Classification Should Drive Your Security Strategy Tips for - - PowerPoint PPT Presentation

Why Data Classification Should Drive Your Security Strategy

Tips for Finding, Classifying, and Protecting Your Data Tony Themelis VP , Product Management Digital Guardian

Tony Themelis Bio

• VP of Product Management at Digital Guardian
• Former VP Customer Service at Quantifacts
• 9 years at Deloitte Consulting
• Studied Computer Science
• MBA from London Business School

2

Tony Themelis

VP, Product Management

Bill Bradley Bio

Prior Experience: Cybersecurity, Physical Security; Marketing, Sales, and Business Leadership

• Product Marketing for Data Loss Prevention
• ~20 years of technical marketing & sales experience
• Field Sales, Competitive Analysis, Product Mktg & Mgt
• Previously at Rapid7 and General Electric Corporation

3

Bill Bradley

Director, Product Marketing

When it comes to data protection:

ONE SIZE DOES NOT FIT ALL

Today’s Agenda

• Security Without Visibility?
• Discovery and Classification Linkage
• How to Classify
• Classification Action Plan
• Audience Questions

5

Questions:

• Can you achieve

security without visibility?

• What about

compliance?

6

The Analysts Say:

• “If you don’t know what you have, where it is,

and why you have it, you can’t expect to apply the appropriate policies and controls to protect it.”

7

(source: Rethinking Data Discovery and Data Classification Strategies, Heidi Shey and John Kindervag, Forrester Research Inc., March 25, 2016)

The Analysts Say:

• “Focus on controls that broadly address the

problem, such as implementing people-centric security and data classification. These controls are the foundation upon with additional controls can built.”

8

(source: Understanding Insider Threats, Erik T. Heidt, Anton Chuvakin, Gartner Inc., May 2, 2016)

Discovery and Classification Linkage

9

Discovery Classification

Benefits of the Linkage

• Visibility into your data
• Spot data flows that ID opptys for classification
• Identify data abuse or security gaps
• Limit scope
• InfoSec resources focuses on what matters most
• De-emphasize less important data, or destroy
• Not to say you ignore signs of a data breach on public data
• Supports compliance
• Find and classify data subject to regulations
• Track or firewall it
• Scan for compliance data in non-authorized locations
• Control access to sensitive data (e.g. foreign national for ITAR data)

10

Why Should you Classify?

• Compliance
• HIPAA, PCI, GDPR, SOX, GLBA, etc.
• IP Protection
• Protect competitive advantage
• Collaboration
• Expand your collaboration securely

11

Classification Action Plan

• Policy
• Scope
• Discovery
• Solution(s)
• Feedback Mechanism

12

Policy

• Documents the goals, objective, and strategic intent behind the

classification

• Compliance for what specific regulation
• Balancing Confidentiality, Integrity, and Availability
• Awareness
• Risk Management
• Incident Response
• Seek cross-functional support
• Sr Exec buy-in critical
• Tie back to the business goals
• “GDPR compliance enables our business to further penetrate the EU.”
• “Robust IP protection enables global supply chain partnerships I can trust.”

13

Scope

• Establish the boundaries on your program
• How far into your partner network

can/will/do you want to reach?

• Legacy data? Archived data?
• Note anything that is out of scope

14

Discovery

• Regulated and sensitive data
• Personally identifiable, payment card information, healthcare
• CAD, source code, seismic data, formulas
• Endpoints, servers, databases, cloud
• Share classification tags across all
• Not a one time event
• Creation, modification, audit, predefined interval

15

Solutions

• Automated
• Context
• File type, location
• Content based
• Fingerprint, RegEx
• Safeguard to manual process
• Intentional or unintentional
• Manual
• User defined data classification
• Rely on the data expert, in the present
• InfoSec not the right group to do this
• Outsource
• Comprehensive to exhaustive

16

Considerations

• Automated
• Cost, tuning
• Manual
• Scalability, repeatability
• Outsource
• Cost, time

17

Feedback Mechanism

• Users
• Are the categories aligned with the business?
• Start with 3, but is that right?
• Do some business units need more?
• Reporting and analytics
• Is classified data moving in ways it shouldn’t?
• Is classified data in places it shouldn’t be?
• Auditors
• Are you able to demonstrate compliance?

18

Summary

• Security and compliance need visibility and organization
• Discover and Classification
• Classification is foundational
• Compliance
• IP Protection
• Collaboration
• Action Plan
• Policy
• Scope
• Discovery
• Classification Solutions
• Feedback

19

Digital Guardian for Classification

Understand your data to best protect it.

Versus

Data Centric Protection

22

Data Centric Protection

• Find the data, wherever it is

in your extended enterprise

• Laptops, servers, databases,

cloud

• Discovery supports security

and compliance

23

Data Centric Protection

24

• Segment or categorize your

data into meaningful buckets

• External, Private, Restricted
• More is not always better

Data Centric Protection

25

• Create the process flow for

the previously identified data types

• External – no controls
• Private – prompt/justify
• Restricted – encrypt or block
• Policy-less

Data Centric Protection

26

• Real time prompts for in the

moment education

• Scalable responses from log

all the way to block

• Reporting

Data Centric Protection

27

Find it Organize it Defend it Operationalize it

Visibility + Classification = Data Centric Protection

28

Visibility + Classification = Data Centric Protection

29

Visibility + Classification = Data Centric Protection

30

Visibility + Classification = Data Centric Protection

31

Digital Guardian for Data Centric Protection

32

DIGITALGUARDIAN

• Founded 2003
• Extensive data protection patent portfolio
• Global Presence
• Data-Centric Security Leader
• Leader in 2016 Gartner Magic Quadrant for Enterprise Data

Loss Prevention

• #1 For Intellectual Property Protection, Gartner Critical

Capabilities for Enterprise Data Loss Prevention

• 7 of the top 10 largest patent holders
• 7 of the top 10 largest automotive manufacturers
• Hospitals, Financial Services, Credit Unions, Insurance, Legal
• Anytime, Anywhere Data Protection
• Data protection, encryption, application control, device

control, forensics

• Protects data independent of the threat or the system
• Network, Endpoint, Cloud, Database
• Windows, OS X, Linux

Digital Guardian:

Only Leader Gaining on Vision and Execution

“Digital Guardian offers one of the most advanced and powerful endpoint DLP agents due to its kernel-level OS integration. In addition to Windows, both Apple OS X and Linux are supported.” “The Digital Guardian solution for endpoint covers DLP and endpoint detection and response (EDR) in a single agent form factor…” “…Digital Guardian [is one of] two vendors most frequently mentioned by clients looking for a managed services option.”

34

2016 Gartner Magic Quadrant for Enterprise Data Loss Prevention

Published: January 2016

Questions?

35