DATA SECURITY OR TECHNOLOGY -WHAT

DRIVES DLP IMPLEMENTATION

ISACA –BANGALORE CHAPTER

Bangalore

15 November, 2014 1

CONFIDENTIALCONFIDENTIAL

The Document may contain material non�public

information and is provided for informational

purpose only.

The views presented here are the sole views of

the Speaker and doesn’t represent the views of

the Organization where he is / was working.

2

CONFIDENTIALCONFIDENTIAL

3

CONFIDENTIALCONFIDENTIAL

4

Determining The Value of Information

Data Protection Priorities

CONFIDENTIALCONFIDENTIAL

Changing Threats to Data Security 5

CONFIDENTIALCONFIDENTIAL

Top 10 Most Frequent

Data Leakage Incidents

1. Patient PHI sent to partner, again, and again

2. Employee send Sales Funnel Data to competitor

3. Payroll data being sent to home email address

4. Draft press release to outside legal council

5. Financial and M&A postings to message boards

6. Source code sent with resume to competitor

7. Credit Card or account numbers….and thousands of them

8. Confidential patient information

9. Internal memos and confidential information

10. Sensitive Board Papers circulated to competitor

6

CONFIDENTIALCONFIDENTIAL

What is Data Loss

Prevention

• Data loss prevention (aka, DLP) is a data security technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage) in an organization’s network.

• Wave of Data Loss Prevention solutions hit the market place in the mid 2000’s

7

CONFIDENTIAL

Data Loss Prevention Is Imperative 8

Insiders and partners cause most breaches

• Insiders make mistakes handling data

• Broken business processes increase risk

Compliance mandates data protection

• Increased focus on data privacy

• Need to demonstrate data controls

More complex threats to your data

• External threats target high value data

• Limited visibility of where data is

76%of breaches

81%of companies breached

were not PCI compliant

$6.7million average

cost of a breach

CONFIDENTIALCONFIDENTIAL

Regulatory Compliance

� The DLP solution provides easy-to-use built in security policy

templates to help ensure compliance with the most widely enforced

compliance requirements, including:

� The Payment Card Industry Data Security Standard (PCI DSS)

� Gramm-Leach-Bliley Act (GLBA)

� Health Insurance Portability and Accountability Act (HIPAA)

� Sarbanes-Oxley (SOX)

� Personally identifiable information (PII) Etc.

9

CONFIDENTIALCONFIDENTIAL

Data Security Challenges 10

1. Where is my confidential data

stored?– Data at Rest & Use

2. Where is my confidential data

going?– Data in Motion

3. How do I fix my data loss

problems?

CONFIDENTIALCONFIDENTIAL

Data Leakage Vectors 11

CONFIDENTIALCONFIDENTIAL

Data Security-----Technology

Enablement Journey 12

Data Loss

/Incidents

Analyze the

Operating

Threat Vectors

Data Loss V/s

Business Impact

Create a Business Case : Busines

s Problem

and Requirements

Threat Vectors

V/s Solution

in the Market

Vendor Compari

sons and

Architecture

Data Flow

Analysis

Identify Sensitive/confid

ential Data

DLP Solution Implementation & Fine Tuning

DLP Policy

Implementation &Testin

g

Data SecurityTechnology

ImplementationDFA

CONFIDENTIALCONFIDENTIAL

Data Classification and

Identification

� One expects a DLP system can answer the following questions

� What is sensitive information?

� How to define sensitive information?

� How to categorize sensitive information?

� How to check if a given document contains sensitive information?

� How to measure data sensitivity?

� Data inspection is an important capability for a content-aware DLP solution. It consists of two parts:

� To define sensitive data, i.e., data classification

� To identify sensitive data in real time

13

CONFIDENTIALCONFIDENTIAL

Enabling Data Security

�Four fundamental approaches for sensitive data

definition and identification:

� Document fingerprinting

� Database record fingerprinting

� Multiple Keyword matching

� Regular expression matching

14

CONFIDENTIALCONFIDENTIAL

Document Fingerprinting

� A fingerprinted-content blade is fundamentally an encapsulated set offingerprints—hash values that uniquely identify all and parts of textcontent in a file, a complete file copy, or database cell content.

