – Forrester Research, Inc.
- 5 - © SEEBURGER AG 2013
Employees do what they need to in order to get the job done.
Install unsupported software applications.
Use a website or internet services that is not supported by the business.
Personally purchase technology and employ it for work.
Use of personal computer or smartphone for business purposes.
- 6 - © SEEBURGER AG 2013
Examples of Information at Risk
Intellectual property (product design and specifications)
Test data
Customer lists
Employee compensation and other HR data (i.e. 401K and HIPAA)
CAD, designs and engineering drawings
Pricelists
Contracts and RFPs
Financial and tax data
Sensitive product launch details
Data your company is entrusted to manage (i.e. credit card numbers)
POS data
Business plans
- 7 - © SEEBURGER AG 2013
Technology Putting Companies at Risk
FTP Software – Rouge and disparate systems run by different groups
Network Shares – Lack of audit trail and version control
Email – Insecure and lacks governance; large file challenges
Storage Devices – USB drives and CDs easily lost or misplaced
Consumer Tools – YouSendIt and Dropbox lack enterprise security features
- 8 - © SEEBURGER AG 2013
What is the Financial Liability of Data Breach
Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute released the findings of the 2011 Annual Study:
U.S. Cost of a Data Breach, which reveals data breaches grew more costly for the fifth year in a row. The average organizational cost of a data breach is $5.5 million and cost companies an average of $194 per compromised record.
Symantec Corporation | March, 2012
- 9 - © SEEBURGER AG 2013
MFT Solves Strategic Challenges by:
Providing Visibility of people, processes and systems affecting and being affected by messages, files, and transactions
Delivering Monitoring which enables companies to proactively/reactively track these messages, files and transactions as they flow through systems and among people
Establishing Security to address risk, identity, access and authentication issues
Providing Adaptability to connect systems and infrastructures
Delivers Provisioning which enables an enterprise to rapidly onboard systems, companies, individuals, and manage all aspects of change
Enabling automated Workflow which allows a company to design, test, and execute processes associated with a file transfer
Its time for Managed File Transfer
Source: Gartner – “Key Issues for Managed File Transfer”
- 10 - © SEEBURGER AG 2013
What is Managed File Transfer?
End to End Visibility
Policy ManagementEvent and Activity
ManagementEnd Point
Provisioning
Reporting and Administration
Governance Security Content Filtering
Secure Multiprotocol Communication
Process Control and Automation
Source: Gartner
- 11 - © SEEBURGER AG 2013
What drives investment in Managed File Transfer?
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Prote
cting
sens
itive
data
trans
fers
-B2B
Prev
ent d
ata lo
ss
Comp
lianc
e -
Inter
nal
Crea
ting a
stro
ng
audit
trail
Comp
lianc
e -
Exter
nal
Contr
olling
co
sts/st
aying
in
budg
et
Elimi
natin
g un
mana
ged
FTP
Incre
asing
IT sta
ff pr
oduc
tivity
Optim
izing e
pe
rform
ance
MFT C
onso
lidati
on
Autom
ating
wo
rkflow
s
Repla
cing H
ome
Grow
n
Dat
a S
ecur
ity
Com
plia
nce
Cos
t C
ontr
ol
Lack
of
Go
vern
ance
- 12 - © SEEBURGER AG 2013
Benefits of MFT
Protection of Your Company's Assets
Defense vs. IP theft
Minimize data leakages
Risk Mitigation for Enterprises and
C-level
Comply with Regulation (by internal policies, by law, by your business partner)
Assure Data Security for all Data in Transit
Performance Improvements for Business Processes and Collaboration
Maximize business performance by reliable throughput of all data (Business Continuity)
Minimize monitoring, control, audit efforts
Cost Savings by Reduction of
Complexity
Remove costly disparate home-grown spaghetti of transfers by ftp, sftp, file copy, etc.
Get off costly alternatives of big data transfer as given by physical transports of CDs, DVDs etc.
- 13 - © SEEBURGER AG 2013
SEEBURGER MFT Helps Keep Your Corporate Data Safe and Enables You to Meet Compliance Mandates
Dual Control and Role-Based Access Controls
Secure Login (SSL) and Unique Session Token
Password Strength and Expiry Enforcement
Alerting and Event Notification
Event Auditing and Log Aggregation (SYSLOG)
Protected Data in Motion (AS2 and Secure FTP)
Protected Data at Rest (PGP and File Encryption Adapter)
Protected Application Metadata (Database and Files)
SQL and JavaScript Injection Prevention
Modular Design Fits Secure Network Model
ICAP Interface Compatible with Spam Blocker and DLP
Core compliance aspects met with SEEBURGER Managed File Transfer solutions:
PII/PHI
- 14 - © SEEBURGER AG 2013
Managed File Transfer Is About Addressing Business and Technical Requirements Regarding Data in Transit
Auditing Monitoring Reporting
Central Control
Ad Hoc File Transfer
Internal File Transfer
B2B File Transfer
- 15 - © SEEBURGER AG 2013
Managed Integration
SEEBURGER Managed File Transfer Solution – Components
SEE Adapter
End point client to connect any system in the network, any file type, any operating system and any file size supported
Application and protocol specific interface to integrate applications via various standard protocols (FTP, SFTP, HTTP(s), ...)
Human to Human, Human to System and Ad Hoc large file exchange. Integrated with popular Email system for ease of use
Base Functions
GovernancePolicy ManagementMulti-OS & A2A support
End-to-End-VisibilityCheckpoint & RestartContent filtering
Event & Activity ManagementReporting & AdministrationManagement & measurement
SEE LINK SEE FX
ApplicationAdapter
Application
SEE LINK
SEE LINK
Systems
End Point ProvisioningSecure multiprotocolcommunicationProcess control & automation
Managed Collaboration
- 16 - © SEEBURGER AG 2013
End-to-End File Transfer Solution with Governance
Pricing Mgmt
BW
Core ERP
HR
Managed End Point
Fire
wal
l
Comprehensive Visibility
MFTB2B
secure eMail, large files
AS2
SFTP
HTTPs
3rd Party App
FTPs, SFTP
ERP
- 17 - © SEEBURGER AG 2013
SEE FX (Collaboration Portal)
User authenticates with the portalSingle sign-on and LDAP (Active Directory) supported
File is securely sent over an encrypted connectionFile at rest can also be encrypted
Payload is scanned by DLP for unauthorized and inappropriate key wordsAll events logged, can be outputted to SYSLOG server
Customer List
VP of Sales
- 18 - © SEEBURGER AG 2013
SEE FX (Email Plug-in)
Plugin tightly integrates with email clientMicrosoft Outlook 2007, 2010, and other market leaders
File is securely sent over an encrypted connectionUnlimited file attachment size, allieviates mail exchanger load
Body and attachment is scanned for unauthorized contentThird-party virus scanner and DLP appliance-integrated
Product Design
Engineer
- 19 - © SEEBURGER AG 2013
… and Yes – There’s an app for that
- 20 - © SEEBURGER AG 2013
SEEBURGER at a Glance
International SEEBURGER customers
Leading – A global leader in Business Integration, B2B & MFT
International – 19 offices worldwide, customers in 50+ countries
Successful – 8,800 customers from various industries
Stable – Self funded and financially secure, since 1986
Flexible – Many deployment options
R&D Investment – Organically developed & consolidated B2B/MFT solution
