Documente Academic
Documente Profesional
Documente Cultură
we can
table of contents
executive summary
SECTION 1 Why is data loss prevention important now? 4 Information is at the core Information is hard to protect SECTION 2 Top 10 deployment success factors provide complete control of data 1. Discover and protect data of multiple types and states 2. Improve control of messaging 3. Flexible, customized remediation options Take an identity-centric approach 4. Identity-based policy 5. Identity-based policy administration 6. Identity-based remediation Provide rapid value 7. Accurate 8. Scalable 9. Modular Enable content-aware IAM 10. Integrate information protection and IAM SECTION 3 Conclusions CA DLP delivers on all requirements SECTION 4 About the author 4 4
5 5 5 6 6 6 7 7 8 8 8 9 9 9 10 10 10
executive summary
Challenge
Information is at the core of your organization. The creation and sharing of digital information within the typical organization continues to accelerate. Being able to effectively and efficiently protect and control this information to and from numerous locations or persons is a prerequisite for effective security and compliance. However, the very same technologies such as cloud computing, virtualization and social networking that allow this advanced level of openness, connectivity and collaboration between employees, customers, and partners can also generate an enormous security risk for your organization. A single breach of sensitive data, whether inadvertent, intentional or downright malicious, can expose organizations to far reaching financial, public relations, legal, and brand reputation costs.
Opportunity
You can reduce risk by learning where valuable information is located throughout the organization, how and where it is being moved, and the level of risk it represents. In addition to preventing information security breaches of Personally Identifiable Information (PII), Intellectual Property (IP), and other Non-Public Information (NPI), your information protection and control solution should also mitigate the risks created by inadvertent, unsafe or noncompliant use of data. Data loss is a symptom of ineffective information protection and control. There are now opportunities for your organization to not only prevent data loss but take control of your most critical information.
Benefits
A robust solution will help your organization find, classify, and control the use of sensitive data throughout your organization while providing such potential benefits as: Identifying and analyzing data at major control points Preventing the inadvertent or malicious disclosure of sensitive information Addressing government and industry information protection regulations Preventing violations of general corporate security and behavioral policies Monitoring and controlling use of information based on identity and role Educating users on the proper use of critical data Confidently leverage new technologies and platforms
Section 1:
Section 2:
3. Flexible, customized remediation options Instead of a one-size-fits-all approach that only allows passive, post-violation review or indiscriminate blocking of all suspected violations, your information protection and control solution should provide the flexibility to take the right action for every individual data policy violation. Once an event has been determined to be a violation, your information protection and control solution should respond in real time with the appropriate action such as alerting, blocking, quarantining, warning, encrypting, or applying digital rights. Each response should be gauged specifically to the type and severity of the violation as well as the identity of the violator. For example, an infraction caused by the company CEO may need to be handled differently than one by a sales rep or a member of the research team. Other appropriate responses include redirecting the user to an informative webpage on company security policy, providing procedural support to complete the task at hand, classifying the relevant message or file, updating an incident dashboard, and silently capturing problematic activity. In addition, when you discover data at rest you should be able to move, copy, delete, or tag files based on the type of violation. Many organizations are looking to also control legitimate use of sensitive information and provide persistent controls over their data and monitor proper protection. To enable this IT and security professionals are looking for tighter integration between their information protection solution, encryption, and Digital Rights Management (DRM). Through automated understanding of data content and context, information protection and control solutions can help enhance both encryption and DRM technologies. Without this integration encryption and DRM solutions are less effective because end users need to manually classify data; this in turn limits deployments and places more burden on the data users. Key Takeaway: Protecting information is not just about either monitoring or blocking misuse but about proper enablement and education. An information protection and control solution will help you take the appropriate action based on the classification of the data, the identity of the violator, and how the data is being used. This will enable end user awareness of data policy and serve as the foundation for encryption and digital rights management technology.
