The Information-Centric Security Lifecycle

Adrian LaneSecurosis, L.L.C.

MainframeMainframe Internet I Internet I Internet II Internet II

JailJail FortressFortress ZoneZone

But what about the information?

NetworkNetwork

HostHost

ApplicationApplication

DataData

Use

rU

ser

DataDataInformationInformation

HostHost

ApplicationApplication

NetworkNetwork

InformationInformationInformationInformation

HostHost

ApplicationApplication

NetworkNetwork

Use

rU

ser

The Information-Centric Security Lifecycle

CreateCreateCreate

DestroyDestroyDestroy

StoreStoreStore

ShareShareShare ArchiveArchiveArchive

UseUseUseClassifyAssign RightsClassifyAssign Rights

Access ControlsEncryptionRights ManagementContent Discovery

Access ControlsEncryptionRights ManagementContent Discovery

Activity Monitoringand Enforcement

Rights ManagementLogical ControlsApplication Security

Activity Monitoringand Enforcement

Rights ManagementLogical ControlsApplication Security

CMP (DLP)EncryptionLogical ControlsApplication Security

CMP (DLP)EncryptionLogical ControlsApplication Security

EncryptionAsset ManagementEncryptionAsset Management

Crypto-ShreddingSecure DeletionContent Discovery

Crypto-ShreddingSecure DeletionContent Discovery

ILM and Security

CreateCreate

DestroyDestroy

StoreStore

ShareShare ArchiveArchive

UseUseCreation Creation

and and ReceiptReceipt

DistributionDistribution

UseUseMaintenanMaintenancece

DispositionDispositionUseUse

• Content is classified as it’s created through content analysis or based on labeling of data elements.

• Rights are assigned, based on central policies.

• Mandatory and discretionary policies.

CreateCreateCreate

Control Structured Unstructured

Classify None* None*

Assign Rights Label Security Enterprise DRM

Create

Create

Create

Create Technologies

Note- Classification is expected to emerge from DLP/CMP

Label Security

ID Last First SSN

1111 Mogull Richard 555-12-5555

1112 Smith John 324-86-3456

ID Last First Region Label

1111 Mogull Richard US Public

1112 Smith John EMEA Sensitive

Column

Row

Partial Document MatchingPartial Document Matching

Exact File MatchingExact File Matching

StatisticalStatisticalDatabase FingerprintingDatabase Fingerprinting

CategoriesCategories ConceptualConceptual

^(?:(?<Visa>4\d{3})|(?<Mastercard>5[1-5]\d{2})|(?<Discover>6011)|(?<DinersClub>(?:3[68]\d{2})|(?:30[0-

5]\d))|(?<AmericanExpress>3[47]\d{2}))([ -]?)(?(DinersClub)(?:\d{6}\1\d{4})|(?(AmericanExpress)(?:\d{6}\1\d{5})|

(?:\d{4}\1\d{4}\1\d{4})))$

RulesRules

Content Analysis

• We use access controls, encryption, and rights management to protect data in storage.

• Content Discovery helps find unprotected sensitive data that slipped through the gaps.

StoreStoreStore

Store Technologies

Control Structured Unstructured

Access ControlsDBMS Access Controls

Administrator Separation of Duties

File System Access ControlsDocument Management System Access Controls

EncryptionField Level Encryption

Application Level EncryptionFile/Media Encryption*

Media EncryptionFile Encryption

Distributed Encryption

Rights Management Label/Row Level Security Enterprise DRM

Content DiscoveryDatabase-Specific Discovery

Tools

DLP/CMF Content DiscoveryStorage/Data Classification

Tools

Store

Store

Store

AccessControlsAccessAccessControlsControls EncryptionEncryptionEncryption DRMDRMDRM

Application/DatabaseFile/Folder Media

Encryption Options

rmogull Phoenix asdfasdfasdfasdf

Content Discovery

• Monitor and protect information during use.

