SlideShare a Scribd company logo

How classification changes the way you look into corporate data

Download as PPTX, PDF
Watchful Software
Watchful Software

Learn how RightsWATCH is unique in its ability to dynamically enforce an organization’s information security and control policy on all types of unstructured data, at the point it’s created.

Software
1 of 17
How Classification changes the way you look into corporate data www.watchfulsoftware.com March, 16th 2016
Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2 Agenda 1 Introductions & “House Rules” 2 Business Context & Challenges 3 Policy-driven Classification 4 The Enterprise Security “Puzzle” 5 How can RightsWATCH help? 6 Product Demo 7 Key takeaways 8 Q&A andWrap-up
Introductions Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 3 Cátia Franco House Rules  You are muted centrally. You don’t need to mute/unmute yourself  This webinar is being recorded. You’ll have access to it On-demand at www.watchfulsoftware.com/en/resources  The Q&A session will be at the end. You are welcomed to enter questions anytime, using the Questions feature in the GoToWebinar control panel Cátia serves as Product Marketing Manager for Watchful Software, and is responsible for product strategy, positioning and messaging.
1 Corporate information is the most valuable asset that most organizations have, outside of their people 2 Intricate and unclear data classification strategies, or even inexistent 3 Widespread use of laptops and mobile devices 4 Growing list of legislative and regulatory requirements Business Context & Challenges Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 4
Policy-driven Classification Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 5 data is truly sensitive? should have access to it? is the data to be handled? should the classification change? What Who How When should the data be protected?Where
Legacy Data Bulk and automatic classification of existing data that resides on the corporate network Data Loss Prevention Applying data-centric policies to files and emails to educate and prevent going against corporate policies Data Analytics Comprehensive audit trail for forensic analysis, together with enhancing SIEM tools for reporting Data Classification & Labelling Identify and classify sensitive data via impact-free user experience Rights Management Enforcing role-based access control policies over files, anywhere Mobile Devices Support for BYOD and the ability to classify and protect sensitive data on top of MDM The Enterprise Security “Puzzle” Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 6
1 Classifies data automatically right at the point of origin 2 Allows the automatic update of the classification of files after a specified date in the future 3 Increases user and organizational awareness for the value and sensitivity of data 4 Delivers a comprehensive audit trail for real-time data analysis and data intelligence How can RightsWATCH help? Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 7
1 Data Classification & Labelling 2 Legacy Data 3 Data Loss Prevention 4 Rights Management 5 Mobile Devices 6 Data Analytics © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 8 Product Demo Thursday, March 17, 2016
Intelligent Time Access (ITA) for automatic file re-classification Data Classification & Labelling © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 9Thursday, March 17, 2016
Legacy Data 10© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. RightsWATCH Global Protector Client The user right clicks the file/folder and selects the classification to be applied to the file(s). Corporately defined policy rules can overwrite user decisions and choices RightsWATCH Global Protector Server Automatic classification of files. Corporately defined policy rules are applied on every file type the Global Protector finds in the process of scanning corporate repositories RightsWATCH Global Protector Web Software component installed on an IIS web server. MS Office files are classified when exported/downloaded from the web server, being the process completely “transparent” to the end user. Thursday, March 17, 2016
Warning Rule Trigger a “warning” to the user performing an action Blocking Rule Trigger a “blocking” action and prevent the user from doing what he/she was hoping to accomplish Data Loss Prevention 11© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. Tagging for DLP The data asset is tagged at the metadata layer to enhance the efficiency and effectiveness of the DLP policies Thursday, March 17, 2016
Rights Management 12 User is informed if any of the recipients will be unable to open the rights protected email and can act upon it © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. Ignore Ignore the warning and send the email anyway Remove Remove the recipient(s) from the recipients list, and then send the email Classify as Public Downgrade the classification level of the email being sent so that all recipients are able to open and read it Thursday, March 17, 2016
Single Sign-on and PIN Authentication Automatic App Configuration AppTunnel Integration Secure Data Removal Device Pinning Classify Data Enforce RBAC policies Remote KillAccess On-demand Mobile Devices 13 MDM + Manage the device Manage the data on the device © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved.Thursday, March 17, 2016
ComprehensiveAuditTrails InformationTracking for ForensicAnalysis Event Correlation Dashboards, KPIs, Alarms and Reports RightsWATCH server stores the logs in SQL Database A SIEM is “fed” by RightsWATCH's database for knowledge generation Metrics/KPIs Reports Alarms DataAnalytics 14© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved.Thursday, March 17, 2016
1 Design a simple information security model, easy to understand, implement and apply 2 Use proper tools to implement your data classification initiative 3 Take in consideration your data’s lifecycle and flexible classification 4 Make sure you address any necessary legislative and regulatory requirements Key takeaways Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 15
Check out the “Resources” area on www.watchfulsoftware.com and watch short product walkthrough demonstrations of how RightsWATCH address a comprehensive set of use cases E-mail info@watchfulsoftware.com to request a demo of RightsWATCH This webinar is being recorded.You’ll have access to it On-demand at www.watchfulsoftware.com Q&A andWrap-up Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 16
How Classification changes the way you look into corporate data www.watchfulsoftware.com March, 16th 2016