5. Identity-based policy administration Identities and an identitys relationship to information are as dynamic as the data itself. People continually change roles and responsibilities in your organization so you need to be able to dynamically adjust data policy based on role and identity changes. Most organizations administer the change of system and application access with an identity management solution. The identity management processes and technology should now extend and integrate with the information protection and control solution. This integration enables better protection of sensitive data by identity and role. For example, an HR associate cannot send HR data anymore to anyone in the sales organization. Without taking identity and role into consideration traditional DLP solutions would have to implement generic rules that applied to everyone on the organization. Key Takeaway: What a user can and cant do with data is correlated with their role in the organization. An effective information protection and control solution will leverage this intelligence to apply the right data policies to the right users at the right time. 6. Identity-based remediation A holistic information protection and control solution analyzes and tracks all data in your organization. The review and reporting of these events need identity centric and role based controls. An optimized remediation process should always feature native visibility controls that securely determine which person can review a specific violation. The reviewer must be able to view all relevant information including the full message, complete files, and attachments in their original formatsas well as be able to search automatically or in an ad hoc manner, and to easily find related incidents to aid investigations. The solution has to control data access and delegate incident review based on the access rights and roles. For example, only HR executives can see and remediate HR data violations. Without this type of granular control, security managers could see all violations and be exposed to sensitive information in the process. Your information protection and control solution should not only find all genuine policy violation incidents, but also provide quick and identity based remediation of them. Key Takeaway: Data violations will undoubtedly occur in any organization but the remediation of those violations is not always the responsibility of the security team. Most violations need to be delegated to a manager, HR, compliance or some other function based on the type of violation. The solution needs to know about and route the violations to the right identities and only allow them to see the violations they are responsible for.
9. Modular A solution based on a set of modular, distributed components allows companies to immediately and cost effectively address their most pressing requirements while being able to add new controls as their needs change. This type of platform architecture enables the system administrator to determine which combination of control points provides necessary coverage for your company. In some cases, only desktop or laptop controls may be desired, while in others, network control points will be necessary. Endpoint or client components should be able to provide protection even when disconnected from a central server or from the corporate network. When the user re-connects to the corporate network, new policies must be automatically downloaded and captured and incidents seamlessly uploaded. All capabilities must be supported regardless of the number of policies used or the number of control points. In addition, the information protection and control solution must work in a variety of locations (desktops, network, messaging servers and data repositories) in any sequence, with supplementary modules able to be added later. Key Takeaway: As new data types, channels, and protocols emerge, the solution should be able to adapt to these evolving requirements. Compared to a rigid or unproven solution, one with a modular, distributed architecture providing superior flexibility, scalability, performance, and fault tolerance is the best way to address both current and future information risk needs.
Companies leveraging content-aware technologies improve not only the organizations ability to share its sensitive data, but also to protect it.
Derek Brink, CISSP
Aberdeen The 2010 Data Loss Prevention Report
Section 3:
Conclusions
CA DLP delivers on all requirements Data loss is a symptom of ineffective information protection and control. CA DLP is an information protection and control solution. CA DLP helps protect organizations from a wide range of data loss and misuse by detecting and responding appropriately to the true violations that can cause extensive financial, legal, public relations, and brand damage. Industry-leading detection methods and analysis avoid creating massive queues of false-positives, enabling organizations to concentrate compliance and data loss review efforts on genuine breaches and pursue immediate corrective action. CA DLP monitors and detects violations across many control points, including email, IM, Web, mobile mail, FTP, file repositories, and endpoint activity. Once an infraction is detected, it takes appropriate actions such as blocking, warning, quarantining, or alerting a supervisor. Equally important, the intelligent review process provides an array of capabilities that allows administrators to focus exclusively on security violations relevant to their specific area of oversight. Integrated workflow facilitates advanced searching, escalation, and other case management activitiesall of which automatically builds an extensive audit trail. Finally, ongoing education helps employees understand, self-correct, and prevent future data loss risks. The CA DLP product helps organizations protect and control sensitive data where it is stored or used, significantly minimizing the risks associated with uncontrolled information. It addresses a broad set of risks while reducing the operational burdens associated with the detection and remediation of these risks. Data loss prevention is part of a holistic Identity and Access Management strategy. A multi-faceted content-aware IAM solution allows organizations to manage identities, control access, and protect how people use the data they have access to. This approach helps organizations streamline IT security environments and enables them to be more secure, agile, and compliant with regulations and privacy mandates. By implementing holistic, automated, and integrated solutions, organizations striving towards lean and efficient IT systems should be well positioned to realize a faster time-to-value and a reduction in costs, manual review, and security risks.
Section 4:
10
CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environmentsfrom mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems.
Copyright 2010 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. 3023_1010