How to Secure Your Files with DLP and FAM
•
3 likes•1,715 views
The document outlines 5 steps to lock down sensitive files and regain control of data: 1) Discover sensitive data using tools like DLP to scan for regulated data. 2) Identify data owners to understand who is responsible for specific files and data. 3) Communicate with data owners to discuss remediation of sensitive data. 4) Implement policy controls using tools like DLP and FAM to enforce real-time access policies. 5) Remediate issues by applying controls like encryption, deleting files, and changing permissions to protect sensitive data that has been discovered.
How to Secure Your Files with DLP and FAM
- 1. 5 Ways to Lockdown Your Sensitive Files with DLP and FAM Presented by, Ash Devata, Sr. Manager, DLP Products, RSA Raphael Reich, Director of Product Marketing, Imperva
- 2. Agenda Major Trends 5 Steps to Regain Control Conclusion And Q&A
- 3. Today’s Presenter Ash Devata, Sr. Manager, DLP Products, RSA Expertise + DLP, data security, information classification + Presented at RSA, ISC2 sessions, EMC World, etc. Worked at + RSA, EMC, Startups + Chaired sustainable development projects in Boston Academics + Degrees in MBA and Electronics and Instrumentation Engineering + Co-author of books/journals on BPO
- 4. Today’s Presenter Raphael Reich, Dir. Product Marketing, Imperva Expertise + 20+ years in product marketing, product management, and software engineering Professional Experience + Cisco, Check Point, Digital Equipment Corp. Academics + Bachelor’s degree in Computer Science from UC Santa Cruz + MBA from UCLA
- 5. Major Trends 5 Steps to Regain Control Conclusion And Q&A CONFIDENTIAL
- 6. Data is Growing & Constantly Changing Enterprise data volume 20% Substantial volume 80% Unstructured (file data) IDC: 2009 File-Based Storage Taxonomy, 11/09 Structured (DB, Apps) 500 400 60% Volume 300 200 Constant growth 100 IDC: 11/09 0 1 2 3 4 5 6 7 8 9 Time • As data grows, so does the volume of user access rights • Rights are also very dynamic • Employees, contractors, consultants, etc., join/leave the organization, start/finish projects, change job roles, etc.
- 7. Two Types of Sensitive Data Data You Data You Collect Create • Credit card data • Intellectual property • Privacy data (PII) • Financial information • Health care information • Trade secrets
- 8. And Companies Are Losing Data Three Main Threat Vectors 1 2 3 Non-malicious end IT and Business Malicious user user trying to get the managing data stealing data using job done without total visibility authorized tools
- 9. And There Are Regulations to Prevent Data Loss Regulations: sensitive data must be protected Regulation Scope Example Requirement Control measure Requirement 7: “Restrict access to cardholder Audit and review user PCI-DSS Credit card data data by business need to know” rights Section 164.312(b): “Implement…mechanisms HIPAA Healthcare-related PII Activity monitoring that record and examine activity…” FERC- Requirement 5.1.2: “…create historical audit trails US energy industry Activity monitoring NERC of individual user account access activity.” Section 120.17: Restricts “Disclosing…or Audit and review user ITAR US weapons export transferring technical data to a foreign person…” rights Section 17.04 (1d): “…restrict access to active Audit and review user MA 201 users and active user accounts…" rights, plus Activity PII of state residents Summary CMR 17 Section 17.04 (2a) "restrict access...to those who monitoring to identify Requirements Controls need…to perform their job duties" dormant users Business need-to-know User rights auditing and reviews access Historical audit trails Audit file access activity Restrict access to active users Correlate file rights with file access activity
- 10. Personal Information Breach Notification Laws 46 States have PII breach notification laws 3214 Number of notified incidents since Jan 2006 75% PII breaches are a result of insider actions States with No PII Breach Notification Laws Alabama, Kentucky, New Mexico, and South Dakota
- 11. Highly Prescriptive Regulations for Managing PII Proactive Prescriptive Auditable
- 12. End of The Day, Data Loss is Very Expensive What does a data breach cost? US$7.2 Million or $214 per record Source: 2010, Annual Study: Cost of a Data Breach, Ponemon Institute
- 13. The Second Type of Sensitive Data Is Import Too Source Code Financial Results Blue Prints Patent Filings Road Maps Contracts Strategic Plans M&A Initiatives Bidding ns Partnership Plans Investment Details Portfolio Models Competitive Intel roduct Docs Research Results Un-Published Docs Raw R&D Data Busin “Secrets comprise two-thirds of the value of firms’ information portfolios” Forrester 2009: Securing Sensitive IP Survey Competitive Brand Employee Advantage Equity Morale
- 14. Taking Data With Them When They Go Insiders 70% of employees plan to take something with them when they leave the job + Intellectual Property: 27% + Customer data: 17% Over 50% feel they own it Source: November 2010 London Street Survey of 1026 people, Imperva
- 15. Example breach: $50M+ in automotive designs Xiang Dong Yu • Worked at Ford 10 years • Took 4,000 design documents • Estimated $50-100 Million in value • Went to work for Beijing Automotive Co.
