perimeter security is failing
TRANSCRIPT
Why Perimeter Security is Failing A presenta6on by SECUDE
In light of recent data breaches, tradi6onal perimeter security simply
In light of recent data breaches, tradi6onal perimeter security simply
Perimeters can easily be penetrated at key
exposure points where cri6cal business data is store, used, and processed
A companies greatest risk
Is also their greatest asset
A companies greatest risk
Corporate data stored on databases and accessible file systems.
Is also their greatest asset
DATA BREACHES ON THE RISE
Data Breaches
47% of all American adults have been affected
by data breaches
Source: Ponemon Ins6tute
Data Breaches
47% of all American adults have been affected
by data breaches
Source: Ponemon Ins6tute
More than 600 reported data breaches in 2013. A 30 % increase from
2012
Data Breaches
47% of all American adults have been affected
by data breaches
Source: Ponemon Ins6tute
More than 600 reported data breaches in 2013. A 30 % increase from
2012
Cybercrime Costs Global Economy: $575 bil U.S. Economy: $100 bil
Annually
Source: Intel Security and the Center for Strategic and Interna6onal Studies
The Security Risk is Real $5.85 million Average cost of data breach in USA in 2014 Source: 2014 Cost of Data Breach, Ponemon Institute
The Security Risk is Real
42%
29%
30%
Cause of Data Breach
Malicious aYack System glitch
Human error
$5.85 million Average cost of data breach in USA in 2014 Source: 2014 Cost of Data Breach, Ponemon Institute
Source: 2014 Cost of Data Breach, Ponemon Institute
The Security Risk is Real
42%
29%
30%
Cause of Data Breach
Malicious aYack System glitch
Human error Financial consequences of a data breach Divided by categories
29% Reputation damage
21% Lost productivity
12% Forensics
19% Lost revenue
10% Technical support
8% Regulatory
$5.85 million
Source: IBM
Average cost of data breach in USA in 2014 Source: 2014 Cost of Data Breach, Ponemon Institute
Source: 2014 Cost of Data Breach, Ponemon Institute
CURRENT STATE OF THE THREAT LANDSCAPE
0SSN0011010110010010010010100110100PASSWORD1010100101001010010PII0010010011
Today’s Challenges
Cloud & mobility
IT consumeriza6on
Loss of control over corporate data
Today’s Challenges
Cloud & mobility Business collaboraJon
IT consumeriza6on
Loss of control over corporate data
Cloud-‐based and file-‐
sharing tools
No balance between sharing and security
Today’s Challenges
Cloud & mobility Security Business collaboraJon
Data breaches on
the rise
Eroding enterprise perimeter
IT consumeriza6on
Loss of control over corporate data
Cloud-‐based and file-‐
sharing tools
No balance between sharing and security
PERIMETER SECURITY IS NO LONGER ENOUGH
Why Not?
• Corporate perimeter is eroding/has eroded • Businesses don’t know where their data has become a challenge
• Keeping track of corporate data is next to impossible
IT is Borderless
• Data exists to be consumed and shared – Locking everything down and disallowing employees to use data is counter-‐produc6ve
– Data itself should be protected for secure movement and usage
Employees
Partner
Internal Threats
Source: Kaspersky Labs
27% of businesses reported having lost sensi6ve business data due to internal IT threats in the past year, not external
Internal Threats
Source: Kaspersky Labs
27% of businesses reported having lost sensi6ve business data due to internal IT threats in the past year, not external
29% of businesses report accidental data leaks by staff
That is the 2nd most-‐common internal threat and now the largest source of data loss
Internal Threats
Source: Kaspersky Labs
27% of businesses reported having lost sensi6ve business data due to internal IT threats in the past year, not external
29% of businesses report accidental data leaks by staff
That is the 2nd most-‐common internal threat and now the largest source of data loss
Sodware vulnerabili6es are no longer the greatest threat
LAYERED SECURITY APPROACH
Network Protec6on
1 Data Loss PrevenJon (DLP): monitors user ac6vity, restricts confiden6ally tagged informa6on from being emailed or copied, scans storage medium for sensi6ve informa6on, and monitors end point ac6vity. Firewalls: keeps out unauthorized access Virtual Private Network (VPN): a virtual point-‐to-‐point connec6on that can be set up either by direct connec6ons or by virtual tunneling protocols for authorized users outside your network
Storage Protec6on
2 Full Disk EncrypJon (FDE): data on a hard drive scrambles when the machine is off and is decryptable when the machine is running; data cannot be accessed if a storage medium is lost or stolen Trusted PlaUorm Module (TPM): an encryp6on method used to verify the hard disk drive is 6ed to specific device using an embedded crypto processor aYached to the device motherboard AuthenJcaJon: method to gain access to a storage medium using unique passwords, pins, biometrics, smart card, or key fob access
File – Based Protec6on
3 InformaJon Rights Management (IRM): encrypt and place policy based access limita6ons to a file allowing for only permiYed users to use specific opera6ons such as view, edit, copy, and print the informa6on
Once a layered security approach is enabled and properly u6lized, informa6on can have
persistent protec6on regardless of whether it is
in mo6on -‐ NETWORK at rest -‐ STORAGE or in use -‐ FILE
Once a layered security approach is enabled and properly u6lized, informa6on can have
persistent protec6on regardless of whether it is
in mo6on -‐ NETWORK at rest -‐ STORAGE or in use -‐ FILE
Why File-‐Based Protec6on Should Not be Overlooked
Sensi6ve informa6on is protected no maYer where it’s moved, including
mobile and cloud plahorms
Prevents unauthorized viewing and use of sensi6ve data
The document itself is protected. Even if hackers get access to the
protected documents, they cannot “unlock” them to view in clear text
FAIL – SAFE: when other protec6on mechanisms fail, sensi6ve documents
will s6ll be safely protected
File-‐Based Protec6on with Microsod Rights Management
• Persistent usage policies, which remain with the informa6on, no maYer where it is moved, sent or forwarded.
