Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Data Centric Security - Information Technology and Management

Data Centric Security:
The Village Idiot lives in the
Castle
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
http://www.savidtech.com
Copyright ©2011Savid Technologies, Inc. All Rights Reserved
Who am I?
» Michael A. Davis
– CEO of Savid Technologies
• IT Security, Risk Assessment, Penetration Testing
– Speaker
• Blackhat, Defcon, CanSecWest, Toorcon, Hack In The Box
– Open Source Software Developer
• Snort
• Nmap
• Dsniff
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
About Savid
»
»
»
»
»
»
»
Founded in 2003
Chicago & DC Offices
Think Tank of security professionals
Diverse set of IT skills
Unique, agile combination of expertise
Cater to the special security needs of our clients
We love what we do and will work hard to meet our
clients’ needs
Our focus is unique, high-end solutions. We do NOT
provide “cookie-cutter” solutions because our clientele
do not have “cookie-cutter” problems.
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Author
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
InformationWeek Contributor
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Where we got our data
» April 2010 Survey
» Over 1,000 security professionals
» Follow-up Interviews with Fortune 1000
CSO/CISOs
» 229 Companies with a security breach
» Wide Variety of industries
– Financial
– Healthcare
– Business Services
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Agenda
» We have been trying to solve the wrong
problem
» Trends that you cannot seem to protect
against
» 5 Rules in Deploying DLP – Don’t follow
them and you will fail
» Questions
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
The External Attack is Dead
» Data is sent outside the organization after
an attack
» No one focuses on what happens “after
they break in”
» How do I reduce the time to react to an
incident?
» How do I know how far they got?
» Who do I notify?
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
What People Think of Security
Internal Network
The Firewall will protect us!
The Big Bad Internet
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
What is everyone concerned with?
Source: Savid/Information Week Data Survey, 2010
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Complexity is everywhere
Services
FS Applications
Applications
Storage
Collaboration
Security
IDS
AV/Spyware
Content Filtering
Business
intelligence/
Analytical
applications
Identity Management
Network & Systems
Management
Management Vendors
Vulnerability Assessment
Regulatory Compliance
Application
integration
Monitoring
Firewalls
Dynamic Provisioning
Application
development
tools
Management
Database
OS
Hardware
platform
Anti-Spam
Computer
Network
Storage
Source: CA, 2009
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Say Sorry 46 different ways
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
What is Data Centric Security?
» Policies/Process are based on data type
» Technical Controls work at the data level
– Not protocol
– Not port
» Data Controls can be anywhere
– Not just the perimeter
» Threat based Security evolves too quickly
– How often do your data types change?
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
What got you here won’t get you
there
» It is all about the data!
» Data Centric Security must replace threat
focused security
» Focus on the Four W’s
– Where
– What
– Who
– Why
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
People are essential
» 24% of enterprises are “very confident”
about data classification
Source: Savid/Information Week Data Survey, 2010
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
How do we control this data?
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
People are Data Owners
» People own data, not things
» It should not be IT!
» Security Projects without business is
worthless
» Understand the culture
– Don’t use tech words
» Get marketing involved
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
There is too much data!
» Growing amount of data was top growth
concern for increased vulnerability
» Up from 17% of respondents to 33%, a
52% increase
» Deperimeteratization is taking hold
– Starbucks is your news corner office
– Social Media is staying
– Facebook is not a marketing tool, it is an
attack platform
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Where to start
» Establish a data classification schema
» It will be iterative – be dynamic
» Do not use Military structure – Use your
own
Source: Savid/Information Week Data Survey, 2010
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
I want DLP – Now what?
» Rule #1 – Strategy – You are not deploying DLP
» Decide on the desired result, develop a plan,
and monitor progress
» Align DLP programs with overall data protection
strategy – Must span enterprise
» 42% of organizations have IT manage the data
» 57% say the business determines the value
» Look for leaders, not silver bullets
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Rule #2 – People are essential
» 24% of enterprises are “very confident”
about data classification
Source: Savid/Information Week Data Survey, 2010
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Rule #2 – People are Data Owners
» People own data, not things
» It should not be IT!
» DLP without business is worthless
» Understand the culture
– Don’t use tech words
» Get marketing involved
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Rule #3 – Know thy data
» Establish a data classification schema
» It will be iterative – be dynamic
» Do not use Military structure – Use your
own
Source: Savid/Information Week Data Survey, 2010
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Rule #4 – Don’t think this is just
about DLP
» Focus on enabling business processes
– This is your link to the business impact
» You must consider the various business
processes that support the use of DLP
technology
» Event management, event classification,
business unit remediation, incident
response, reporting, and system
operations
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Rule #4
» Ensure that you scope the entire
enterprise
» It is all about Data Security
– Data in Motion
– Data at Rest
– Data at the endpoint
» What about Identities?
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Rule #5 – Walk toward prevention
» DLP is not a set and forget it
» Continuously tune policies
» Be iterative and involve the core
stakeholders
– Shows more value while reducing risk
– Proactive communication is key
» Gradually turn on prevention
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Don’t forget..
» Ensure that you scope the entire
enterprise
» It is all about Data Security
– Data in Motion
– Data at Rest
– Data at the endpoint
» What about Identities?
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Conclusion
» Thank you
» Michael A. Davis
mdavis@savidtech.com
(708) 243-2850
» Questions?
Copyright ©2011 Savid Technologies, Inc. All Rights Reserved
Related documents
Google Classroom Notice - Daily Learning Plan
Google Classroom Notice - Daily Learning Plan
Advanced Computing Security
Advanced Computing Security
Monthly News, updates, and tips from the SecureCarolina project team April 2015
Monthly News, updates, and tips from the SecureCarolina project team April 2015
Week 1: Unit One: Fiction and Nonfiction. Week 2 and 3: Week 3 and
Week 1: Unit One: Fiction and Nonfiction. Week 2 and 3: Week 3 and
AB 4 - Indopacific Education Services
AB 4 - Indopacific Education Services
Agents Character with
Agents Character with
Optimizing Your DLP Solution - Aurora IT
Optimizing Your DLP Solution - Aurora IT
DLP Coverage
DLP Coverage
Data Loss Prevention DLP Service - Aurora IT
Data Loss Prevention DLP Service - Aurora IT
Netskope Certified Cloud Security Integrator NSK200 Dumps
Netskope Certified Cloud Security Integrator NSK200 Dumps
Endpoint DLP overview
Endpoint DLP overview
IRJET-Data Leak Prevention System: A Survey
IRJET-Data Leak Prevention System: A Survey
Develop-a-Successful-Data-Loss-Prevention-Strategy (1)
Develop-a-Successful-Data-Loss-Prevention-Strategy (1)
EY Data Loss Prevention
EY Data Loss Prevention
deepdiveintomicrosoftpurviewdatalossprevention-365educonchi-final-231106153517-e6cc7048
deepdiveintomicrosoftpurviewdatalossprevention-365educonchi-final-231106153517-e6cc7048
MethodologyforDataLossPreventionTechnologyEvaluationfor
MethodologyforDataLossPreventionTechnologyEvaluationfor
Understanding and Selecting DLP.V2 .Final
Understanding and Selecting DLP.V2 .Final
Download