- 16. Major Trends 5 Steps to Regain Control Conclusion And Q&A CONFIDENTIAL
- 17. 5-Steps To Regain Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
- 18. Discover Sensitive Data Attributes & Identity Analysis SharePoint Grid • File extension • File type, size, etc. Databases Virtual Grid Content in File RSA DLP • General keywords Datacenter NAS/SAN • Specialized keywords Temp Agents • Patterns and strings • Proximity analysis File Servers Agents • “negative” rules Endpoints
- 19. Data Discovery Is Part of RSA Data Loss Prevention RSA DLP Enterprise Manager RSA DLP RSA DLP RSA DLP Network Datacenter Endpoint Connected Disconnected Email Web File shares SharePoint Databases PCs PCs
- 20. When You Find Sensitive Data… IT decides on remediation • IT does not have business context • Potential of disruption to business Result Sensitive files discovered by DLP Involve end-user in remediation • Who to contact? • What to ask? • • • How to track responses? How to follow up? How to orchestrate? • How to manage the process?
- 21. Step 2 In Regaining Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
- 22. How Owners Are Identified Today See who created the file/folder Examine ACLs Mass e-mails Phone calls Keep notes Finding an owner: 1 hour per folder on average 22
- 23. Who Owns It? Ask The People Who Know Best… ? 23
- 24. Step 3 In Regaining Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
- 25. Communicate With Data Owners SharePoint Grid Business Users Databases Virtual Grid RSA DLP RSA DLP NAS/SAN Datacenter Risk Remediation Manager Temp Agents File Servers Imperva FAM Agents Endpoints Manage Remediation Discover Sensitive Data Workflow
- 26. Step 4 In Regaining Control Discover sensitive data Identify data Protect files owners Implement Communicate policy with data controls owners
- 27. Real Time Policy Enforcement Through FAM Block and alert when users outside Finance access Finance data See triggered alerts Drill down for details on “who, what , when, where”
- 28. Leverage DLP Data Discovery in FAM Click to import CSV
- 29. Leverage DLP Data Discovery in FAM View classification in SecureSphere and use in policy building 29
- 30. Step 5 In Regaining Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
- 31. Apply Controls to Protect Data SharePoint Grid Business Users Apply DRM Databases Virtual Grid Encrypt RSA DLP RSA DLP Delete / Shred NAS/SAN Datacenter Risk Remediation Manager Change Permissions Temp Agents Policy Exception File Servers Imperva FAM Agents Endpoints Manage Remediation Apply Discover Sensitive Data Workflow Controls
- 32. Remediate Excessive Access Should “Everyone” have access to sensitive data? Are there dormant users? • “Everyone” group in Active Directory literally means all users • May want to revoke rights of inactive users What rights are not used? • Users with access they appear not to need
- 33. Understand Access Rights And Their Origins See what a user can access …and how they got access to data
- 34. Traditional Approach – The Old Way Day 4 Minimal context for file ownership. Day 150 Spreadsheet consolidation Let the e-mail into an access database - exchange begin. Attempt to deliver metrics Day 1 30K files discovered by DLP Day 180 No consistent data. Contractor funding extensions have ended. Internal resources left with no repeatable process.
- 35. With The Solution: Reduce Time Up To 85% Day T + 60 90% of files remediated Day T + 5 1200 Owners Repeatable and in 10 Countries continuously monitored Identified by RSA DLP Analyst work space and executive metrics in DLP Imperva identifies RRM. file owners based on access to files Day T + 15 DLP RRM sends initial Day T questionnaire to data 30K files owners discovered by RSA DLP Data owners and IT agree on remediation controls
- 36. Major Trends 5 Steps to Regain Control Conclusion And Q&A CONFIDENTIAL
- 37. To Wrap Up… Discover sensitive data • Data protection is essential Protect files Identify data owners • Data protection goes beyond IT • Focus on people & process • Look for more complete solutions • Involve all stake holders in planning Communicate Implement with data policy controls owners
- 38. About RSA, The Security Division of EMC Network SIEM DLP Monitoring Authentication Web Fraud Detection eGRC IT GRC Encryption Manage Risk Prove Compliance Secure Access Secure and Threats Virtualization & Cloud
- 39. Imperva: Our Story in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control
- 40. Webinar Materials Get LinkedIn to Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Much more… Recording Link
- 41. Questions and Answers Questions and Answers