1 1

Alexandre Diemer Council of Europe

www.coe.int

DATA LEAKAGE PREVENTION

A Pragmatic Approach

2

3 MAIN OBJECTIVES OF THIS PRESENTATION

1 WHAT TO PROTECT 2 WHY PROTECT 3 HOW TO PROTECT

3

WHAT TO PROTECT ?

1 DATA IN MOTION 2 DATA IN USE 3 DATA AT REST

4

DATA IN MOTION

DATA IN MOTION is data transmitted / moving in networks

5

DATA IN USE

DATA IN USE is data stored / handled on external devices

6

DATA AT REST

DATA IN REST is data stored in computer storages

7

WHY USING DATA LEAKAGE PREVENTION ?

Vast Data quantities Data Confidentiality Gaining visibility over

Data Repositories &

Rights

Trace & Chase Data Leakages

Facing Advanced Persistent Threats

8

PREREQUISITES

Data Classification Specialised Solutions

Demand it

Often Complex to

Deploy

Level of IT & Business Maturity

Large Budgets

9

DESPITE PREREQUISITES

10

DESPITE PREREQUISITES

DATA Classification is

a)Not in Place

b)Only Partially Deployed

11

SO WHAT ABOUT COMMERCIAL OFFERINGS?

12

Everybody has a plan until they get punched in the face !

Mike Tyson

13

PRAGMATIC PPROACH

No Data Classification = No Commercial Solution

Back to Basics or Finding a Balance between

user annoyance vs cost vs daily exploitation vs effectiveness

Switching from Silver Bullet to Multilayer Approach

• Technical

• Legal

• Organisational

14

TECHNICAL TIPS - DATA IN MOTION

Block services that can’t be secured. Rely on logs Content Tagging

Jump to Forensics

15

TECHNICAL TIPS - DATA IN USE

Use of endpoint logging for

Forensic investigation

EXTERNAL DEVICES

16

TECHNICAL TIPS - DATA IN USE

MDM

Forcing Mass storage Connection

Mode

SMART DEVICES

17

18

TECHNICAL TIPS - DATA IN USE

Extended use of Tracking

PRINT

19

TECHNICAL TIPS - DATA IN USE

Security Information & Event

Management

20

TECHNICAL TIPS - DATA AT REST

Desktops/Databases: use Audit

Trails

Fileservers: Extended Tracking

Solution

(commercial)

21

NEVERTHELESS

We need to be lucky once …You need to be lucky every time

IRA to Margaret Thatcher after failed assassination attempt

22

OUTLOOK

Living with fact that breaches will

occur

23

OUTLOOK…

Living with fact that there will be

data leakage to some extent

24

OUTLOOK…

Targeting the right perimeter • Start small • Focus on specific data container

• Secure Sensitive Items

• Track user activity rather then unstructured data

25

OUTLOOK…

Focus on VIPs / Nomadic staff • Risk of device theft > data breach

• Disk/Device Encryption on nomadic devices

26

OUTLOOK…

Tracking Approach

Rather than

Blocking Approach

27

OUTLOOK…

Rely on Good Crisis & Incident Mgt • Technically with Advanced Forensics

• Communication Measures (Be prepared)

• Legal framework

28