Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
2019 Maine Bank Expo Presentation
Introduction to Data Loss Prevention (DLP)
Jeff TrudelTechnology Consultant
• 9 years at Systems Engineering
• Expertise
• Senior Engineer Skillset
• Technology Consulting
• Cloud Security
• IT Assessments
• Outsourced CIO
Adrian WellsProduct Specialist• 11 years at Systems Engineering
• Expertise
• Senior Engineer Skillset
• Microsoft 365
• Microsoft Azure
• Technology Consulting
Get Ahead of ITGet Ahead of IT
Good morning, welcome!
• How many of you have a decent understanding of DLP?
• Who has DLP protections in place currently?
• How many of you are already using the cloud?
Get Ahead of ITGet Ahead of IT
Agenda
• DLP Definition
• The Bigger Picture
• Planning and Implementation DLP
• Examples
• Closeout
Questions are welcome!
Get Ahead of ITGet Ahead of IT
What is DLP?
• Data ‘Loss’ Prevention or Data ‘Leakage’ Prevention
• DLP is a set of tools and processes used to stop sensitive
information from leaving an organization.
• “Sensitive” can mean anything that should be protected.
– Confidential Information
– Intellectual Property (IP)
– Personally Identifiable Information (PII)
– Internal Communications
Get Ahead of ITGet Ahead of IT
Data Loss Examples
• Emailing the wrong recipient
• Lost or stolen device
• Phishing, whaling, and social engineering
• Insider threat
• Insecure disposal of paper or electronic storage
• Incorrect configuration or sharing
Get Ahead of ITGet Ahead of IT
of employees say mobile business apps change how they work
Digital transformation is driving change
80%of employees use non-approved SaaS apps for work
41%
85%of enterprise organizations keep sensitive information in the cloud
On-premises
Get Ahead of ITGet Ahead of IT
Devices AppsIdentity Data
The security perimeter has changed
On-premises
Get Ahead of ITGet Ahead of IT
The security perimeter has changed
On-premises
Get Ahead of ITGet Ahead of IT
How much control do you have over data?
OUT OF YOUR CONTROL
Get Ahead of ITGet Ahead of IT
• Discover
– What is our sensitive data?
– Where is it stored?
– Who accesses it?
– How do they access it?
• Plan
– Data classifications
– Policies
– Security requirements
– Monitor
• Execute
– Train users
– Implement technology
How do we do DLP?
Get Ahead of ITGet Ahead of IT
Private
• Not intended for public consumption
• Accessed by All or Most Users
• Sharing by Users As-Needed
• Examples
– Internal Emails
– Process Documents
– Instant Messaging
Confidential
• May cause harm if released
• Access Restricted / For Cause
• Sharing Requires CISO Approval
• Examples
– Personally Identifiable Information
– Human Resources Data
– Financials
– Intellectual Property (IP)
Example Data Classifications
Get Ahead of ITGet Ahead of IT
Private– Multi-Factor Authentication Outside the Office
– Storage Encryption
– Trusted Mobile Applications
– Browser Access from Home PCs
– File Server, SaaS Apps, Email, SharePoint &
OneDrive for Business
Confidential– Multi-Factor Authentication Always
– Storage & Data Encryption
– Trusted Mobile Devices
– Corporate-Owned PCs Only
– Specific Folders on File Server, Specific SaaS
Apps, Not Email, SharePoint & OneDrive for
Business
Example Data Classification Security
Get Ahead of ITGet Ahead of IT
Example - Microsoft Cloud Security
Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access granted to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location
Get Ahead of ITGet Ahead of IT
Protect sensitive data on unmanaged devices
USER
User is prompted
to create a PIN or
Biometric
User edits
document stored
in OneDrive for
Business
User saves
document to…
User adds
business account
to OneDrive app
Intune configures app
protection policy
OneDrive
for Business
• Copy/Paste/SaveAs
controls
• PIN required
• Encrypt storage
Get Ahead of ITGet Ahead of IT
Protect sensitive data in cloud apps with AIP & CASB
CONFIDENTIAL
Azure information
protection
Identifies document tagged
CONFIDENTIAL being shared publicly
Move to
quarantine
Encrypted and
restricted
USER
Uploaded to
public share
Admin is notified
CLOUD APP
SECURITY
Get Ahead of ITGet Ahead of IT
DLP – Policy Tips within E-mail
Get Ahead of ITGet Ahead of IT
DLP – Policy Tips with Excel
Get Ahead of ITGet Ahead of IT
View the justification submitted by a user for an override
Get Ahead of ITGet Ahead of IT
Report on DLP
Get Ahead of ITGet Ahead of IT
Lost or stolen device
• Solution in place to manage
devices
– MDM or EMM
– Enrolling devices
– Protecting app level data
Get Ahead of ITGet Ahead of IT
Phishing, Whaling, and Social Engineering
Get Ahead of ITGet Ahead of IT
Phishing, Whaling, and Social Engineering
Get Ahead of ITGet Ahead of IT
Phishing, Whaling, and Social Engineering
• Training
– Attack Simulator in Office 365
– Find a service provider to help implement and manage this
• Identity protection
– MFA can help
Get Ahead of ITGet Ahead of IT
Phishing, Whaling, and Social Engineering
• Technologies
– SPF, DKIM, and DMARC
– E-mail filtering
• Office 365 Advanced Threat Protection – Safe Links
– Safe Attachments
Get Ahead of ITGet Ahead of IT
Insecure disposal
• Vendor management
• Policy and tech can be used to help
• Enroll devices in an EMM or MDM
• Enforce encryption from the beginning
• Secure destruction services
Get Ahead of ITGet Ahead of IT
Incorrect configuration or sharing
Get Ahead of ITGet Ahead of IT
Summary
• The way people work is changing, we need to keep up with security
• DLP begins with a wholistic approach to security
• Discover and Plan before Executing
Get Ahead of ITGet Ahead of IT
Next Steps
• Review your organizations’ sensitive data flows and needs
• Review your existing policies and controls
• Engage with a skilled vendor
• Investigate and implement improvements