Keynote: The Future of Data Leakage Prevention

Similar documents
Product Brief. Circles of Trust.

Top. Reasons Legal Teams Select kiteworks by Accellion

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

white paper SMS Authentication: 10 Things to Know Before You Buy

SECURITY THAT FOLLOWS YOUR FILES ANYWHERE

Identity Management as a Service

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Evaluating Encryption Products

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

CipherCloud CASB+ Connector for ServiceNow

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Virtru Microsoft Protection

Federated Authentication for E-Infrastructures

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

McAfee Total Protection for Data Loss Prevention

Who s Protecting Your Keys? August 2018

This Message Will Self-Destruct The Power of Collaboration with an Expiration Date

Choosing a Full Disk Encryption solution. A simple first step in preparing your business for GDPR

Mobile: Purely a Powerful Platform; Or Panacea?

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Federated authentication for e-infrastructures

SECURE DATA EXCHANGE

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Security Enhancements

Single Sign-On. Introduction

Identity Management: Setting Context

Business Advantages. In this age of heightened awareness of information security issues...

Are You Avoiding These Top 10 File Transfer Risks?

Table of Contents. Why Get Secure Messaging? Secure Messaging Business Advantages

INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Securing the New Perimeter:

White Paper. This Message Will Self-Destruct. The Power of Collaboration with an Expiration Date

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

KuppingerCole Whitepaper. by Dave Kearns February 2013

Secure Access & SWIFT Customer Security Controls Framework

E-Share: Secure Large File Sharing

SAFE-BioPharma RAS Privacy Policy

University of Sunderland Business Assurance PCI Security Policy

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Transforming the Document Signing Process

Security Secure Information Sharing

Protecting Your Cloud

Understand & Prepare for EU GDPR Requirements

MESSAGING SECURITY GATEWAY. Solution overview

Securing Data in the Cloud: Point of View

Direct, DirectTrust, and FHIR: A Value Proposition

SAP Single Sign-On 2.0 Overview Presentation

White Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

Axway Validation Authority Suite

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

Simplifying Information Sharing Across Security Boundaries. Deep-Secure Overview 12 th November 2013, Prague. Presentation to.

Managing Devices and Corporate Data on ios

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

Jeff Wilbur VP Marketing Iconix

Secure Government Computing Initiatives & SecureZIP

Security and Architecture SUZANNE GRAHAM

EBOOK The General Data Protection Regulation. What is it? Why was it created? How can organisations prepare for it?

Cirius Secure Messaging Single Sign-On

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

E-Share: Secure Large File Sharing

Make security part of your client systems refresh

THALES DATA THREAT REPORT

Securing Office 365 with SecureCloud

Security

Virtual Machine Encryption Security & Compliance in the Cloud

This website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups.

Geolocation and Application Delivery

Case Study Public and Commercial Services Union Strengthens Backup Infrastructure for Cybersecurity and Compliance Challenges

Leveraging HSPD-12 to Meet E-authentication E

Effective Strategies for Managing Cybersecurity Risks

STOP FREAKING OUT. A short, simple guide to tackle the New York Department of Financial Services Cyber Regulations

An Enterprise Approach to Mobile File Access and Sharing

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Mobile Devices prioritize User Experience

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

SIEM: Five Requirements that Solve the Bigger Business Issues

Registration and Authentication

Teradata and Protegrity High-Value Protection for High-Value Data

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Biometric information protection

Digitalisation and electronic signatures

Watson Developer Cloud Security Overview

Cloud Security. Presented by Richard Brown

PROTECT WORKLOADS IN THE HYBRID CLOUD

The security challenge in a mobile world

CISCO SHIELDED OPTICAL NETWORKING

2016 BITGLASS, INC. mobile. solution brief

Layer Security White Paper

Secure Messaging is far more than traditional encryption.

