Scribd Logo
Upload

Welcome to Scribd!

  • McAfee - Securing Your Data Storage With DLP - Alex de Graaf

    Uploaded by

    CIOEastAfrica
    654 views14 pages
    'We lose stuff! you put something down, you get distracted, you forget about it and itPs gone''mobile phones are the biggest issue here. +Number of phones left in taxis every 6 months = 3 per taxi. +52% of us store passwords on our phones, 87. Million of us bank on our phones'

    Original Description:

    Original Title

    McAfee - Securing Your Data Storage With DLP - Alex de Graaf

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    'We lose stuff! you put something down, you get distracted, you forget about it and itPs gone''mobile phones are the biggest issue here. +Number of phones left in taxis every 6 months = 3 per taxi. +52% of us store passwords on our phones, 87. Million of us bank on our phones'

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF or read online from Scribd
    Flag for inappropriate content
    654 views14 pages

    McAfee - Securing Your Data Storage With DLP - Alex de Graaf

    Uploaded by

    CIOEastAfrica
    'We lose stuff! you put something down, you get distracted, you forget about it and itPs gone''mobile phones are the biggest issue here. +Number of phones left in taxis every 6 months = 3 per taxi. +52% of us store passwords on our phones, 87. Million of us bank on our phones'

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF or read online from Scribd
    Flag for inappropriate content
    of 14

    Securing your Stored Data with DLP

    Alex de Graaf
    Senior Manager Sales Engineering
    Emerging Markets EMEA
    McAfee, Inc.
    12/9/21
    …DLP…
    Data Loss?
    or
    Data Leakage?
    2 12/9/21 Confidential McAfee Internal Use Only
    Data Loss…

    • We lose stuff!
    You put something down, you get distracted, you forget about it and
    it’s gone. Stuff falls out of our pockets and bags all the time.
    • Oktoberfest
    At Oktoberfest many smart stupid people lost a lot stuff including 410
    wallets, 4 wedding rings, 1 toaster, 1 set of dentures, 1 prosthetic leg
    and 320 mobile phones.
    • Mobile Phones
    While wallets are problematic, phones are the biggest issue here.
    – Number of phones left in taxis every 6 months = 3 per taxi.
    – Number of phones stolen in London alone = 10,000 per month!!!
    – Our phones transmit almost 17 billion texts per day, 52% of us store
    passwords on our phones, 87.5 million of us bank on our phones.

    3 12/9/21 Confidential McAfee Internal Use Only


    Data Leakage…

    • What part of the computer is causing the most of data leakage?


    – The end-user!
    • As enterprises deploy more systems to promote information sharing,
    the more information leaks
    • Are you using the right technology?
    • Data leakage can not only cause financial loss, but also lead to loss of
    reputation, loss of clients, cause embarrassment to the Organization
    and could lead to legal liability.

    4 12/9/21 Confidential McAfee Internal Use Only


    Data & Risk: What’s driving the need?

    Compliance
    Are there regulatory
    risks?

    Critical Competitive
    Infrastructure Advantage
    Are insiders creating Are insiders putting
    vulnerabilities? the organization at risk?
    Are intruders gaining access Are you better able to protect
    and removing data? your customers’ and
    partners’ data?

    Corporate Governance
    Do employees respect and adhere
    to internal policies and controls?

    Confidential McAfee Internal Use Only


    Data & Risk: Fear of the Unknown

    • Lost / stolen
    devices and
    media
    KNOWN • Blogs, Email, Chat
    • Sensitive
    information
    • “Trusted”
    employees
    How do I get effective
    protection in place in a How do I
    “Where”
    UNKNOWN is the “timely” manner? “automate”
    processes to
    data? reduce audit
    “What” data
    needs “Who” should costs?
    protection? have access to
    the data?

    Confidential McAfee Internal Use Only


    Where’s your Data?

    Data-at- Data-in- Data-in-


    Rest Motion Use

    Identify, Classify Monitor, Notify, Enforce, Audit


    and Protect Prevent and Respond

    Desktops Email USB Sticks


    Notebooks
    Webmail CD / DVD
    Databases
    IM / Chat iPod
    Mail Archives
    File Shares Blogs Ext. Hard drives
    Docu Mgmt Sys File Sharing Printouts

    Confidential McAfee Internal Use Only


    Data & Risk: It’s all about the data!

    High Business Impact


    Compliance Intellectual Property
    (HBI) Information
    • SOX • Customer Lists • Board Minutes
    • HIPAA
    MITS
    PIPEDA EUDPD
    • Price/Cost Lists • Financial Reports
    PCI FFIEC R-DPL
    • PCI Sarbanes- DPA Solvency II
    • Target Customer Lists
    Merger/Acquisitions
    GLBA Oxley
    HIPAA FISMA
    Basel II
    J-SOX •
    • Credit Card numbers
    DPA
    • New Designs
    • GLBA • Company Logo
    • Product Plans
    CPC

    • FISMA DTO-93 DPA


    Art. 43

    SA-PL
    CPA • Source Code • Hiring/Firing/RIF Plans
    • ITAR • Formulas • Salary Information
    • SB 1386 • Process Advantages • Acceptable Use
    • Others • Pending Patents

    …and Importantly:

    What you did not know needed protection

    • Review of Key Employee actions before they announced


    departure
    • Unreported but Important Memos/Reports
    • Code names of projects not reported to Security department

    Confidential McAfee Internal Use Only


    The DLP Challenge…

    DLP Challenge…

    “Protect all sensitive data!


    …and don’t interfere with
    the business!”

    Simple to say, but …


    • What data?
    • From whom?
    • Where is the data?

    Confidential McAfee Internal Use Only


    Understand the Risk!

    The First Step: Understand the Risk!


    Data Protection needs to be tightly woven into the business!

     Sensitive and confidential information can be lost anywhere


     The threat comes from the outside AND the inside!

    Technology is NOT the hard part


     Aligning the business stakeholder is key
     Raise the awareness level for the threat

    Data protection is not a static decision


     Information is constantly changing & travelling
     Partners are changing, so solutions need to evolve

    Confidential McAfee Internal Use Only


    Understand the Risk!

    1. Focus on risk drivers specific to your organization


     Compliance, Intellectual Property
     Business information, staff related information
     Legal information

    2. Define most critical vectors


     Data-at-Rest, Data-in-Motion, Data-in-Use
     Location of data
     Focus on data that travels

    3. Determine the functional stakeholders’ needs


     Interview stakeholders; i.e. legal, HR, compliance, …
     Define their needs & requirements

    Confidential McAfee Internal Use Only


    Indentify, Classify and Protect your data!

    First Step Second Step

    tune &
    refine
     Mine your Data  Define DLP Policy
     Capture Data Transfers  Run report
     Data Classification

    Confidential McAfee Internal Use Only


    Questions?

    Confidential McAfee Internal Use Only

    You might also like