Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DLP: Mobile Helix ILTA Webinar, Dec. 10, 2018


Published on

Speaker: Seth Hallem, CEO Mobile Helix
Network security is not enough. The data itself must be secured. DLP is the current state of the art. We propose Uniform Data Protection. Read more here. Please contact us if you would like to join the UDP Beta in 2019.

Published in: Software
  • Be the first to comment

  • Be the first to like this

DLP: Mobile Helix ILTA Webinar, Dec. 10, 2018

  1. 1. DLP: End-to-end Protection and Policy Control for your Sensitive Data December 10, 2018 Seth Hallem, CEO, Co-founder, Chief Architect Contact:
  2. 2. According to the World Economic Forum, Cyber- Security is one of the biggest threats to business in 2018 risk-ready/ 2
  3. 3. According to an IBM Security- sponsored study, the average data breach costs $3.86 million Businesses 3
  4. 4. 48% of law firms had their data security practices audited by at least one corporate client in the past year 4
  5. 5. Paradigm Shift Network Security ▪ Perimeter protection ▪ Trusted network ▪ Trusted client Data Security ▪ Data protection ▪ Trusted containers ▪ Untrusted client 5
  6. 6. 6 Redefining DLP ▪ Data Loss Prevention is obsolete ▪ Cyber safety requires Uniform Data Protection 6
  7. 7. 7 Uniform Data Protection Data Containers Data Sanctuaries Data Classifiers 7 Data Protection
  8. 8. 8 UDP: Step 1 ▪ What is your most sensitive data, and in what form is that data persistently captured? ▪ UDP Actions: ▪ Identify your firm’s sensitive data ▪ List out all of the places that data may be stored ▪ Select your data sanctuaries ▪ Design a path of least resistance 8
  9. 9. 9 UDP: Step 2 ▪ What are your data containers, and are they safe? ▪ UDP Action: perform a trust audit ▪ Do I trust that the user has been properly authenticated? ▪ Do I trust the integrity of the accessing application? ▪ Do I need to trust the integrity of the system running this application, and do I? ▪ UDP Rule: ▪ Untrusted client applications and devices should never have unmoderated network access to a data sanctuary ▪ Corollary: transitive un-trust 9
  10. 10. 10 UDP: Step 3 ▪ How is data classified by its relative confidentiality? ▪ Do I have policies that are uniformly enforced on my sensitive data? ▪ UDP Rules: ▪ Data classification must be encoded in the sanctuary ▪ Data policies must travel with the data ▪ Once data is shared without any policy enforcement it is lost 10
  11. 11. 11 UDP Realities ▪ Don’t let the pursuit of perfection be a reason for inaction ▪ There is no such thing as perfect data protection – a trusted employee with bad intentions can steal. The goal of UDP is to severely limit any resultant damage. ▪ Be realistic about who wants to steal from you. If you are not a reasonable target for state-sponsored espionage, don’t design a CIA-level solution. 11
  12. 12. 12 Common UDP Pitfalls ▪ The web and your email inboxes are full of untrusted data. No web proxy or spam filter can solve this problem. ▪ Anti-virus is protection, not prevention. A-V is reactive by definition. ▪ VDI ensures that users do not change the underlying OS, but it does not prevent users from browsing the untrusted web, or from opening spam. ▪ Nonetheless, investing in a protective web proxy and top-notch solutions for spam and A-V are common sense, basic requirements for data protection. 12
  13. 13. 13 Our Approach to UDP ▪ Containerize data using an encryption barrier to fully separate trusted data from the untrusted device ▪ Encourage users to capture and record data in a sanctuary rather than move it to a safe place later ▪ Keep data in the sanctuary whenever possible ▪ Leverage DMS for data classification and build policies based on how the data sanctuary already classifies data ▪ Use Information Rights Management and Link File Sharing to safely allow data outside of the encrypted container 13
  14. 14. 14 Link Today ▪ The Link app for iOS and the accompanying Link servers provide a complete, UDP-enabled email solution for users on iPad and iPhones ▪ Android/ChromeBook support in Q1, 2019 ▪ Windows support later in 2019 ▪ [NOTE: potentially add some screen shots here] 14
  15. 15. 15 Link UDP for Exchange 2010/2013 ▪ Server-based transport agent that: ▪ Leverages document ID stamps to determine workspace-driven policies for each document ▪ Allows profile-based rules to restrict outbound email domains or to force approvals for emailing sensitive content ▪ Strips all metadata, and cleanses documents of comments, revision authors, and revision timestamps ▪ Applies pattern-based content filters to avoid emailing SSNs or other identifiable sensitive data ▪ Protects attachments with secure file sharing or with IRM ▪ … and more ▪ Beta in early 2019 – contact us to join the beta program! ▪ Exchange 2016 + Office 365 support in Q2, 2019 15
  16. 16. 16 Why is Link UDP for Exchange Unique? ▪ DMS-driven policies using document ID stamps ▪ Our deep email integration allows a far richer policy set than accept/reject: ▪ Force approvals on emails with certain classes of content ▪ IRM protect attachments when an email is sent ▪ Convert attachments to Link File Sharing hyperlinks on-the-fly ▪ Policy-rejected emails are saved as complete drafts to make it easy to fix them and re-send ▪ Link for iOS removes a major incentive to work outside of your data sanctuaries – attorneys can work with DMS documents anytime and anywhere 16
  17. 17. 17 -Questions -Demo -LINK Free Trial Contact: Next ILTA Webinar: February 11, 2019 “Mobile, Secure NetDocuments Workflows: NetDocuments® DMS + LINK Encrypted App” Register: Q & A