• An addi6onal layer of privacy to protect sensi6ve informa6on —such as financial reports, product specifica6ons, customer data, and confiden6al e-‐mail messages—from inten6onally or accidentally gelng into the wrong hands.
• Prevent an authorized recipient of restricted content from forwarding, copying, modifying, prin6ng, faxing, or pas6ng the content for unauthorized use
Source: Microsod
File-‐Based Protec6on with Microsod Rights Management
• Prevent restricted content from being copied by using the Print Screen feature in Microsod Windows
• Support file expira6on so that content in documents can no longer be viewed ader a specified period of 6me
• Enforce corporate policies that govern the use and dissemina6on of content within the company
Source: Microsod
Key to Microsod Rights Management
Protect any file type
Office docs, PDF, text, and Images
Protect with data-‐centric security
Protec6on stays with data all the 6me
Share with anyone Inside and outside of the
enterprise
Consume on mobile devices
Support of most popular mobile plahorms
Meet varied organizaJonal needs
Protec6on enforced in the cloud or on-‐premise
Control your keys
Delegated access to data with BYOK
EXTENDING FILE-‐BASED PROTECTION TO SAP DATA
Persistent protecJon
In case device is lost or stolen or cloud is hacked, data is s6ll secure
Extending RMS file-‐based protec6on beyond the
boundaries of the enterprise to SAP – the largest ERP applica6on
SAP at the Heart of the Enterprise
HR PII
SSN Salary figures
FI/FHCM Bank account numbers Budgets Invoices
BW Strategy details Vendors and resources
QM Product specs
Trade process secrets
CRM Client info
Credit card numbers
PP Trade secrets
Secret formula Pricing strategy
CO Balance sheets Cash flows Accounts payables & receivables
SD Revenues Billing
Every Day Data is Extracted from SAP
ReporJng AnalyJcs ForecasJng & Planning
Financial/ HR/ Sales reports Standard /MSS/ Ad hoc reports Crystal reports GRC reports
BI/ BO/ BW analy6cs Predic6ve analy6cs/ HANA Financial analy6cs Business analy6cs
Sales planning & forecas6ng Workforce planning Material requirement planning Logis6cs & produc6on planning
Halocore for SAP NetWeaver
Protec6on
Intercepts data
leaving SAP
Suggests or enforces
classifica6on
Protects data
encryp6on +policy
Creates audit trial
Advanced audi6ng & repor6ng
Rights Management
Fine-‐grained access policies
Compliance Audit
Halocore Benefits
• Provides data-‐centric protec6on of sensi6ve SAP informa6on
• Minimizes risk of data breaches, thed and loss
• Controls who has access to sensi6ve informa6on
• Boosts secure collabora6on • Enables compliance • Offers advanced audi6ng
capabili6es
Halocore for SAP NetWeaver
Persistent protecJon
In case device is lost or stolen or cloud is hacked, data is s6ll secure
Halocore for SAP NetWeaver
Persistent protecJon
In case device is lost or stolen or cloud is hacked, data is s6ll secure
Policies Owner-‐only Department Company Partner
Consultant
Halocore for SAP NetWeaver
Persistent protecJon
In case device is lost or stolen or cloud is hacked, data is s6ll secure
Policies Owner-‐only Department Company Partner
Consultant
Data-‐centric protecJon
Data/documents themselves are persistently protected
FOR MORE INFORMATION
Click the link below to read a complete interview on how Halocore can limit data leakage with the use of Microsod RMS.
Read Now Microsoft RMS is now limiting SAP data leakage with the help of Secude
Halocore Data Export Auditor
• Free tool to monitor data movement inside and outside of SAP
• Helps to track sensi6ve data distribu6on in the company and iden6fy possibly weak spots
• Does not require a Microsod RMS infrastructure
• Each and every download is tracked
• The log can be displayed with an easy-‐to-‐use report transac6on, in an ALV grid
• Data can be extracted and analyzed with more powerful tools, such as Business Objects
• Request download at www.secude.com
LEARN MORE ABOUT AUDITING YOUR DATA NOW
Click HERE
