260 likes | 373 Views
The future of Data Protection. David Chow. What to learn ?. Overtaking is decided much more by the better line and later brake point than the acceleration and top speed of a car Excellent Brakes – or more abstract: excellent security – makes a Formula 1 car better than its peers.
E N D
The future of Data Protection • David Chow
What to learn ? • Overtaking is decided much more by • the better line and • later brake point than the acceleration and top speed of a car • Excellent Brakes – or more abstract: excellent security – makes a Formula 1 car better than its peers
Translated to the business • Businesses are today under huge pressure to drive fasterincreasing their risk at the same time • In our data driven industries - > the risk for the business is the risk of the data • Best-in-class security is needed • Good data protection makes a business drive faster and overtake their competition
Mobile Devices Case 1: Technology changes increase the risk Virtualization Software as a Service platforms
Where do data leakages occur? 8% 20% 12% Source: IDG, Study Results from Data Leakage Business Survey, February 2008
Who wants Free WiFi ? Details of online activity are easily captured and can be replicated to get into the account. e.g. FreeWiFi$0Hl($I0{ EOEBEEEJEBCACACACACACACACACACACA($I`HTTP/1.1 200 OKServer: Apache-Coyote/1.1Server: Betex HTTP ServerSet-Cookie: JSESSIONID=C49D0B7439D67452D3D2FFBC3223AB5D; Path=/Set-Cookie: betexPtk=betexLocale%3Den%7EbetexRegion%3DGBR%7EbetexCurrency%3DGBP%7EbetexTi meZone%3DEurope%2FLondon; Domain=.betfair.com; Expires=Sat, 21-Jan-2012 00:44:13 GMT; Path=/Set-Cookie: betexPtkSess=betexRegionSessionCookie%3DGBR%7EbetexLocaleSessionCookie%3Den%7Eb etexSkin%3Dstandard%7EbetexTimeZoneSessionCookie%3DEurope%2FLondon%7EbetexCurre ncySessionCookie%3DGBP%7EbetexBrand%3Dbetfair; Domain=.betfair.com;
Case 3: Sloppiness + underestimated data value 25 million data records lost on 2 unprotected CDs Per data record: Names, addresses, bank details, familiy status, insurance status, tax details Estimated value per record for criminals: 60 GBP p.r. Estimated value of the package: 1.5bn GBP Estimated productivity loss at banks: 2-3bn GBP Estimated cost for prevention: 8.000 GBP Official result of the investigation: „loss of data was entirely avoidable“, „serious flaws in security management, processes, poor communication and low morale“ – a „muddle-through culture“
Recession times are risky Tech staff admit they'd steal secrets if laid off Most IT staff would steal sensitive company information, including CEO's passwords and customer details, if they were laid off, according to a new survey from Cyber-Ark. A staggering 88 percent of IT administrators admitted they would take corporate secrets, if they were made redundant.
Lets structure the different cases „Risk increasing“ technologies for data sharing High marketability and monetization of PII data Employee underestimates data value „Risk denying“ behaviour of employees handling data
A model for Data Security RiskexposurE Data valuE
Data Security is always optimization RiskexposurE Data valuE
What do we provide ? • Better end user acceptance: • Transparency for the enduser • Easy Data sharing • Single sign-on • Easy recovery processes • Simplicity = Consistency = Better security • - One management console for • Synchronisation with AD • Fast and easy initial encryption • Transparent keyrings • Quick reports • Expert support: • Local 1st Level support • Best in class partners and services RiskexposurE Data valuE
Raising the optimization curve • Better end user acceptance: • Transparency for the enduser • Easy Data sharing • Single sign-on • Easy recovery processes • Simplicity = Consistency = Better security • - One management console for • Synchronisation with AD • Fast and easy initial encryption • Transparent keyrings • Quick reports • Expert support: • Local 1st Level support • Best in class partners and services RiskexposurE Data valuE
The Sophos advantage • True Value Generation for our customer • Better end user acceptance • Simplicity = Better security • Expert support • => We allow our customersto drive their business faster RiskexposurE Data valuE
Rule No. 1 – protect data everywhere SafeGuard DLP/CMF SafeGuard Data Exchange SafeGuard File & Folder Encryption SafeGuard Device Encryption SafeGuard Port & Config. Protection SafeGuard Management Center SafeGuard Data Exchange SafeGuard Port & Config. Protection SafeGuard Partner Connect Microsoft, Intel, Seagate Deploy on all devices Don´t forget removable media Think about servers and SaaS All users and all computers sync‘ed from the directory One Management console One Reporting and Auditing
Rule No. 2 – Simplicity is better Security Simplicity delivers Least investment Best security • Makes security manageable, ensures consistency • Comprehensive capabilities, without conflicting agents • Ensures compliance across the enterprise • Reduces operational complexities of security • Minimizes training requirements, eliminates need for deep internal security expertise • Ensures high quality and responsive support/service $ 22
Rule No. 3 – Security solutions acting in concert Sophostechnologies Content Behavior Enforcement Authorization Digital nomads combining work and fun
Rule No. 4 – Analyze for weak links Example: Encryption is only secure if your key is secure
Sophos Data Protection pushes your racing line RiskexposurE Data valuE