Recommended

The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirements
Watchful Software
 
How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus Analytics
Aujas
 
Zero trusted networks: Why permiterer security is dead
Zero trusted networks: Why permiterer security is deadZero trusted networks: Why permiterer security is dead
Zero trusted networks: Why permiterer security is dead
Jochen Kressin
 
Testings 1 (1)
Testings 1 (1)Testings 1 (1)
Testings 1 (1)
AndreyZatserklaniy
 
Blog secure channels inc
Blog secure channels inc Blog secure channels inc
Blog secure channels inc
Secure Channels Inc.
 
Cyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsCyber Security Tips for Small Firms
Cyber Security Tips for Small Firms
Scott Griffith
 
6 ways to manage IT Security
6 ways to manage IT Security6 ways to manage IT Security
6 ways to manage IT Security
Monami Saluja
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 

Recommended

The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirements
Watchful Software
 
How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus Analytics
Aujas
 
Zero trusted networks: Why permiterer security is dead
Zero trusted networks: Why permiterer security is deadZero trusted networks: Why permiterer security is dead
Zero trusted networks: Why permiterer security is dead
Jochen Kressin
 
Testings 1 (1)
Testings 1 (1)Testings 1 (1)
Testings 1 (1)
AndreyZatserklaniy
 
Blog secure channels inc
Blog secure channels inc Blog secure channels inc
Blog secure channels inc
Secure Channels Inc.
 
Cyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsCyber Security Tips for Small Firms
Cyber Security Tips for Small Firms
Scott Griffith
 
6 ways to manage IT Security
6 ways to manage IT Security6 ways to manage IT Security
6 ways to manage IT Security
Monami Saluja
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management Provider
Tawnia Beckwith
 
How to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven cultureHow to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven culture
Shahid Shah
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in Healthcare
SecureAuth
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs help
CipherCloud
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPR
Abhishek Sood
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
FREVVO
 
Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016
Laurent Pacalin
 
5 must-have security testing tools for your pentesting tasks
5 must-have security testing tools for your pentesting tasks5 must-have security testing tools for your pentesting tasks
5 must-have security testing tools for your pentesting tasks
Pentest-Tools.com
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
Seclore
 
Watchful Corporate Overview
Watchful Corporate OverviewWatchful Corporate Overview
Watchful Corporate Overview
Watchful Software
 
How classification augments data loss prevention
How classification augments data loss preventionHow classification augments data loss prevention
How classification augments data loss prevention
Watchful Software
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16
Ravindran Vasu
 
Strategies for policy driven information classification
Strategies for policy driven information classificationStrategies for policy driven information classification
Strategies for policy driven information classification
Watchful Software
 
Secure information sharing - the external user dilemma
Secure information sharing - the external user dilemmaSecure information sharing - the external user dilemma
Secure information sharing - the external user dilemma
Watchful Software
 
Make a case for Data Classification in your organization
Make a case for Data Classification in your organizationMake a case for Data Classification in your organization
Make a case for Data Classification in your organization
Watchful Software
 
How to leverage office 365
How to leverage office 365How to leverage office 365
How to leverage office 365
Watchful Software
 
Leverage your Siem Tool with RightsWATCH
Leverage your Siem Tool with RightsWATCHLeverage your Siem Tool with RightsWATCH
Leverage your Siem Tool with RightsWATCH
Watchful Software
 
