Embed Size (px)
Citation preview
SSI Data Protection Solutions
O:\99 Staff Folders\ola\SSI Corp\SSI Data Protection Solutions v0.1.ppt
S S I Security Software International Content
1. Understanding Data Protection
2. What is Data Leakage Prevention?
3. How SSI can help – Protecting Data throughout its cycle
- SSI Capabilities & Solutions
4. Summary – Partnerships - Contacts
S S I Security Software International Understanding Data Protection
Did you know?
The impact of security breaches on well Established
brands in recent years has resulted in huge financial
losses, meaning:
IP losses of $4.6B worldwide in 2008
Data losses worldwide reportedly topped $1 trillion in 2008
Two in three Australian organizations experienced a serious data
breach in the last twelve months
Over 900 flash drives collected by dry cleaner in ANZ in 2008
12000 laptops/week lost in US airports
Sources:
January 2009 MacAfee findings for Davos World Economic Forum
www.ponemon.org
www.ironkey.com
S S I Security Software International What is Data Leakage Prevention?
• Data Leakage Prevention (DLP) is a computer security term referring
to systems that identify, monitor, and protect data in use (e.g.,
endpoint actions), data in motion (e.g., network actions), and data at
rest (e.g., data storage).
• Regulatory compliance - Data Mandatory Disclosure Law
HIPAA in health and benefits,
GLBA and BASEL II in finance
Payment Card Industry DSS standards.
In the US, UK and EU Data Mandatory Disclosure Law required
an organization to inform their customers of any loss of their
personal information. The right to data privacy is heavily
regulated and rigidly enforced particularly in Europe. However,
as we speak, the Australian Law Reform Commission is looking
at some 300 changes to Federal privacy laws, which includes
data disclosure.
S S I Security Software International Data Leakage - compelling examples
• 2007 NAB Melbourne: 598 names and account numbers of 397
people sent to wrong addresses.
• 2007 HSBC Sydney: More than 100 HSBC Australian customers had
their banking details, names and home addresses as well as other
personal financial information exposed.
• In 2008, an Australian Pharmaceutical Company was getting
complaints of adverse patient reactions from geography they had
minuscule sales. Counterfeit drugs were being manufactured and sold
in that geography under the same brand name.
Sources
Information Age October/November 2009
S S I Security Software International
Data Leakage Prevention –
It does not apply to me!
Very few organizations take into account the threat from the average
employee leaking data. Denial kicks in and “it does not apply to me”, becomes
the preferred answer.
Well consider these 2 questions:
1. Assuming that most of your employees in your
organization including yourself use laptops and/or
PDAs, what kind of data is stored on these and what is
its value?
2. How do you monitor what users are doing with
sensitive data and how do you control what users can
install or introduce onto their computers, for example
iPod, iPhone or USB devices?
S S I Security Software International How SSI can help
Data Leakage will become an ever-larger concern, especially with the
increasing use of mobile technologies.
Many countries have introduced strict disclosure laws, or will soon do so.
Then ask yourself this question, are you ready for it?
At SSI, we are passionate about sharing our experience and
expertise by helping businesses better understand and address:
What data is most sensitive to their business and where it
resides?
What are the origin and nature of their risks?
How to select the appropriate controls based on policy and
risk?
How to manage security centrally?
How to conduct audit security to constantly improve?
S S I Security Software International
Data at Rest
Data in Motion
Data in Use
Protecting Data throughout its Cycle
Servers
Archiving
Workstations
Laptops
Smartphones
/ PDA
USB Device
E-Mail Firewire-Device
CD/DVD
E-Card
Personalization
Document
Management
E-Payment
E-Business
Processes
S S I Security Software International
Data Protection
Audit/Assessment
Solution Architecture
Design
Project Management
Implementation
Quality Assurance
Lifecycle / Support
Data Protection
Data Leakage Prevention (DLP)
Encryption Devices-Enterprise USB Policy Management
Consultin
g S
erv
ices
Solutions
Pro
ducts
Network Access Control (NAC)
Full Disk Encryption (FDE)
PCI Compliance
CryptoServer-HSM
S S I Security Software International SSI Data Protection Solutions
SSI advise on the following full suite of Enterprise Data
Protection Solutions:
PCI DSS Compliance (Policy development & implementation to
ensure secure management of credit card data and network
access control).
Full disk encryption (FDE), device encryption-hardware
encrypted USB flash drives - FIPS 140-2 Level 3
Managed Service Policies covering: who can use drives, how
drives can be used and how the data on drives is protected.
Network Access Control (NAC)
Highest level of data and business processes security with a
tamper-resistant Hardware Security Module (HSM) - FIPS 140-2
Level 4
S S I Security Software International
Data
Protection
Application
Control
Device
Control Anti-Malware
Encryption
DLP NAC
SSI Solutions
S S I Security Software International Summary
Remember
Today organizations must underscore the importance of
security on the company’s reputation.
But after all, by marketing your Data-IP Protection, don’t
you think it will help your organizations to find new
business?
“According to Bank of America, they have successfully managed
itself as a bank that values its clients privacy and security. They have
come up with innovative ways to increase revenue through consumer
security such as offering two factors authentication tokens for a small
fee. For companies in such Industries data protection is an absolute
necessity just for both their internal users and their customers.’
Sources: Information Age October/November 2009
S S I Security Software International
S S I Security Software International
SSI Pacific AustraliaLevel 27, 101 Collins Street
Melbourne, VIC
Tel: + (61) 3 9 653 9163
Fax: + (61) 3 9 653 9307
SSI Pacific New ZealandLevel 16, Vodafone on the
Quay
157 Lambton Quay,
Wellington 6140
New Zealand
Tel: + (64) 4 460 5263
Fax: + (64) 4 460 5252
SSI Pacific Hong Kong Levels 25 & 30, Bank of China
Tower
1 Garden Road, CENTRAL
Hong Kong, China
Tel: +852 (2251) 8795
Fax: +852 (2251) 1618
