• No results found

Data-centric Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Data-centric Security"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

w w w .w a tc h fu ls o ft w a re .c o m

Data-centric Security

Rui Melo Biscaia|

[email protected]

(2)

a

re

.c

o

m

“Dead Horse Wisdom”

Graham, Texas

Beat the horse faster, in an attempt to make it go faster…

Hire a consultant to point out all the reasons why the horse

isn’t running fast…or at all…

Form a “Tiger Team” to study the issue and come back with

revelations and recommendations…

Tie two dead horses together in an attempt to double the

speed…

Search the internet to see how other people manage to ride

dead horses…

Change riders…

Lowering the standards so that the performance of the

dead horse is considered acceptable…

Declaring that dead horses are lower operating cost and

therefore carry an acceptable ROI!!

(3)

w w w .w a tc h fu ls o ft w a re .c o m

Information is an asset

(4)

a

re

.c

o

m

(5)

w w w .w a tc h fu ls o ft w a re .c o m

The Insider Threat

Security breaches (by malice or neglect),

are increasingly costing more

Confidential information is increasingly

handled in digital formats. Easy to store

but also to leak

The economic downturn impels once

trusted workers to “borrow” information

and leverage it

Distinction between

Need

: covered by compliance mandates.

PCI-DSS, SOX, …, state data privacy laws

Should

: core intellectual property,

customer data

Could

: Internal price lists, privileged

communications

Well Meant

Insider

Malicious

Insider

(6)

a

re

.c

o

m

What do I “Need to Know”?

(7)

w w w .w a tc h fu ls o ft w a re .c o m

The Perimeter is no more!

Name: Bob

Department: IT

Task: 2014 IT Budget

Name: Chuck

Department: Finance

Task: M&A Project

Name: John

Department: HR

(8)

a re .c o m

BYOD is a given

FORBID IS A POLICY

Network Access Control

Enterprise Rights Management

Mobile Device Management

Mobile devices have crossed the perimeter and

are “far beyond” from system defences, opening

(9)

w w w .w a tc h fu ls o ft w a re .c o m

(10)

a

re

.c

o

m

The Multi-Level Security Model

The organization defines its Information

Security levels

The policy determines the security levels

Each user is assigned a security credential

Policy defines rights each credential has over

each level of information

Access to information depends on the

security credential of the user

Anything over Public is encrypted

Actions can be controlled by the credentials

Print, Edit, Forward, Copy, etc.

Secret

Confidential

Internal

(11)

w w w .w a tc h fu ls o ft w a re .c o m

How does it work?

VP

CEO

Oops…

(12)

a

re

.c

o

m

A New Paradigm in Data Centric security

Data Centric Security = RightsWATCH

Data Classification for enhanced compliance & decrease

liability;

IRM – Information Rights Management to enforce data

protection;

(13)

w w w .w a tc h fu ls o ft w a re .c o m

(14)

a

re

.c

o

m

Passwords do not suffice!

(15)

w w w .w a tc h fu ls o ft w a re .c o m

(16)

a

re

.c

o

m

RightsWATCH is Data-centric Security

(17)

w w w .w a tc h fu ls o ft w a re .c o m

(18)

a

re

.c

o

m

Data-centric Security that:

Applies Multilevel Security & Dynamic User

Profiling

Provides context and content-aware data

labeling, tagging and protection;

Delivers an enhanced user experience in

requiring the user to apply a classification

and/or provide automatic classification to

new emails and documents, based on

Regular Expressions and patterns;

Applies Watermarking and fingerprinting to

protected content;

Enhances and expands AD RMS server-side

and client-side reporting and auditing, for

audit trails and compliance;

Extends protection support beyond Office

and to ALL file formats

(19)

w w w .w a tc h fu ls o ft w a re .c o m

1. Multilevel Security & Dynamic User

Profiling

Segregate access to sensitive information

based on vertical and horizontal

Scopes/Context:

Department,

Project,

Supply Chain,

Costumers,

Partners,…

Ability to grant/revoke each user with

multiple security clearances:

In a given moment in time

Within a specific role performed

Secret

Confidential

Internal Use

(20)

a

re

.c

o

m

2. Content & Context Aware Protection

Intelligent and automatic information

classification based on:

 Regular Expressions

 Content

 Context

 Patterns

Enforces corporate policies where

compliance is:

Mandatory or Suggested

not prone to human error

(21)

w w w .w a tc h fu ls o ft w a re .c o m

(22)

a

re

.c

o

m

(23)

w w w .w a tc h fu ls o ft w a re .c o m

4. Watermarking and Fingerprinting

Watermarking

Automatic adding of

watermarks, headers,

footers and disclaimers to

educate users and make

classification explicit:

Decrease company liability

if and when a leak occurs

Fingerprinting

Include metadata onto

emails, docs, etc… in order

to transform unstructured

data into a more structure

form, allowing it to be

better picked up by

Full-featured DLPs and/or

email gateways

Visual

Labeling

(24)

a

re

.c

o

m

4. Watermarking and Fingerprinting (…)

Protects the company from a legal and compliance

perspective

Rules-based configuration to allow flexibility

Dynamic watermark support

Automatic protection policies without requiring Exchange

server or server-side modifications

(25)

w w w .w a tc h fu ls o ft w a re .c o m

5. Audit Trails & Compliance

Audit Trails

for:

Compliance and

Forensic analysis

Monitor and audit company

governance policies

Logging of user actions

(producing, saving,

printing, exporting, ….)

over the information

Logging of admin actions

and the system

Blacklisting

On-the-Fly discretionary

measures to prevent data

leakages

(26)

a

re

.c

o

m

5. Audit Trails & Compliance (…)

Rich System Admin Experience

Rapid learning curve for

administrators and infrequent

users alike

Access segregation to

information being accessed by

different stakeholders;

Detailed & Incremental

configuration and Roll-out

Deploy and use at your own

pace. Doesn’t disrupt workflows

and existing procedures and

processes

Serving multiple and

heterogeneous environments

System integrity controls

To perform damage control

actions

(27)

w w w .w a tc h fu ls o ft w a re .c o m

(28)

w a re .c o m

7. Addressing the BYOD Trend

 RightsWATCH keeps sensitive information safe in a BYOD

world

by extending Information Protection & Control to Smartphones

and Tablets

RMS protection goes mobile:

Full Featured RMS encryption extended to mobile environments

No need for extra servers

The email messages are accessible on the mobile devices.

Possibility to reply/forward information is controlled according

to user rights

Create

protected

email

Consume

protected

email

iOS

Yes

Yes

Android

Yes

Yes

(29)

w w w .w a tc h fu ls o ft w a re .c o m

Access policy to information

USER CLAIMS

User.Department = Finance

User.Clearance = High

ACCESS POLICY

For access to finance information that has high business impact, a user must be a

finance department employee with a high security clearance, and be using a managed

device registered with the finance department

DEVICE CLAIMS

Device.Department = Finance

Device.Managed = True

FILE PROPERTIES

File.Department = Finance

File.Impact = High

References

Download now ( PDF - 29 Page - 1.89 MB )

Related documents

AMPA receptor GluA2 subunit defects are a cause of neurodevelopmental disorders

Similarly to the index case (Patient 1), also in other research and diagnostic laboratories the identified variants in GRIA2 were prioritized and emerged as the most likely

Evaluating the application of scale frequency to estimate the size of pangolin scale seizures

In this study, we calculated the number of scales on 66 museum specimens representing all eight extant pangolin species from the genera Manis, Phataginus, and Smutsia, and developed

LANCOM 1823 VoIP. Business VoIP Router with WLAN and integrated IP PBX for analog, ISDN and SIP telephony at sites with ISDN or analog exchange line

ISDN 2 ISDN BRI ports (S0 bus); ISDN1: combined with an analog exchange line (selected by the corresponding connector cable), TE/ NT mode switchable with cross- over

Predictive Ability of Business Cycle Indicators under Test: A Case Study for the Euro Area Industrial Production

3158 Kai Carstensen, Klaus Wohlrabe and Christina Ziegler, Predictive Ability of Business Cycle Indicators under Test: A Case Study for the Euro Area Industrial Production,

Pseudorabies virus infection (Aujeszky’s disease) in an Iberian lynx (Lynx pardinus) in Spain: a case report

The detection of PRV in a dead Iberian lynx suggests that the virus may have a negative impact on the endangered lynx ’s survival in the wild.. However, because this is the

De basis verbindt

Uit nog ongepubliceerd onderzoek op mijn vorige werkplek Leiden weten we, dat kwetsbare en voor preventie moeilijk bereikbare groepen zoals ouderen, allochtonen en mensen met een

Centro Studi February 2015

Following two years of negative results, the Italian Textile Industry (comprised of woolen, cotton, linen, silky and knitted fabrics) experienced a trend reversal

Tecnical R 802

2.. Properties ofcured resins 3-1. General properties Table.2 R-802 Cast Laminate R-1r06 Cast Laminate Spec.. Applications. RIPOXY R-802 and R-806 can be genelally used