Bringing policy based classification to Sharepoint
Bringing policy based classification to SharepointBringing policy based classification to Sharepoint
Bringing policy based classification to Sharepoint
Watchful Software
 
Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23
Patrícia Alves
 
Addressing todays Governance Risk and Compliance Requirements
Addressing todays Governance Risk and Compliance RequirementsAddressing todays Governance Risk and Compliance Requirements
Addressing todays Governance Risk and Compliance Requirements
Watchful Software
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
Ashish Patel
 
Soluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hpSoluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hp
at MicroFocus Italy ❖✔
 

More Related Content

What's hot

Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management Provider
Tawnia Beckwith
 
How to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven cultureHow to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven culture
Shahid Shah
 

What's hot (9)

Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management Provider
 
How to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven cultureHow to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven culture
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in Healthcare
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs help
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPR
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016
 
5 must-have security testing tools for your pentesting tasks
5 must-have security testing tools for your pentesting tasks5 must-have security testing tools for your pentesting tasks
5 must-have security testing tools for your pentesting tasks
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 

Similar to How classification changes the way you look into corporate data

Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16
Ravindran Vasu
 
Secure information sharing - the external user dilemma
Secure information sharing - the external user dilemmaSecure information sharing - the external user dilemma
Secure information sharing - the external user dilemma
Watchful Software
 
Addressing todays Governance Risk and Compliance Requirements
Addressing todays Governance Risk and Compliance RequirementsAddressing todays Governance Risk and Compliance Requirements
Addressing todays Governance Risk and Compliance Requirements
Watchful Software
 
Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?
Ocean9, Inc.
 

Similar to How classification changes the way you look into corporate data (20)

Watchful Corporate Overview
Watchful Corporate OverviewWatchful Corporate Overview
Watchful Corporate Overview
 
How classification augments data loss prevention
How classification augments data loss preventionHow classification augments data loss prevention
How classification augments data loss prevention
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16
 
Strategies for policy driven information classification
Strategies for policy driven information classificationStrategies for policy driven information classification
Strategies for policy driven information classification
 
Secure information sharing - the external user dilemma
Secure information sharing - the external user dilemmaSecure information sharing - the external user dilemma
Secure information sharing - the external user dilemma
 
Make a case for Data Classification in your organization
Make a case for Data Classification in your organizationMake a case for Data Classification in your organization
Make a case for Data Classification in your organization
 
How to leverage office 365
How to leverage office 365How to leverage office 365
How to leverage office 365
 
Leverage your Siem Tool with RightsWATCH
Leverage your Siem Tool with RightsWATCHLeverage your Siem Tool with RightsWATCH
Leverage your Siem Tool with RightsWATCH
 
Bringing policy based classification to Sharepoint
Bringing policy based classification to SharepointBringing policy based classification to Sharepoint
Bringing policy based classification to Sharepoint
 
Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23
 
Addressing todays Governance Risk and Compliance Requirements
Addressing todays Governance Risk and Compliance RequirementsAddressing todays Governance Risk and Compliance Requirements
Addressing todays Governance Risk and Compliance Requirements
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
 
Soluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hpSoluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hp
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security Battleground
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
 
Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?
 
Behavior biometrics - The silent revolution in digital fingerprinting
Behavior biometrics - The silent revolution in digital fingerprintingBehavior biometrics - The silent revolution in digital fingerprinting
Behavior biometrics - The silent revolution in digital fingerprinting
 
Personium - Open Source PDS envisioning the Web of MyData
Personium - Open Source PDS envisioning the Web of MyDataPersonium - Open Source PDS envisioning the Web of MyData
Personium - Open Source PDS envisioning the Web of MyData
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
10 Most Effective Big Data Technologies
10 Most Effective Big Data Technologies10 Most Effective Big Data Technologies
10 Most Effective Big Data Technologies
 

More from Watchful Software

Jump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationJump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data Classification
Watchful Software
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data Classification
Watchful Software
 

More from Watchful Software (7)

Jump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationJump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data Classification
 
Global Thought Leadership Webcast Presentation
Global Thought Leadership Webcast PresentationGlobal Thought Leadership Webcast Presentation
Global Thought Leadership Webcast Presentation
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data Classification
 
