information in motion: content protection in the ... 1 - track 2.3 - mr. gary lau... · information...
TRANSCRIPT
© Intralinks 2014 1
Information in Motion:Content Protection in the Enterprise Achieving Business Value, Governance and Compliance
Gary Lau
CISA, CISSP
Senior Presales Consultant
North Asia
© Intralinks 2015 Intralinks Confidential — Internal Use Only 2
A long record of enabling the most demanding
global enterprises and business users
Company
Customers
Innovation
• Founded in 1996 with more than 1,000 employees
• Publically traded (NYSE:IL), with $276.2M revenue (FY 2015)
• Leading firms across manufacturing, energy, insurance, professional
services, engineering and other regulated and IP-intensive industries
• More than 100 customer security audits and penetration tests
completed in the last 18 months
Business Impact• $28.1T of financial transactions enabled
• 35K new users per month, 68K logins per day
• ~2M active users, including employees of 99% of the Global 1000
• Highest R&D investment (share of revenue) among peer public tech firms
• Sustained record of technology firsts: Cloud VDRs, validated
pharmaceutical trials in the cloud, integrated IRM, plug-in free IRM for
external collaboration, customer-managed encryption keys
© Intralinks 2016 © Intralinks 2015 Intralinks Confidential — Internal Use Only
Accelerating Business Beyond
Boundaries
Intralinks helps businesses accelerate deals, streamline digital processes, deepen customer engagement and reduce regulatory risk.
3
© Intralinks 2016
How business gets done is changing…
New Security
Threats
Evolving
Regulatory
Environments
Rise of Cross
Boundary
Processes
Modern Work
Environment
Digital
Business
Transformation
…but, all business processes still require the
exchange of content.
© Intralinks 2016
Due Diligence
Policies & Proc
Training
Audit
Examinations
Self-Assess
Investigations
Monitors
Remediation
5
Rules
Regulations
Regulatory
Agencies
Audit & Acct
Firms
Consulting
Firms
confidential supervisory information / sensitive business document
BANK Risk
Committee
Board of
Directors
Chief
Risk Officer
Chief
Compliance
Officer
Vendor Risk
Management
Exam
ManagementFinancial
Intelligence
Unit
Executive
Leadership Team
Law Firms
Vendors
Law
Enforcement
Customers
Reporting
Prevent Detect Respond
Regulatory risk management is a complex mix of people, process, and
systems
Anti-Money
Laundering
Unit
Monitor
Liaison
Office
© Intralinks 2016
Customers Third PartiesLaw
Enforcement
Regulatory
Agencies
Audit / Acct
Firms
LoB 1 LoB 2 LoB 3
Risk
Management
Regulatory
ComplianceRegulatory
AffairsLegal
Internal Audit
6
External
Parties
Business
Operations
Governance
Risk &
Compliance
Validation
Compliance management systems have lots of operational and
information security risk
Financial
Intelligence
© Intralinks 2015 Intralinks Confidential — Internal Use Only 7
Unmanaged content creates risk
Over and under retention
Information leakage
Data sovereignty compliance
Regulatory compliance
Unauthorized access
Consequences:
• Cost – regulatory fines
• Cost – unbound storage hardware
• Loss of business agility
• Lost trust or reputation with customers
© Intralinks 2015
Is my content safe?
Is it stored in a compliant way?
Can I get it out if I need to?
© Intralinks 2015 9
Customers are demanding the ability to:
1. Control and secure enterprise information wherever
it resides – cloud, on-premise, hybrid, local or
international
2. Seamlessly control and secure enterprise
information regardless of how it is accessed –
desktop, mobile devices, tablets, etc.
3. Embed control of content at the document level
with granular permission management
4. Implement easy to use – easy to install solutions,
without compromising security
5. Grant and revoke access to content to ensure
internal and external content is controlled.
How do I protect my company’s content?
“Bank Grade Security”
Copyright © Intralinks 2013 all rights reserved 10
Man in the Cloud Attacks
http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-drive----sans-malware-/d/d-id/1321501?_mc=RSS_DR_EDT
http://www.zdnet.com/article/dropbox-google-drive-onedrive-files-man-cloud-attack/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61
http://www.imperva.com/docs/imperva_Hacker_Intelligence_Initiative_No22_Jul2015_v1d.pdf
Copyright © Intralinks 2013 all rights reserved 11
© Intralinks 2015 Intralinks Confidential — Internal Use Only 12
Can you work across boundaries ?..
© Intralinks 2015 Intralinks Confidential — Internal Use Only 13
.. and protect information in motion..