Transcription:

Keynote: The Future of Data Leakage Prevention ISSS Zürcher Tagung 2010 1.6.2010, WIDDER Hotel, Zürich Sandy Porter Head of Identity and Security, Avoco Secure Information Security Society Switzerland 1

Data Leakage Prevention The Future Sandy Porter Head of Identity, Security and Strategy at Avoco Secure Copyright 2010 Information Security Society Switzerland 2

Data Leakage Prevention has been around for sometime The UK military articulated the problem in an interesting way: During the cold war we assumed that the second data has been created it will be stolen - What can you do? - Protect data at inception and link it to multiple authentication and identity. - Put the access controls/permissions in the right hands No to the data administrators Yes compliance, legal etc Information Security Society Switzerland ISSS2010XZ643293 3

Data Leakage Prevention has been around for sometime The military have Hundreds of thousands of users in de-perimeterised environments. - This requires an untethered architecture that dynamically protects data wherever it resides and can easily integrate/enable different systems. Information Security Society Switzerland ISSS2010XZ643293 4

How you protect your valuable Information is simple and makes sense. Encrypts the contents you wish to protect. Authenticates who can access that content. Controls what the recipient can do with that content. So why not just do it if it is so easy? Information Security Society Switzerland ISSS2010XZ643293 5

Data leakage - issues DLP products basically stop at the perimeter and so address only part of the problem. So the failure to prevent the major recent leaks in the UK civil government and businesses should not be surprising. You cannot control your client/partner end points etc Which means building a new authentication system, co-opting users into it. It is limited also in its ability to apply policy as it is not an ID system. Next level up is Rights Management. The issues of deploying complex tethered licensed server systems which also have significant issues beyond the perimeter. Functionality of no print, no copy etc is of limited value if the wrong person accesses the data in the first place. Information Security Society Switzerland ISSS2010XZ643293 6

Data leakage - issues DLP products and Rights Management in the future? Complementary deployment Yes the add value. Direct integration Many issues and of limited value in the new world. What is missing from a combined offering is try linkage to identity and policies associated with each individual or organisation. Information Security Society Switzerland ISSS2010XZ643293 7

An Example of extending DLP products with Protection Settings for a strong Rights Management product. No copying content should include: No third party screen capture No access of content in memory (e.g. WinHex) Watermarking with the person and organisation information. No printing content Audit Track the location of data Read Only Access controlled by multiple identities and identifiers. Date restrictions: No access until Expire after Watermark Information Security Society Switzerland ISSS2010XZ643293 8

Data leakage - issues Data is now in a de-layered and de-perimeterised world today. Insiders and outsiders unauthorised access to information is an even higher risk now. Top of the Jericho forum agenda is secure collaboration. It is a must and achieving will add real value. Information Security Society Switzerland ISSS2010XZ643293 9

Enabling Secure collaboration Controls access to, and use of, documents based on identifying/authenticating a user. Permit documents to be restricted by location. Allows usage of content to be restricted e.g. copying, printing, date restrictions, use in virtual machines, etc. Information Security Society Switzerland ISSS2010XZ643293 10

Trusted sharing of confidential information In the De-perimeterized world and future Clouds, data must be considered in a new way and how you protect it has to change. Previously static data that did not get disseminated. Data is now dynamic in an environment encompassing distributed computers and distributed users. In this environment, the ability to link dynamic security policies to identity and information is a key enabling factor in creating solutions that will persistently secure and control that information. Information Security Society Switzerland ISSS2010XZ643293 11

The components required to successfully protect encapsulated data going forward: The data itself being viewed as a nugget and the protection being an inherent part of this, to create a secured data package. This secured data package being un-tethered (independent) and so retaining the natural fluid movement that is a defining aspect of unstructured data. Directly linking an identity or identities to the secured data package setting a policy of belonging to (policy linkage). Information Security Society Switzerland ISSS2010XZ643293 12

The components required to successfully protect encapsulated data going forward: Driving the protection of the data package using policies. Applied automatically at any point in the data cycle. That can be changed dynamically on demand. Applying an additional layer of controls to the use of the content after access to assure integrity. This linkage ensures that even if re-directed, accidentally or maliciously, or taken out of residence, access to the content will be prevented without the correct access token. Information Security Society Switzerland ISSS2010XZ643293 13

The components required to successfully protect encapsulated data contd: These elements, built into the process of retaining data, will ensure privacy of the information due to a culture of belonging to built into the system: The security of the data is determined by the encryption and controlled access. The integrity is assured by the post access content controls. Identities, dynamic policies and claims being utilised to enforce where, when, why, who and how data can be accessed. Information Security Society Switzerland ISSS2010XZ643293 14

