Embed Size (px)
Citation preview
Classification how to boost Information Protection
Gianmarco Ferri, Business Development IMTF @ ISDays 2015
# 2
Let me ask 3 questions:
1. How many of us are using (or thinking of implementing) DLP solutions?
2. How many of us think that these are good and needed solutions?
3. How many think that DLPs on their own can effectively and efficiently
prevent data leakage?
− effectively => adequate to deliver the expected result
− efficiently => perform with the least waste of time and effort
# 3
In confined and isolated IT environments
it is relatively simple to protect data against leakage
DLP, Firewalls, Routers, … are able to well protect organizations against
information leakage within well defined IT boundaries …
… even application boundaries can easily be audited and protected
against information leakage.
# 4
But this is no more the case: we see cracks in the wall.
The established solutions, alone, fail to protect information.
Organizations are becoming distributed and mobile:
• Endless locations − Inside and outside the Enterprise
− Cloud services / SaaS
• Endless applications − Standard market apps
− Specific business value apps
• Endless devices − Enterprise desktops/laptops/devices
− Service providers
− Mobile & Tablets (BYOD)
… and so are the threats:
• Endless cyber attack vectors − Insider threats, inadvertent data leakage Trojans, spyware, botnets, phishing, social engineering
# 5
Data produced & exchanged by organizations
to do and be business is growing exponentially – Big-Data
• Both structured and unstructured data is growing exponentially:
− in volume (Zettabytes)
− in velocity (speed & peaks)
− in variety (unlimited formats)
− in complexity (correlation & matching)
• Perimeter-centric Information Security
Tools on their own have limitations:
− difficult to scale
− difficult to keep up the pace with Big Data
− static solutions (media & locations-based)
− unreasonable monitoring burden (false positives)
# 6
In any organisation only a relatively small percentage
of created, managed & exchanged data is sensitive information
The security problem today is to find the needle of sensitive information,
to protect against leakage, within the haystacks of non-sensitive daily
business information in an effective and efficient way!
not effective
&
not efficient
# 7
What if we change the approach and proactively
create sensitive information “ differently ”
… we are enabling simple and error free identification of Sensitive
Information anywhere / anytime
By embedding within the data itself it’s sensitive nature …
# 8
By concentrating attention on the sensitive information itself, the context in
which it is created and accessed and leveraging its’ “natural” sensitiveness traits
and qualities we can effectively and efficiently protect information:
Focusing on sensitive information identification at creation,
enables to implement data-centric security
THIS IS:
effective,
efficient
& smart
# 9
The world is not just black & white !
There is not just Normal or Sensible Information but a number of
different and organisation specific types of Information
Good Information Classification is not a trivial task
# 10
Data-centric security is not just classification but also
about enforcing information usage policies
• IRM (Information Rights Management) platforms like AD-RMS, allow to
define, implement and track information usage policies.
• An information usage policy precisely defines, enforces and track:
− WHO can use the information
− WHAT can each person/group/role do with/to the information
− WHEN can the information de used
− WHERE can the information be used
• With IRM security can be embedded within the data protecting it
wherever it is – in motion, at rest or in use
# 11
Classification Solution needs
to be integrated into the entire IT landscape, &
into IRM Platforms & Perimeter-Based Solutions…
Identify
Classify
Protection
Format Appli-
cation User Device Services Location
As per your
directives Sub-Classification Flexibel & Dynamical
Usage Tracking
eDiscovery
RMS: Encryption &
Permisson Mangt.
DLP: Feed the right
information
i.e. MS
AD RMS
IP/2
Ru
les
au
tom
atic
/ sem
i / man
ual
i.e.