You can't teach an old dog new tricks
You can't teach an old dog new tricksYou can't teach an old dog new tricks
You can't teach an old dog new tricks
 
The X Factor in Data Centric Security
The X Factor in Data Centric SecurityThe X Factor in Data Centric Security
The X Factor in Data Centric Security
 
RightsWATCH Secure Collaboration with Azure RMS
RightsWATCH Secure Collaboration with Azure RMSRightsWATCH Secure Collaboration with Azure RMS
RightsWATCH Secure Collaboration with Azure RMS
 
The 5 Key Trends for Insider Threat
The 5 Key Trends for Insider ThreatThe 5 Key Trends for Insider Threat
The 5 Key Trends for Insider Threat
 

Recently uploaded

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 

Recently uploaded (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 

How classification changes the way you look into corporate data

  • 1. How Classification changes the way you look into corporate data www.watchfulsoftware.com March, 16th 2016
  • 2. Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2 Agenda 1 Introductions & “House Rules” 2 Business Context & Challenges 3 Policy-driven Classification 4 The Enterprise Security “Puzzle” 5 How can RightsWATCH help? 6 Product Demo 7 Key takeaways 8 Q&A andWrap-up
  • 3. Introductions Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 3 Cátia Franco House Rules  You are muted centrally. You don’t need to mute/unmute yourself  This webinar is being recorded. You’ll have access to it On-demand at www.watchfulsoftware.com/en/resources  The Q&A session will be at the end. You are welcomed to enter questions anytime, using the Questions feature in the GoToWebinar control panel Cátia serves as Product Marketing Manager for Watchful Software, and is responsible for product strategy, positioning and messaging.
  • 4. 1 Corporate information is the most valuable asset that most organizations have, outside of their people 2 Intricate and unclear data classification strategies, or even inexistent 3 Widespread use of laptops and mobile devices 4 Growing list of legislative and regulatory requirements Business Context & Challenges Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 4
  • 5. Policy-driven Classification Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 5 data is truly sensitive? should have access to it? is the data to be handled? should the classification change? What Who How When should the data be protected?Where
  • 6. Legacy Data Bulk and automatic classification of existing data that resides on the corporate network Data Loss Prevention Applying data-centric policies to files and emails to educate and prevent going against corporate policies Data Analytics Comprehensive audit trail for forensic analysis, together with enhancing SIEM tools for reporting Data Classification & Labelling Identify and classify sensitive data via impact-free user experience Rights Management Enforcing role-based access control policies over files, anywhere Mobile Devices Support for BYOD and the ability to classify and protect sensitive data on top of MDM The Enterprise Security “Puzzle” Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 6
  • 7. 1 Classifies data automatically right at the point of origin 2 Allows the automatic update of the classification of files after a specified date in the future 3 Increases user and organizational awareness for the value and sensitivity of data 4 Delivers a comprehensive audit trail for real-time data analysis and data intelligence How can RightsWATCH help? Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 7
  • 8. 1 Data Classification & Labelling 2 Legacy Data 3 Data Loss Prevention 4 Rights Management 5 Mobile Devices 6 Data Analytics © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 8 Product Demo Thursday, March 17, 2016
  • 9. Intelligent Time Access (ITA) for automatic file re-classification Data Classification & Labelling © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 9Thursday, March 17, 2016
  • 10. Legacy Data 10© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. RightsWATCH Global Protector Client The user right clicks the file/folder and selects the classification to be applied to the file(s). Corporately defined policy rules can overwrite user decisions and choices RightsWATCH Global Protector Server Automatic classification of files. Corporately defined policy rules are applied on every file type the Global Protector finds in the process of scanning corporate repositories RightsWATCH Global Protector Web Software component installed on an IIS web server. MS Office files are classified when exported/downloaded from the web server, being the process completely “transparent” to the end user. Thursday, March 17, 2016
  • 11. Warning Rule Trigger a “warning” to the user performing an action Blocking Rule Trigger a “blocking” action and prevent the user from doing what he/she was hoping to accomplish Data Loss Prevention 11© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. Tagging for DLP The data asset is tagged at the metadata layer to enhance the efficiency and effectiveness of the DLP policies Thursday, March 17, 2016
  • 12. Rights Management 12 User is informed if any of the recipients will be unable to open the rights protected email and can act upon it © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. Ignore Ignore the warning and send the email anyway Remove Remove the recipient(s) from the recipients list, and then send the email Classify as Public Downgrade the classification level of the email being sent so that all recipients are able to open and read it Thursday, March 17, 2016
  • 13. Single Sign-on and PIN Authentication Automatic App Configuration AppTunnel Integration Secure Data Removal Device Pinning Classify Data Enforce RBAC policies Remote KillAccess On-demand Mobile Devices 13 MDM + Manage the device Manage the data on the device © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved.Thursday, March 17, 2016
  • 14. ComprehensiveAuditTrails InformationTracking for ForensicAnalysis Event Correlation Dashboards, KPIs, Alarms and Reports RightsWATCH server stores the logs in SQL Database A SIEM is “fed” by RightsWATCH's database for knowledge generation Metrics/KPIs Reports Alarms DataAnalytics 14© Copyright www.watchfulsoftware.com. 2016 All Rights Reserved.Thursday, March 17, 2016
  • 15. 1 Design a simple information security model, easy to understand, implement and apply 2 Use proper tools to implement your data classification initiative 3 Take in consideration your data’s lifecycle and flexible classification 4 Make sure you address any necessary legislative and regulatory requirements Key takeaways Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 15
  • 16. Check out the “Resources” area on www.watchfulsoftware.com and watch short product walkthrough demonstrations of how RightsWATCH address a comprehensive set of use cases E-mail info@watchfulsoftware.com to request a demo of RightsWATCH This webinar is being recorded.You’ll have access to it On-demand at www.watchfulsoftware.com Q&A andWrap-up Thursday, March 17, 2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 16
  • 17. How Classification changes the way you look into corporate data www.watchfulsoftware.com March, 16th 2016

