Classification Should Drive Your Security Strategy Tips for - PowerPoint PPT Presentation

Why Data Classification Should Drive Your Security Strategy Tips for Finding, Classifying, and Protecting Your Data Tony Themelis VP , Product Management Digital Guardian

Tony Themelis Bio Tony Themelis  VP of Product Management at Digital Guardian VP, Product Management  Former VP Customer Service at Quantifacts  9 years at Deloitte Consulting  Studied Computer Science  MBA from London Business School 2

Bill Bradley Bio Prior Experience: Cybersecurity, Physical Bill Bradley Security; Marketing, Sales, and Business Director, Product Marketing Leadership  Product Marketing for Data Loss Prevention  ~20 years of technical marketing & sales experience • Field Sales, Competitive Analysis, Product Mktg & Mgt  Previously at Rapid7 and General Electric Corporation 3

When it comes to data protection: ONE SIZE DOES NOT FIT ALL

Today’s Agenda  Security Without Visibility?  Discovery and Classification Linkage  How to Classify  Classification Action Plan  Audience Questions 5

Questions:  Can you achieve security without visibility?  What about compliance? 6

The Analysts Say:  “If you don’t know what you have, where it is, and why you have it, you can’t expect to apply the appropriate policies and controls to protect it.” (source: Rethinking Data Discovery and Data Classification Strategies, Heidi Shey and John Kindervag, Forrester Research Inc., March 25, 2016) 7

The Analysts Say:  “Focus on controls that broadly address the problem, such as implementing people-centric security and data classification . These controls are the foundation upon with additional controls can built .” (source: Understanding Insider Threats, Erik T. Heidt, Anton Chuvakin, Gartner Inc., May 2, 2016) 8

Discovery and Classification Linkage Discovery Classification 9

Benefits of the Linkage  Visibility into your data • Spot data flows that ID opptys for classification • Identify data abuse or security gaps  Limit scope • InfoSec resources focuses on what matters most • De-emphasize less important data, or destroy • Not to say you ignore signs of a data breach on public data  Supports compliance • Find and classify data subject to regulations • Track or firewall it • Scan for compliance data in non-authorized locations • Control access to sensitive data (e.g. foreign national for ITAR data) 10

Why Should you Classify?  Compliance • HIPAA, PCI, GDPR, SOX, GLBA, etc.  IP Protection • Protect competitive advantage  Collaboration • Expand your collaboration securely 11

Classification Action Plan  Policy  Scope  Discovery  Solution(s)  Feedback Mechanism 12

Policy  Documents the goals, objective, and strategic intent behind the classification • Compliance for what specific regulation • Balancing Confidentiality, Integrity, and Availability • Awareness • Risk Management • Incident Response  Seek cross-functional support • Sr Exec buy-in critical  Tie back to the business goals • “GDPR compliance enables our business to further penetrate the EU.” • “Robust IP protection enables global supply chain partnerships I can trust.” 13

Scope  Establish the boundaries on your program  How far into your partner network can/will/do you want to reach?  Legacy data? Archived data?  Note anything that is out of scope 14

Discovery  Regulated and sensitive data • Personally identifiable, payment card information, healthcare • CAD, source code, seismic data, formulas  Endpoints, servers, databases, cloud • Share classification tags across all  Not a one time event • Creation, modification, audit, predefined interval 15

Solutions  Automated • Context • File type, location • Content based • Fingerprint, RegEx • Safeguard to manual process • Intentional or unintentional  Manual • User defined data classification • Rely on the data expert, in the present • InfoSec not the right group to do this  Outsource • Comprehensive to exhaustive 16

Considerations  Automated • Cost, tuning  Manual • Scalability, repeatability  Outsource • Cost, time 17

Feedback Mechanism  Users • Are the categories aligned with the business? • Start with 3, but is that right? • Do some business units need more?  Reporting and analytics • Is classified data moving in ways it shouldn’t? • Is classified data in places it shouldn’t be?  Auditors • Are you able to demonstrate compliance? 18

Summary  Security and compliance need visibility and organization • Discover and Classification  Classification is foundational • Compliance • IP Protection • Collaboration  Action Plan • Policy • Scope • Discovery • Classification Solutions • Feedback 19

Digital Guardian for Classification Understand your data to best protect it.

Versus

Data Centric Protection 22

Data Centric Protection  Find the data, wherever it is in your extended enterprise  Laptops, servers, databases, cloud  Discovery supports security and compliance 23

Data Centric Protection  Segment or categorize your data into meaningful buckets  External, Private, Restricted  More is not always better 24

Data Centric Protection  Create the process flow for the previously identified data types  External – no controls  Private – prompt/justify  Restricted – encrypt or block  Policy-less 25

Data Centric Protection  Real time prompts for in the moment education  Scalable responses from log all the way to block  Reporting 26

Data Centric Protection Find it Organize it Defend it Operationalize it 27

Visibility + Classification = Data Centric Protection 28

Visibility + Classification = Data Centric Protection 29

Visibility + Classification = Data Centric Protection 30

Visibility + Classification = Data Centric Protection 31

Digital Guardian for Data Centric Protection 32

DIGITALGUARDIAN  Founded 2003 • Extensive data protection patent portfolio  Global Presence  Data-Centric Security Leader • Leader in 2016 Gartner Magic Quadrant for Enterprise Data Loss Prevention • #1 For Intellectual Property Protection, Gartner Critical Capabilities for Enterprise Data Loss Prevention • 7 of the top 10 largest patent holders • 7 of the top 10 largest automotive manufacturers • Hospitals, Financial Services, Credit Unions, Insurance, Legal  Anytime, Anywhere Data Protection • Data protection, encryption, application control, device control, forensics • Protects data independent of the threat or the system • Network, Endpoint, Cloud, Database • Windows, OS X, Linux

Digital Guardian: Only Leader Gaining on Vision and Execution “Digital Guardian offers one of the most advanced and powerful endpoint DLP agents due to its kernel-level OS integration. In addition to Windows, both Apple OS X and Linux are supported.” “The Digital Guardian solution for endpoint covers DLP and endpoint detection and response (EDR) in a single agent form factor…” “…Digital Guardian [is one of] two vendors most frequently mentioned by clients looking for a managed services option .” 2016 Gartner Magic Quadrant for Enterprise Data Loss Prevention Published: January 2016 34

Questions? 35