information in motion: content protection in the ... 1 - track 2.3 - mr. gary lau... · information...

© Intralinks 2014 1

Information in Motion:Content Protection in the Enterprise Achieving Business Value, Governance and Compliance

Gary Lau

CISA, CISSP

Senior Presales Consultant

North Asia

[email protected]

© Intralinks 2015 Intralinks Confidential — Internal Use Only 2

A long record of enabling the most demanding

global enterprises and business users

Company

Customers

Innovation

• Founded in 1996 with more than 1,000 employees

• Publically traded (NYSE:IL), with $276.2M revenue (FY 2015)

• Leading firms across manufacturing, energy, insurance, professional

services, engineering and other regulated and IP-intensive industries

• More than 100 customer security audits and penetration tests

completed in the last 18 months

Business Impact• $28.1T of financial transactions enabled

• 35K new users per month, 68K logins per day

• ~2M active users, including employees of 99% of the Global 1000

• Highest R&D investment (share of revenue) among peer public tech firms

• Sustained record of technology firsts: Cloud VDRs, validated

pharmaceutical trials in the cloud, integrated IRM, plug-in free IRM for

external collaboration, customer-managed encryption keys

© Intralinks 2016 © Intralinks 2015 Intralinks Confidential — Internal Use Only

Accelerating Business Beyond

Boundaries

Intralinks helps businesses accelerate deals, streamline digital processes, deepen customer engagement and reduce regulatory risk.

3

© Intralinks 2016

How business gets done is changing…

New Security

Threats

Evolving

Regulatory

Environments

Rise of Cross

Boundary

Processes

Modern Work

Environment

Digital

Business

Transformation

…but, all business processes still require the

exchange of content.

© Intralinks 2016

Due Diligence

Policies & Proc

Training

Audit

Examinations

Self-Assess

Investigations

Monitors

Remediation

5

Rules

Regulations

Regulatory

Agencies

Audit & Acct

Firms

Consulting

Firms

confidential supervisory information / sensitive business document

BANK Risk

Committee

Board of

Directors

Chief

Risk Officer

Chief

Compliance

Officer

Vendor Risk

Management

Exam

ManagementFinancial

Intelligence

Unit

Executive

Leadership Team

Law Firms

Vendors

Law

Enforcement

Customers

Reporting

Prevent Detect Respond

Regulatory risk management is a complex mix of people, process, and

systems

Anti-Money

Laundering

Unit

Monitor

Liaison

Office

© Intralinks 2016

Customers Third PartiesLaw

Enforcement

Regulatory

Agencies

Audit / Acct

Firms

LoB 1 LoB 2 LoB 3

Risk

Management

Regulatory

ComplianceRegulatory

AffairsLegal

Internal Audit

6

External

Parties

Business

Operations

Governance

Risk &

Compliance

Validation

Compliance management systems have lots of operational and

information security risk

Financial

Intelligence


Unmanaged content creates risk

Over and under retention

Information leakage

Data sovereignty compliance

Regulatory compliance

Unauthorized access

Consequences:

• Cost – regulatory fines

• Cost – unbound storage hardware

• Loss of business agility

• Lost trust or reputation with customers

© Intralinks 2015

Is my content safe?

Is it stored in a compliant way?

Can I get it out if I need to?


Customers are demanding the ability to:

1. Control and secure enterprise information wherever

it resides – cloud, on-premise, hybrid, local or

international

2. Seamlessly control and secure enterprise

information regardless of how it is accessed –

desktop, mobile devices, tablets, etc.

3. Embed control of content at the document level

with granular permission management

4. Implement easy to use – easy to install solutions,

without compromising security

5. Grant and revoke access to content to ensure

internal and external content is controlled.

How do I protect my company’s content?

“Bank Grade Security”

Copyright © Intralinks 2013 all rights reserved 10

Man in the Cloud Attacks

http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-drive----sans-malware-/d/d-id/1321501?_mc=RSS_DR_EDT

http://www.zdnet.com/article/dropbox-google-drive-onedrive-files-man-cloud-attack/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

http://www.imperva.com/docs/imperva_Hacker_Intelligence_Initiative_No22_Jul2015_v1d.pdf

http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-drive----sans-malware-/d/d-id/1321501?_mc=RSS_DR_EDT

http://www.zdnet.com/article/dropbox-google-drive-onedrive-files-man-cloud-attack/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

http://www.imperva.com/docs/imperva_Hacker_Intelligence_Initiative_No22_Jul2015_v1d.pdf


Can you work across boundaries ?..


.. and protect information in motion..

© Intralinks 2015 Intralinks Confidential — Internal Use Only

.. in an evolving risk and threat landscape

© Intralinks 2014

Establishing a global enterprise standard for regulatory risk

management

Single Platform to manage all regulatory risk documents –

addressing Prevent, Detect and React process stages

Operational Controls including complete and accurate

records of:

• Documents shared, with whom, and when – evidencing

business decisions / escalations

• Activity reports at the group, user, workspace, folder,

and document levels

• Comments accompanying documents

Information Security including encryption at rest, in use,

and in motion

Enterprise Standards to enforce best practices for

collection, creation, review and distribution of regulatory

documents (based on function and stage of the regulatory

process)