• Includes business applications and productivity applications.

• Heavy use of content-aware technologies.

UseUseUse

Use Technologies

Control Structured Unstructured

Activity Monitoring and Enforcement

Database Activity Monitoring

Application Activity Monitoring

Endpoint Activity Monitoring

File Activity MonitoringPortable Device Control

Endpoint DLP

Rights Management Label Security Enterprise DRM

Logical ControlsObject (Row) Level Security

Structural ControlsApplication Logic

Application Security Implemented At Application Layer

Use

Use

Use

Two Sides Of Information-Centric Security

Data Center Productivity

CMP

CMP

ADMP

Adaptive AuthenticationApplication NACActivity MonitoringAnti-ExploitationTransaction AuthenticationSession SecurityApplication Virtualization

Cross-Domain Information Protection

ID Last First SSN

1111 Mogull Richard 555-12-5555

1112 Smith John 324-86-3456

ID Last First SSN

1111 Mogull Richard 555-12-5555

1112 Smith John 324-86-3456

Customer Report

Customer retention grew 13% YoY. Customer 138-56-8375 held return value while...

11 Last First SSN

asdf asd asd ads

ads ads asd asd

Customer Report

Customer retention grew 13% YoY. Customer 138-56-8375 held return value while...

11 Last First SSN

asdf asd asd ads

ads ads asd asd

• Securely exchange information, inside and outside of the enterprise.

• A mixture of content-aware technologies and encryption for secure exchange.

ShareShareShare

Share Technologies

Control Structured Unstructured

CMP/DLPDatabase Activity

Monitoring(With DLP Feature)

Network/Endpoint CMP/DLP

Encryption*Only When Data Elements Not Otherwise

Encrypted

Network EncryptionApplication Level Encryption

Email EncryptionFile Encryption

Network Encryption

Logical ControlsObject (Row) Level Security

Structural Controls

Application Security Implemented At Application Layer

Share

Share

Share

Inter-Organization Encryption vs. DRM

• Protect information in archival storage.• Encryption and asset management

ArchiveArchiveArchive

Archive Technologies

Control Structured Unstructured

Encryption Field-Level EncryptionTape Encryption

Storage Encryption(Multiple Options)

Asset Management Asset Management Asset Management

Archiv e

Archiv e

Archiv e

Tape Encryption Options

In-line Drive Software

• Ensure data is not recoverable at end of life

• Content discovery to ensure dangerous data isn’t hiding where it shouldn’t be.

DestroyDestroyDestroy

Destroy Technologies

Control Structured Unstructured

Crypto-Shredding Enterprise Key Management Enterprise Key Management

Secure Deletion Disk/Free Space Wiping Disk/Free Space Wiping

Physical Destruction Physical Destruction Physical Destruction

Content Discovery Database-Specific Discovery Tools

DLP/CMF Content DiscoveryStorage/Data Classification

ToolsEnterprise Search

E-Discovery

Destr oy

Destr oy

Destr oy

CreateCreateCreate

DestroyDestroyDestroy

StoreStoreStore

ShareShareShare ArchiveArchiveArchive

UseUseUseClassifyAssign RightsClassifyAssign Rights

Access ControlsEncryptionRights ManagementContent Discovery

Access ControlsEncryptionRights ManagementContent Discovery

Activity Monitoringand Enforcement

Rights ManagementLogical ControlsApplication Security

Activity Monitoringand Enforcement

Rights ManagementLogical ControlsApplication Security

CMP (DLP)EncryptionLogical ControlsApplication Security

CMP (DLP)EncryptionLogical ControlsApplication Security

EncryptionAsset ManagementEncryptionAsset Management

Crypto-ShreddingSecure DeletionContent Discovery

Crypto-ShreddingSecure DeletionContent Discovery

Adrian Lane

• alane@securosis.com• http://securosis.com• AIM: whoisadrianlane• Skype: whoisadrianlane

Securosis, L.L.C.