The document provides an overview of data security, highlighting threats from malicious and non-malicious insiders and the various types of sensitive corporate information at risk. It discusses Data Loss Prevention (DLP) as a critical process and technology to protect sensitive data across different states - at rest, in motion, and in use. Best practices and common mistakes in implementing DLP frameworks are detailed, along with capabilities and credentials of Happiest Minds in the data security sector.

1. Happiest Minds
Data Security Overview

2. Data Security Overview
The insider who acts
with malicious intent
Typically someone with
 Administrator rights
 Privileges to access sensitive information such as a sales & finance
department, executive etc.,
Non-malicious insider
violates policy or leaks
data without seeking
to do so
Not all data loss within an organization is malicious. In most cases, data loss is
the result of
 Common risky behavior eg: using personal email account for work purposes,
Careless/Unauthorized use of Corporate Resources
 Common human errors/Lost or stolen devices
External
Criminality
Insider
Threat
Threat Profile
Typical
Categories
of
Sensitive
Corporate
Info
 Patent & copyright information
 Trade secret/Process Advantages
 R&D data
 Source Code/ Formulas
 Knowledge base
Intellectual Property
 Board Minutes
 Un-released financial data
 New Product designs
 Target customer lists
 M&A strategy & plan information
 Sales & pricing data
 Tax & Litigation information
 Hiring /Firing information & Salary data
Confidential Corporate Information
 Sensitive personal data
 Education or professional information
 Health-related information
 Detailed transaction information
Regulated information
3

3. Data Loss Prevention - Defined
Data Loss Prevention (DLP) is a process
first. The technology is simply an enabler
for the automation of the process.
DLP is a security term that refers to a
solution that identifies, monitors, &
protects sensitive data to detect &
prevent the unauthorized use &
transmission of confidential information
by inspecting sensitive content, and
audits and enforces content use policies
Data Loss Prevention can be used for:
 Regulatory compliance
 Intellectual property protection
 Accidental data loss
 Data theft
Data at Rest - Sitting idle in
storage (Storage DLP)
Data in Motion -Traveling
across network
(Network DLP)
Data in Use - Being used at
the endpoint
(End Point DLP)
File servers
Databases
Portals/
SharePoint
Laptops
E-mail
Web
Network
FTP
USB
CD/DVD
Printers
Applications
4

4. Approach to Data Loss Prevention
Classify Sensitive Data1
Evaluate & Select right DLP product2
Develop a slow and steady
implementation plan
3
Define & Configure
access rules
5
Develop Incident Response
capability
6
Data Loss Prevention
Implementation Best
practice
Discover / Identify Data4
Monitor & Fine-tune policies &
configuration
7
Retain data for audit purpose 8
5

5. Common Mistakes & Best Practices
 Lack of trained resources
 False positives due to bad policy
 Perception that ownership resides with IT
 Ignoring the legal & regulatory framework
 Underestimation of the need for ongoing maintenance
 Purchasing DLP product is definitely not adequate
 Employees are trained and aware of the data loss risks
associated with sensitive data
 Lack of trained resources
1. Undertake a phased rollout
a. Begin deployment with a single, simple policy of limited scope in monitoring mode
b. Take time to tune the policy until expected results & expand by adding policies & enforcement actions
2. Good directory integration
a. DLP policies are closely tied to users, groups etc.,
b. Organizations with sloppy directories, may make tracking down an offending user or applying policies to the right people difficult
3. Work tightly with business units, don't just start enforcement
a. Work with the management of that unit, then deploy policies -- first in monitoring, and then in notification mode
b. Collect feedback to tune the policy to balance business needs and risk management
4. Involve legal and compliance stakeholders for clarity on various legislation & regulatory enforcement needs
5. Biggest stumbling blocks for DLP deployments is failure to prepare the enterprise.
a. define your expected workflows for creating new protection policies and
b. handling incidents involving insiders and external attackers
6

6. Happiest Minds Credentials in Data Security Area
 Security Practice focused on
innovative and disruptive
technologies with 170+
members
 Dedicated Data Security
Practice with 50+ person
years of experience in Data
Security
 Innovation and technology
led Consulting practice
leverages cutting edge tools
to optimize time & cost
 Innovative Delivery Model
 CoE contribution for reusable
components, templates,
artifacts & design patterns
for Data Security
 Strong Alliance with product
vendors to create the best in
class solution
 We are independent of
vendors & have access to
leading data loss products.
We will recommend the most
appropriate way forward
 Team of 10+ Data Security
Consultants & Specialist in
Data Security Leading
products from McAfee,
Gigatrust, Vormetric,
Symantec, RSA etc.
 Experienced Team will pre-
plan their work by leveraging
the experience and
knowledge base
 Experienced team that has
executed over 10+ large Data
Security projects across
Fortune 500 companies in
the past
 Pre-built use cases for
Enterprise wide Data Security
 Productized solutions to
expedite Data Security rollout
process
Focused Data Security Line with end-to-end capability1
Ready to use templates for data discovery, classification & analysis2
A track record of delivery with high quality team of consultants3
Innovation Led approach4
7

7. Thank You