Identifying Users in the De-perimeterised World. New types of digital identity are being developed. Follow the model of geographic / location independence and user centricity. More liberating than existing desktop/device based methods (e.g. Smart card certificates). But can utilise these systems to add security. Examples are User Centric Identities including OpenID initiative and Information Cards. Information Cards can act in both desktop and Cloud domains Issue around security for OpenID. Information Security Society Switzerland ISSS2010XZ643293 15

Identity and Policy Leverage identity and policy by the use of multiple authentication and dynamic claims to access and control content contained in files. Revoke an identity and an individual ceases to have access to the documents wherever the reside. I cannot revoke a national or third party s identity. Create a user centric identity like an information card and you can control the revocation of the card or dynamic claim. Or rather than revoke an identity, associate a dynamic claim with an I-Card which can be changed in real time. An Audit Information card can be use to revoke access to email, documents and other resources. Information Security Society Switzerland ISSS2010XZ643293 16

Information Card Identity Are a digital representation of the real world you and they contain: Claims and Credential which belong to you and can be almost anything. They can be verified by third parties. Third parties can supply verified claims. Information Security Society Switzerland ISSS2010XZ643293 17

Information Card Identity Selectable verification includes X509 digital certificate, voice biometric, I-Cards etc... Custom dynamic claims may be added e.g. user security clearance level, reputation rating (1-10 star), credit agency, passport office, driving license, National ID Supports instant revocation of either claims or the cards themselves to revoke or change access rights. Information Security Society Switzerland ISSS2010XZ643293 18

Offers: Privacy, Security Users and providers can specify which I-card may be used, when, and how and where. Users can control the information supplied to third parties. Dynamic claims can be associated with the use of each identity. Takes the best of credit cards, PKI and user name password models. Simple to use, low cost and ease of deployment. Information Security Society Switzerland ISSS2010XZ643293 19

New thinking and how claims add value Wherever possible, we believe that personal data should be controlled by individual citizens themselves. New UK Government Bi-directional Trust can increase security and reduce liability. People are able to see and control what they share. Education of users and ensuring only the right data is shared when required are benefits. DLP policies can now easily be associated and applied via user centric identity claims. Information Security Society Switzerland ISSS2010XZ643293 20

An example of the first stage we are looking at for a customer: Cloud Selector Service and Managed Information Cards for 60 million users. Citizens IDP & Cloud Selector Service Web Applications: Access Control Single Sign-on Personalization AD LDAP Govt Legacy Application A: Access Control Log on with Information card, OpenID, Biometric or PKI Govt Legacy Application B: Access Control Civil Servants Govt Legacy Application C: Access Control Firewall Information Security Society Switzerland ISSS2010XZ643293 21

Location Where data is accessed is becoming more relevant. Online services and the Cloud. Regulatory and privacy requirements. An example of applying location control. Information Security Society Switzerland ISSS2010XZ643293 22

Choose your location Once your location coordinates are set you can then say what can be done with the document after access Can be combined with any of the other access control mechanisms to add additional layer of authentication Information Security Society Switzerland ISSS2010XZ643293 23

Location aware Data in a De-perimeterised World Location aware data can be tracked and actions on it audited inside and outside the zone. The movement of the data is being tracked and when it is outside of the access zone will not open. Information Security Society Switzerland ISSS2010XZ643293 24

The Cloud is an Opportunity and not just a Risk Because of the real-time nature of online or Cloud based applications, policies associated with content in the Cloud can be changed at any point, and automatically updated to reflect that change. This provides powerful workflow control. This will enable highly granular control. Identity services can be hosted. Dynamic claims services online accessed in real time. This extends DLP beyond the perimeter. Information Security Society Switzerland ISSS2010XZ643293 25

The Future Content (information) centric based approach to security + Information Card (User centric and friendly) + Multiple Authentication (More secure) + Geographic Location (Greater control) + Live Tracking (Audit and traceability) = Enhances Security in a De-layered Network and De-perimeterized World. Information Security Society Switzerland ISSS2010XZ643293 26

Thank you Sandy Porter sandy.porter@avocosecure.com +44 (0)791 750 7636 www.avocosecure.com Data in motion - which may be located anywhere needs security linked to user centric identities and dynamic policies- that are seamlessly applied to your information. Sandy Porter 2010 Information Security Society Switzerland ISSS2010XZ643293 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback