210 likes | 356 Views
Preventing Data Breaches from Internal Risks . Objectives. Identify How Internal Data Security Policies are Being Outflanked. Look at What Kinds of Data are Most at Risk. Strategies to Identify and Plug the Gaps.
E N D
Objectives • Identify How Internal Data Security Policies are Being Outflanked. • Look at What Kinds of Data are Most at Risk. • Strategies to Identify and Plug the Gaps. • Discuss Managed File Transfer as a 360-Degree Solution for End-to-End Data Transfers
“What were the most common causes of data breach(es) occurring in the past 12 months?” Source: "Understand The State of Data Security And Privacy: 2012 to 2013", Heidi Shey, 9/20/12 – Forrester Research, Inc. Base: 583 North American and European IT security executives and technology decision makers whose firms had experienced a breach in the past 12 months
Types of data compromised in recently reported breaches Base: 508 North American and European security decision makers at companies with 20 or more employees and who have had a breach in the past 12 months Source: "Protect Your Competitive Advantage By Protecting Your Intellectual Property From Cyber Criminals", Heidi Shey, July 13, 2012 – Forrester Research, Inc.
Employees do what they need to in order to get the job done. • Install unsupported software applications. • Use a website or internet services that is not supported by the business. • Personally purchase technology and employ it for work. • Use of personal computer or smartphone for business purposes.
Examples of Information at Risk • Intellectual property (product design and specifications) • Test data • Customer lists • Employee compensation and other HR data (i.e. 401K and HIPAA) • CAD, designs and engineering drawings • Pricelists • Contracts and RFPs • Financial and tax data • Sensitive product launch details • Data your company is entrusted to manage (i.e. credit card numbers) • POS data • Business plans
Technology Putting Companies at Risk • FTP Software – Rouge and disparate systems run by different groups • Network Shares – Lack of audit trail and version control • Email – Insecure and lacks governance; large file challenges • Storage Devices – USB drives and CDs easily lost or misplaced • Consumer Tools – YouSendIt and Dropbox lack enterprise security features
What is the Financial Liability of Data Breach Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute released the findings of the 2011 Annual Study: U.S. Cost of a Data Breach, which reveals data breaches grew more costly for the fifth year in a row. The average organizational cost of a data breach is $5.5 million and cost companies an average of $194 per compromised record. • Symantec Corporation | March, 2012
Its time for Managed File Transfer MFT Solves Strategic Challenges by: • Providing Visibility of people, processes and systems affecting and being affected by messages, files, and transactions • Delivering Monitoring which enables companies to proactively/reactively track these messages, files and transactions as they flow through systems and among people • Establishing Security to address risk, identity, access and authentication issues • Providing Adaptability to connect systems and infrastructures • Delivers Provisioning which enables an enterprise to rapidly onboard systems, companies, individuals, and manage all aspects of change • Enabling automated Workflow which allows a company to design, test, and execute processes associated with a file transfer Source: Gartner – “Key Issues for Managed File Transfer”
What is Managed File Transfer? Secure Multiprotocol Communication Process Control and Automation End Point Provisioning Event and Activity Management End to End Visibility Reporting and Administration ContentFiltering Security Policy Management Governance Source: Gartner
What drives investment in Managed File Transfer? Compliance Data Security Cost Control Lack of Governance
Benefits of MFT • Performance Improvements for Business Processes and Collaboration • Maximize business performance by reliable throughput of all data (Business Continuity) • Minimize monitoring, control, audit efforts • Protection of Your Company's Assets • Defense vs. IP theft • Minimize data leakages • Cost Savings by Reduction of • Complexity • Remove costly disparate home-grown spaghetti of transfers by ftp, sftp, file copy, etc. • Get off costly alternatives of big data transfer as given by physical transports of CDs, DVDs etc. • Risk Mitigation for Enterprises and • C-level • Comply with Regulation (by internal policies, by law, by your business partner) • Assure Data Security for all Data in Transit
SEEBURGER MFT Helps Keep Your Corporate Data Safe and Enables You to Meet Compliance Mandates Core compliance aspects met with SEEBURGER Managed File Transfer solutions: • Dual Control and Role-Based Access Controls • Secure Login (SSL) and Unique Session Token • Password Strength and Expiry Enforcement • Alerting and Event Notification • Event Auditing and Log Aggregation (SYSLOG) • Protected Data in Motion (AS2 and Secure FTP) • Protected Data at Rest (PGP and File Encryption Adapter) • Protected Application Metadata (Database and Files) • SQL and JavaScript Injection Prevention • Modular Design Fits Secure Network Model • ICAP Interface Compatible with Spam Blocker and DLP
Managed File Transfer Is About Addressing Business and Technical Requirements Regarding Data in Transit Ad Hoc File Transfer Internal File Transfer B2B File Transfer Central Control Reporting Monitoring Auditing
SEEBURGER Managed File Transfer Solution – Components Managed Integration Managed Collaboration SEE FX SEE Adapter SEE LINK End point client to connect any system in the network, any file type, any operating system and any file size supported Human to Human, Human to System and Ad Hoc large file exchange. Integrated with popular Email system for ease of use Application and protocol specific interface to integrate applications via various standard protocols (FTP, SFTP, HTTP(s), ...) Application Systems SEE LINK SEE LINK ApplicationAdapter Base Functions • End-to-End-Visibility • Checkpoint & Restart • Content filtering • Event & Activity Management • Reporting & Administration • Management & measurement • End Point Provisioning • Secure multiprotocolcommunication • Process control & automation • Governance • Policy Management • Multi-OS & A2A support
End-to-End File Transfer Solution with Governance HR Comprehensive Visibility Managed End Point BW AS2 HTTPs MFT B2B ERP Firewall FTPs, SFTP Core ERP SFTP secure eMail, large files 3rd Party App Pricing Mgmt
SEE FX (Collaboration Portal) VP of Sales Customer List • User authenticates with the portal • Single sign-on and LDAP (Active Directory) supported • File is securely sent over an encrypted connection • File at rest can also be encrypted • Payload is scanned by DLP for unauthorized and inappropriate key words • All events logged, can be outputted to SYSLOG server
SEE FX (Email Plug-in) Engineer Product Design • Plugin tightly integrates with email client • Microsoft Outlook 2007, 2010, and other market leaders • File is securely sent over an encrypted connection • Unlimited file attachment size, allieviates mail exchanger load • Body and attachment is scanned for unauthorized content • Third-party virus scanner and DLP appliance-integrated
SEEBURGER at a Glance • Leading – A global leader in Business Integration, B2B & MFT • International – 19 offices worldwide, customers in 50+ countries • Successful – 8,800 customers from various industries • Stable – Self funded and financially secure, since 1986 • Flexible – Many deployment options • R&D Investment – Organically developed & consolidated B2B/MFT solution International SEEBURGER customers
Questions? Brian Jolley Senior Account Executive b.jolley@seeburger.com