Symantec
# 12
With IP/2 IMTF is offering an enterprise solution to protect
all sensitive data and documents of any organization
Any data and document in electronic format
• Files, enterprise systems
• Emails, cloud data, web content
Protection through the entire information lifecycle
• From creation through collaboration and storage
• Beyond application and IT environment boundaries
Policy-based IRM protection and security
• Simple policy generation, application and enforcement
• Application of enterprise-level encryption and key management tools
# 13
Information protection is achieved by first classifying sensitive
information and then applying the appropriate protection policy
# 14
IP/2 first key feature is an effective and performant
classification engine to correctly classify information
• An integrated rule based engine allows for flexible and comprehensive
“classification policy authoring” referring to:
− Content and metadata
− Time criteria
− User identity and actions
− Locations
− Dynamic and static values
− Events or other attributes
• Instant, zero false-positive, automatic, identification and classification
− New, modified, or accessed sensitive data
− From any origin
− To any destination
− Via any channel
# 15
Once sensitive information assets are identified and classified,
IRM protection can be effectively implemented to avoid
unauthorized usage and leakage
• Effective enforcement of data protection mechanisms
− Data encryption (based on «your» encryption engine and PKI)
− Strict access rights management (permissions)
− Strict usage rights management (actions)
− Enable existing and trusted IT systems and applications to
work seamlessly with secured and encrypted data
# 16
The technology is based on an “agent to server architecture”
that triggers the IP/2 event driven classification and protection
Multi Source Data Acquisition System
Cla
ssific
ation P
olic
y
Pro
tectio
n P
olic
y
Optimized Classification and
Protection Mechanism
Optimized classification cycle is triggered upon
intercepted events like: create, open, save,
close, download, upload, copy, etc.
# 17
Simple IT protection Use Case:
Secure enterprise solutions interfaces that, need to share
potentially reserved and sensitive information
All sensitive data is identified and protected (encrypted) at all time and anywhere
NO RISK OF LEAKAGE !!!
# 18
Data Centric information security has 2 parts:
• A technical solution enabling embedded data classification and IRM
enforcement to effectively and efficiently prevent sensitive data leakage
• A business process and methodology to correctly identify and classify
sensitive information within the specific and unique enterprise context
# 19
Sensitive Information identification and classification can help
organizations adherence to many international standard for
information security (e.g. ISO 27001) …
# 20
… and can help comply with many specific industry regulations
over Information Protection & Control (e.g. PCI-DSS)
# 21
What is to be considered sensitive information mainly depends
on the enterprise activity domain and operational exposure
• The financial world is focused in protecting CID information: − Direct Identifying Data (name, signature, address, email, phone, … )
− Indirect Identifying Data (customer num., account num., card num., passport num., …)
− Potentially indirect Identifying Data (birth info, memberships, wedding date, profession, …)
• In the health insurance industry PHI customer data are key assets
• In chemical industry formulas and production processes are key
information assets to identify, classify and protect
• In HighTech companies R&D and technology innovations are key
assets
# 22
All sensitive information assets of a company can be considered
as one (or many) of 4 main sensitive data types:
• PCI-DSS (Payment Card Industry – Data Security Standard)
• PHI (Personal Health Information)
• PII (Personally Identifiable Information)
• IP (Intellectual Property)
• BI (Business Information)
# 23
Data Leakage Prevention
Source?
- Employees
- Business units
- Applications
- Locations
- etc.
Processes/
Use Cases?
Final destination?
- Repositories
- etc.
How do we help our clients classify their digital assets and
identify the organization Crown Jewels
IRM / RMS
end-point DLP etc.
Classification
encryption
IAM
context
Parameter
context
B
labeling
What to be protected?
- Information types
- Assets
- etc.
Why to be protected?
- Regulations
- Intelectual
Properties
- Defence
- Reputation
- etc.
Protective
Mechanism?
Generic
context
A
Processes 1
Classification 2
# 24
We truly believe that Data-Centric-Security is the way to go:
the information (metadata) itself can trigger suitable protection mechanisms!
Secure Creation
& Access Points Open Creation
& Access Points
Open Creation
& Access Points Secure Creation
& Access Points Open Creation
& Access Points Secure Creation
& Access Points
perimeter
100% accurate LifeCycle Classification flexible & dynamic
considering context
automatic to manual = protecting vs teaching
To derive suitable protection mechanism
technical
processes
RMS / IRM
# 25
A take away for you: Are you thinking to Go Cloud?
Once sensitive data is identified and protected it can go anywhere…
… even in the CLOUD !
# 26
Thank You !
Gianmarco Ferri
Business Development
Direct +41 26 460 66 41
Mobile +41 79 776 47 26
Mail [email protected]
Skype ferrig
www.imtf.com
