Professional Documents
Culture Documents
Security and Implementation in Government Sector 24 June 2011 Sudeep Kumar Das, CISA, CISSP Lead Solution Architect, India & SAARC
Agenda
Regulatory Data
Privacy data (PII) Transaction Data Asset Data
Government Secrets
Personally Identifiable Information
Government Program data & communications Reports
Government Official & customer data (PII), program secrets, intellectual property
Fines: Unlimited Liability Burden: Quarterly audits Legal: Lawsuits, privacy notices
Damage: Government Repuation Churn: citizen adoption Loss: Trust & confidence
Burden: More FTEs for security Capital: Additional HW & SW Cost: Higher TCO
DISCOVER
Sensitive Data
MONITOR
User Actions
EDUCATE
End Users
ENFORCE
Security Controls
Reduce Risk
?
RISK
Understand Risk
TIME
DLP Network
DLP Datacenter
DLP Endpoint
Web
Databases
Connected PCs
Disconnected PCs
ENFORCE
Policy is described by
1
What
1.
Identification
Who Where
2
Who
Notification
What How
Remediation
What How
We identify a violation by specifying What: the identification of content is done by Content Blades. Check out the library of Content Blades available in the product. You can further manage this by specifying attributes like file type, file size
Who: same content might be a violation for some people or AD groups, departments, while perfectly ok for others.
2.
Where: in the network, datacenter, endpoint or all; or in a particular subset of scans identified by a scan group (which can represent a BU, geography); or a specific user action (at copy or at print).
We set up notification by defining Who: who is responsible for handling the incident (the user creating it, the administrator, the users manager)
3.
What: what is in the notification (eg. notification customized per AD group or policy, include links) How: Send an email, pop up a window, integrate into Remedy or SIEM solution
Remediation What: We support different remediation options encryption, quarantine, block, copy, move, delete, apply Microsoft AD RMS
How: thru automated actions at the time of the incident; thru workflow that can leverage AD hierarchy; facilitated actions (operated from our UI) , or manual actions with incident management thru our UI
Transactional Data
Unstructured
Semi-Structured
Structured
Better insight into Data at Rest and more effective remediation process
DISCOVER
DLP
What data is sensitive? Where is it?
MONITOR
DLP
How is it being used?
EDUCATE
DLP
What to educate on?
ENFORCE
DLP
What do I enforce? Where do I enforce?
Data Governance
Who has access to it? Where to start discovery?
Data Governance
Who is accessing it?
Data Governance
Who do I educate?
Data Governance
What is the impact? How can I enforce?
Database
DLP Administrator
Secondary Data Center SharePoint
Remote Offices
Regulatory Data
Compliance Objectives
Corporate Secrets
Objectives
SMTP
Mail Servers
SPAN TAP
IM, HTTP, HTTPS, FTP
Proxy Server
Corporate Users
DLP Administrator
Note: All RSA Network components except for RSA DLP Network Sensors can be deployed as physical or virtual appliances
Encryption Server
SMTP
Mail Servers
Proxy Server
Corporate Users
DLP Administrator
Note: All RSA Network components except for RSA DLP Network Sensors can be deployed as physical or virtual appliances
Enforce
Connected or Disconnected from Corporate Network
Connected to Corporate Network Not Connected to Corporate Network
Top Violators
(Identified through Discover and Monitor)
Just-In-Time Education
!
1
user performs actions
3
user acts responsibly
LOW
RISK
QUARANTINE
HIGH
ALLOW
NOTIFY
MOVE
ENCRYPT
JUSTIFY
BLOCK
SHRED
Manual or Automated
AUDIT
COPY
DELETE
RMS (DRM)
Attributes
Transmission metadata File size, type, etc. Owner, sender, etc.
Described Content
Detection Rules Context Rules Exceptions
Fingerprinting
Full & partial match Databases Files
Name
Title
Business group Organization hierarchy Special privileges
What policies to apply Define the risk of actions What controls to enforce Who to notify
Real-time data from your Windows Active Directory Used across all phases of DLP
Consolidate Violations
Violation Event 1 Violation Event 2 Violation Event 3 Violation Event 4 Violation Event n
Policy Based Logical Grouping
Officer
Alert Manager
PEOPLE
Number of users Types of users
PLACES
Number of office sites Types of office sites
DATA
Amount of data Sources of data
Flexible policy framework to support a million plus users and 100s of user types
Unique grid technology to scan large amounts of data most cost effectively
INFRASTRUCTURE
INCIDENTS
CONTROLS
PEOPLE
PROCESS
TECHNOLOGY
Identify current technology you can leverage Evaluate fit with IT roadmap (cloud, virtualization, etc.)
PreDeployment
DLP champion (team)
Buy in from groups beyond IT Top 3-5 drivers & corporate policies
Educate
Enforce
Technology provisioning DLP administration hours Project Timeline and next phase
Next steps
What stage are you in today? We can help you:
Better understand DLP
Considering DLP Risk Assessment DLP Miniscan DLP Workshop DLP Demo EMC CIRC Tour Free Scan
DLP Workshop EMC CIRC Tour DLP TCO Tool DLP Sizing Guide
28
E
Policy & Classification
Policies covering a broad range of regulations and topics. Developed by an expert team
Identity Aware
Identity awareness for classification, controls and remediation
Incident Workflow
Consolidated alerts with the right information to the right people for the right actions
Enterprise Scalability
Scan more data faster with lesser hardware and resources