15

© Intralinks 2016 Intralinks Confidential — Internal Use Only

Intralinks Content Collaboration Network™

Intralinks

Workspaces

EnterpriseSecurity &Governance

BusinessProcesses

ECM and Cloud Storage

Distributed

Nodes

Integration Fabric

Regulatory and Security Standards

© Intralinks 2016

LoB 1 LoB 2 LoB 3

Financial

Intelligence

Risk

ManagementLegal

Regulatory

Affairs

Internal Audit

17

External

Parties

Business

Operations

Governance

Risk &

Compliance

Validation

Intralinks Platform

Regulatory

Agencies

Audit / Acct

FirmsCustomers Third Parties Law Enforcement

Intralinks provides one secure platform to manage operational and

info security risk for exchanging files

Regulatory

Compliance

Encryption

Audit

Trails

Information

Rights

Management

Auto

Generated

Alerts

User/Group

Access Levels

Activity

Reports

Folder/File

Access Levels

No Storage Limit

Watermarks

Workflows

Print Control

© Intralinks 2014

1

2

3

Make SaaS secure for the enterprise

Protect your content in all of its phases

• At rest, in transit, and in use

• Information Rights Management

Maintain geo-location control of your data stored in the cloud

• Secure public, private, & hybrid architectures

• Maintain control of encryption keys

Align your business with the four pillars for secure collaboration

• Comply with internal/external rules of governance

• Control the entire sharing process centrally

• Control content for its entire lifecycle

• Establish technology and infrastructure security


99% of Fortune 1,000 use Intralinks

Copyright © Intralinks 2014 all rights reserved

Secure SaaS Platform Infrastructure

Application Security

- Risk-based Multi-Factor Rules Engine

- Data-Driven Authentication Rules

- Channel-Driven Single Sign-on

- Data Encryption at rest and in transit

- Built-in Information Rights Management (IRM) and

dynamic watermarkingInfrastructure Security

- Global Zones

- Hardware Security Module to host Customer

Managed Keys

- DDoS Protection and Web Application Firewall

- Secure DNS/Website Cloaking People & Process Security

- Dedicated Security Team

- Security Operations Center

Security & Regulatory Certifications

• SOC 2 Type II (formerly SAS 70 Type II)

since 1999

• SSAE 16/SOC1 certified [US and UK

data centers]

• ISO/IEC 20000-1:2005 certified [US

data centers]

• ISO 27001:2005 and ISO 9001 certified

[UK data centers]

• ISAE 3402 certified [UK data centers]

• Safe Harbor

• 21 CFR Part 11 validated for electronic

records

• DoD 5220.22M compliant

• SOX compliant


Completed more than 1,280 security

audits, penetrations tests and

security questionnaires for leading

enterprises and financial institutions

in the past 2 years (March 2014 –

March 2016).

Assessment History

© Intralinks 2014

Industry recognition

© Intralinks 2016 Company Confidential - For Internal Use Only 22

“Intralinks’ architecture gives

customers data sovereignty and

geolocation capabilities, which are

particularly valuable in

regions/countries with regulations

protecting data privacy.”

- 2015 Magic Quadrant for EFSS

“…[Intralinks] holds a

strategic offering where

security and governance

come first.”

Ranked #1 vendor by Gartner

for Collaboration and Social

Software Suites

(10 years in a row…)

Named a “Leader” in The

Forrester WaveTM: Enterprise

File Sync and Share

Platforms, Cloud Solutions,

2016

2015 KuppingerCole

Leadership Compass for

Information Security

Best Global M&A Platform:

Intralinks Dealspace®

© Intralinks 2014

Solutions across enterprise-wide use

Risk and Compliance• Operational Risk Management

• Vendor and Third-Party Oversight

• Anti-Money Laundering and Financial Crimes

• Regulatory Exam Readiness and Reporting

• Third-Party Compliance Monitors

Marketing and Digital• Campaign Execution

• Digital Asset Collaboration

• Agency Collaboration

• Sales Enablement

Technology

Solutions• SharePoint and ECM

Externalization

• USB and Removable

Media Replacement

• Shadow IT

• Large File TransferFinance, HR and Legal• Audit Management

• Compensation Planning and Analysis

• Electronic Employee Files

• Litigation Support

• Contract Management

• Board Communications

Advisory and Corporate Development• M&A Due Diligence

• Deal Sourcing and Marketing

• Deal Pipeline Management

• Clean Rooms and Post-Merger Integration

IT and Program Management• Source Code Transfer

• Outsourced Vendor Collaboration

• Change Program Management

Retail Banking, Private Wealth and

Asset Management Operations• Client and Investor Communications

• Customer Interactive Communications

• Broker/Direct Mortgage Submissions

• Loan Review and ProcessingCapital Markets and Corporate Banking• Syndicated Lending

• Debt Financing

23


Reference Use Case – Marketing Department

Marketing projects teams are often comprised of internal

staff and external organization that need access to a

company’s sensitive documents. Need control over the

contents and to have a way to retract the information

after the project or campaign is over.

• Marketing agencies

• PR firms

• Consultants

• Vendors

Why Intralinks VIA:

• Securely share content with outside vendors and unshare materials after the project or engagement is over.

• Allows marketers to collaborate on the required materials creation both internally and externally with

efficiency and security.

• Allows large files of up to 11GB to be share easily and securely, promoting more efficient collaboration on

digital projects.


Reference Use Case – Security Department

The mission of a corporate security team is to identify

security risk and enforce rules and regulations around

the organization in order to avoid such risks and

negative consequences for the company.

• Security Incident Handling

• Audit – Onsite or Remote

• 3rd Party Penetration Test

• Collaboration on Security Policies and

Procedures

• Daily Security Updates and Dashboards

Why Intralinks VIA:

• Simple and intuitive end-user interface

• Advanced IRM to track and control documents in use

• Unique ability to manage encryption keys with CMK

• Standard governance and reporting frameworks

• Multilingual 24x7 end0user support