InfoSecurity Magazine - Data Loss Prevention

862 views

Published on

An introduction to "data loss prevention". Originally created as material for a webinar, organised by InfoSecurity Magazine.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

InfoSecurity Magazine - Data Loss Prevention

  1. 1. Data Loss Prevention in 2009 Simon Perry Principal Associate Analyst - Sustainability © 2009 Quocirca Ltd
  2. 2. What is this presentation about? •  This presentation deck was created in November of 2008, and updated in February of 2009. •  It gives an overview of the the concept of “data loss prevention”; including: –  Market drivers that create the need for DLP –  An introduction to the layered content/computer/ context model of security –  Recommendations on policy approaches and desirable technology features –  Pointers to further reading © 2008 Quocirca Ltd
  3. 3. Market Drivers Increased Effective More and petty theft Asset more remote and Targeted Management workers thefts Internal External © 2009 Quocirca Ltd
  4. 4. C++ Security Context • Location • History Computer • HW state • SW stack • Classified Content • Encrypted • Trackable • Erasable © 2009 Quocirca Ltd
  5. 5. Security classifications • Sensitive • Publicly corporate available data content Unregulated, Generally commercially open advantageous Unregulated, Highly commercially regulated advantageous • Personally • Intellectual Identifiable property Information © 2009 Quocirca Ltd
  6. 6. Preventing data loss Data inclusion and movement policy Data protection policy and technology “Diving save” – cleaning up the mess © 2009 Quocirca Ltd
  7. 7. Recommendations •  Truly critical data should not be copied to laptops and other portable devices •  When portable devices are taken out of the office with critical data onboard they must be encrypted •  Access controls should exist to ensure critical data can’t be forwarded inappropriately •  The ability to remotely delete and wipe critical information provides the “diving save” •  This is a problem that bridges the virtual and physical worlds – where a device physically is is important to the execution of the protection policy © 2009 Quocirca Ltd
  8. 8. References and further reading •  Managing 21st Century Networks (Quocirca, January 2007) http://www.quocirca.com/pages/analysis/reports/view/store250/item3609/?link_683=3609 •  The Distributed Business Index (Quocirca, March 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item20918/? link_683=20918 •  Quocirca recommends the forthcoming book from Stewart Room of Field Fisher Waterhouse LLP based on its seminar series reviewing legal aspects of data protection and data privacy. For more information go to: http://www.ffw.com/publications/all.aspx?Person=1282 •  Why Application Security is Crucial (Quocirca, March 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item21107/? link_683=21107 •  Superhighway at the Crossroads (Quocirca, September 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item21547/? link_683=21547 © 2009 Quocirca Ltd

×