© Intralinks 2015 Intralinks Confidential — Internal Use Only
.. in an evolving risk and threat landscape
© Intralinks 2014
Establishing a global enterprise standard for regulatory risk
management
Single Platform to manage all regulatory risk documents –
addressing Prevent, Detect and React process stages
Operational Controls including complete and accurate
records of:
• Documents shared, with whom, and when – evidencing
business decisions / escalations
• Activity reports at the group, user, workspace, folder,
and document levels
• Comments accompanying documents
Information Security including encryption at rest, in use,
and in motion
Enterprise Standards to enforce best practices for
collection, creation, review and distribution of regulatory
documents (based on function and stage of the regulatory
process)
15
© Intralinks 2016 Intralinks Confidential — Internal Use Only
Intralinks Content Collaboration Network™
Intralinks
Workspaces
EnterpriseSecurity &Governance
BusinessProcesses
ECM and Cloud Storage
Distributed
Nodes
Integration Fabric
Regulatory and Security Standards
© Intralinks 2016
LoB 1 LoB 2 LoB 3
Financial
Intelligence
Risk
ManagementLegal
Regulatory
Affairs
Internal Audit
17
External
Parties
Business
Operations
Governance
Risk &
Compliance
Validation
Intralinks Platform
Regulatory
Agencies
Audit / Acct
FirmsCustomers Third Parties Law Enforcement
Intralinks provides one secure platform to manage operational and
info security risk for exchanging files
Regulatory
Compliance
Encryption
Audit
Trails
Information
Rights
Management
Auto
Generated
Alerts
User/Group
Access Levels
Activity
Reports
Folder/File
Access Levels
No Storage Limit
Watermarks
Workflows
Print Control
© Intralinks 2014
1
2
3
Make SaaS secure for the enterprise
Protect your content in all of its phases
• At rest, in transit, and in use
• Information Rights Management
Maintain geo-location control of your data stored in the cloud
• Secure public, private, & hybrid architectures
• Maintain control of encryption keys
Align your business with the four pillars for secure collaboration
• Comply with internal/external rules of governance
• Control the entire sharing process centrally
• Control content for its entire lifecycle
• Establish technology and infrastructure security
© Intralinks 2015 Intralinks Confidential — Internal Use Only 19
99% of Fortune 1,000 use Intralinks
Copyright © Intralinks 2014 all rights reserved
Secure SaaS Platform Infrastructure
Application Security
- Risk-based Multi-Factor Rules Engine
- Data-Driven Authentication Rules
- Channel-Driven Single Sign-on
- Data Encryption at rest and in transit
- Built-in Information Rights Management (IRM) and
dynamic watermarkingInfrastructure Security
- Global Zones
- Hardware Security Module to host Customer
Managed Keys
- DDoS Protection and Web Application Firewall
- Secure DNS/Website Cloaking People & Process Security
- Dedicated Security Team
- Security Operations Center
Security & Regulatory Certifications
• SOC 2 Type II (formerly SAS 70 Type II)
since 1999
• SSAE 16/SOC1 certified [US and UK
data centers]
• ISO/IEC 20000-1:2005 certified [US
data centers]
• ISO 27001:2005 and ISO 9001 certified
[UK data centers]
• ISAE 3402 certified [UK data centers]
• Safe Harbor
• 21 CFR Part 11 validated for electronic
records
• DoD 5220.22M compliant
• SOX compliant
Copyright © Intralinks 2014 all rights reserved 21
Completed more than 1,280 security
audits, penetrations tests and
security questionnaires for leading
enterprises and financial institutions
in the past 2 years (March 2014 –
March 2016).
Assessment History
© Intralinks 2014
Industry recognition
© Intralinks 2016 Company Confidential - For Internal Use Only 22
“Intralinks’ architecture gives
customers data sovereignty and
geolocation capabilities, which are
particularly valuable in
regions/countries with regulations
protecting data privacy.”
- 2015 Magic Quadrant for EFSS
“…[Intralinks] holds a
strategic offering where
security and governance
come first.”
Ranked #1 vendor by Gartner
for Collaboration and Social
Software Suites
(10 years in a row…)
Named a “Leader” in The
Forrester WaveTM: Enterprise
File Sync and Share
Platforms, Cloud Solutions,
2016
2015 KuppingerCole
Leadership Compass for
Information Security
Best Global M&A Platform:
Intralinks Dealspace®
© Intralinks 2014
Solutions across enterprise-wide use
Risk and Compliance• Operational Risk Management
• Vendor and Third-Party Oversight
• Anti-Money Laundering and Financial Crimes
• Regulatory Exam Readiness and Reporting
• Third-Party Compliance Monitors
Marketing and Digital• Campaign Execution
• Digital Asset Collaboration
• Agency Collaboration
• Sales Enablement
Technology
Solutions• SharePoint and ECM
Externalization
• USB and Removable
Media Replacement
• Shadow IT
• Large File TransferFinance, HR and Legal• Audit Management
• Compensation Planning and Analysis
• Electronic Employee Files
• Litigation Support
• Contract Management
• Board Communications
Advisory and Corporate Development• M&A Due Diligence
• Deal Sourcing and Marketing
• Deal Pipeline Management
• Clean Rooms and Post-Merger Integration
IT and Program Management• Source Code Transfer
• Outsourced Vendor Collaboration
• Change Program Management
Retail Banking, Private Wealth and
Asset Management Operations• Client and Investor Communications
• Customer Interactive Communications
• Broker/Direct Mortgage Submissions
• Loan Review and ProcessingCapital Markets and Corporate Banking• Syndicated Lending
• Debt Financing
23
© Intralinks 2014 24
Reference Use Case – Marketing Department
Marketing projects teams are often comprised of internal
staff and external organization that need access to a
company’s sensitive documents. Need control over the
contents and to have a way to retract the information
after the project or campaign is over.
• Marketing agencies
• PR firms
• Consultants
• Vendors
Why Intralinks VIA:
• Securely share content with outside vendors and unshare materials after the project or engagement is over.
• Allows marketers to collaborate on the required materials creation both internally and externally with
efficiency and security.
• Allows large files of up to 11GB to be share easily and securely, promoting more efficient collaboration on
digital projects.
© Intralinks 2014 25
Reference Use Case – Security Department
The mission of a corporate security team is to identify
security risk and enforce rules and regulations around
the organization in order to avoid such risks and
negative consequences for the company.
• Security Incident Handling
• Audit – Onsite or Remote
• 3rd Party Penetration Test
• Collaboration on Security Policies and
Procedures
• Daily Security Updates and Dashboards
Why Intralinks VIA:
• Simple and intuitive end-user interface
• Advanced IRM to track and control documents in use
• Unique ability to manage encryption keys with CMK
• Standard governance and reporting frameworks
• Multilingual 24x7 end0user support
© Intralinks 2014
Intralinks demo
26
© Intralinks 2014