� Fingerprints are created by running a hash function against eachcomplete file, or parts or all of the text in files, or database columns thatyou specify. The resulting fingerprints or hash values are unique numericrepresentations of files or text content that are much smaller than theoriginal content.

� Matches to fingerprints are determined by creating hash values of ascanned document or transmission and comparing those hash values toexisting fingerprints. If one of the hash values matches a fingerprint, thenthe scanned entity is identical to or contains content identical tofingerprinted content and is flagged as a match.

15

CONFIDENTIALCONFIDENTIAL

16

CONFIDENTIALCONFIDENTIAL

�Full and Partial Text Fingerprinting

• With full and partial text fingerprinting, fingerprints (hash

values) are created for all and sections of the text in each file in

file shares or directories you specify, and all of these

fingerprints are encapsulated into a single fingerprinted-content

blade.

Full Binary Fingerprinting

�With full binary fingerprinting, fingerprints (hash values) are

created based on the binary content of each file in file shares or

directories you specify, and all of these fingerprints are

encapsulated into a single fingerprinted-content blade

17

CONFIDENTIALCONFIDENTIAL

Database Fingerprinting

� A database fingerprint is the encapsulated set of fingerprints, or row-related

hash values, that can be used to detect a content match to a specified

combination of column content stored in a database row.

� The hash values are created by running a hash function against the content

of all or selected columns of table rows in a database.

� Fingerprint matches to a database fingerprinted-content blade are

determined by comparing its row-related fingerprints to hash values derived

from the text content of scanned documents and transmissions.

18

CONFIDENTIALCONFIDENTIAL

Regular expressions

�Regular expressions are pattern-matching strings used to

identify sensitive content.

�These are patterns of numbers, letters, and symbols that

can match entire categories of formatted numbers or text

�Ex : A[0-4]{0,1}-\d{6}-[A-Z]{2}

� Matches 6 or 7 digit Alphanumeric account numbers

19

CONFIDENTIALCONFIDENTIAL

Keyword Matching

� The DLP content analyzer compares each keyword defined to the

content being analyzed, and if the rule is matched, that is one piece of

evidence that the content may be sensitive

� For example, In analyzing for confidential company intellectual

property, you might include internal project code names in a list of

keywords.

20

CONFIDENTIALCONFIDENTIAL

Technical views for data-in-

use and data-in-motion 21

CONFIDENTIALCONFIDENTIAL

DLP Systems and Architecture 22

CONFIDENTIALCONFIDENTIAL

DLP Policy Enforcement

Enforcement Levels

� Remediation

� Education & Awareness

� Audit Mode

� Remove False Positives

� Notification

� To User & Manager

� Prevention and Protection

� Quarantine Mode

� Block Mode

23

CONFIDENTIALCONFIDENTIAL

Risk Reduction in the

Implementation Life Cycle 24

Inc

ide

nts

� How is Risk Reduced?

� Fix broken processes

� Educate workforce

� Notify policy violators

� Notify management

� Protect files

� Prevent incidents

Baseline Prevention &

Protection

Remediation Notification

100

80

60

40

20

0

CONFIDENTIALCONFIDENTIAL

Implementation Complexity 25

DLP Implementation

IT Infra Team

DLP Tool Vendor

IT App Team

DLP Consulting Partner

Risk Management

Team

Business Functions

Multi stakeholder environment created complexity for the implementation

CONFIDENTIALCONFIDENTIAL

DLP benefits

� Understand Company’s confidential data -

where it is, how it is used

� Gain a competitive advantage, in both brand

value and reputation.

� To achieve Compliance and regulatory

controls

� To protect proprietary information against

security threats caused by enhanced

employee mobility and new communication

channels.

� Facilitate early risk detection and mitigation

� Educate employees and block unwanted

activity

26

CONFIDENTIALCONFIDENTIAL

Thank you

Satyanandan Atyam

Sr. Manager Risk Management, Data Privacy Officer

Bharti AXA General Insurance Company Ltd.

+91-9886868845

27