Editor's Notes

  1. 1. This digital information may include confidential e-mail messages, strategic planning documents, financial forecasts, contracts, dynamic, database-driven reports, and other sensitive information. 2. Intricate and unclear data classification strategies that aren’t understood by users and end up never being used in the real world; PLUS the classification requirements, many times, don’t take in consideration the business impact and the volume of legacy data present in the organization. 3. The widespread use of laptops and mobile devices adds difficulties in controlling what happens to the data 4. A growing list of legislative and regulatory requirements adds to the ongoing task of protecting digital files and information
  2. Organizations need to control and protect their sensitive and confidential information against information leakage, by dynamically applying a pre-defined Information Control Policy to all types of unstructured information (emails, documents, spreadsheets, presentations, etc.) as that information is created. Data classification should be established by setting a core set of principles regarding the proper use, handling and applicability of various protection profiles for each data category. To successfully implement a policy-driven classification process, your organization must know it’s data, and for that it must answer a few questions…
  3. Data Classification & Labelling: all sensitive data must be classified and labelled accordingly to corporate security policy This means that it’s put into its appropriate category depending on it’s criteria This could be based on Content, Context and Metadata Once if falls into a classification, it should be labelled appropriately with headers, footers, watermarks, legal jargon, etc. to protect the organization It should also have its metadata tagged to allow tracking and forensics 2. Legacy Data: Not only current files, but also existing legacy files need to be classified according to the company’s defined information security policy 3. Data Loss Prevention: Apply data-centric policies to files and emails to educate and prevent going against corporate policies, and have the ability to work together with other DLP systems that might already exist in the corporate network 4. Rights Management: Enforcing role-based access control policies over files, anywhere - Role-based policy rules (RBPR) applicability allows a corporation to “escape” the limitations of a “one-type-fits-all” approach to policy rules. Leveraging RBPR will have the appropriate policy rules applied to the data depending on the organizational unit, project and/or department to which the user belongs. 5. Mobile Devices: Keeping sensitive information safe in a BYOD world is a must in today’s world, so there is a need to extend Information Protection & Control to Smartphones and Tablets such as iPhone, iPad, Android and BlackBerry platforms… 6. Data Analytics: Ability to provide comprehensive audit trail for forensic analysis and clear demonstration of compliance, together with Security Information and Event Management tools, to correlate events and generate dashboards, alarms and reports, knowing in real time who is doing what, when, and how with classified information.
  4. 1. By classifying data automatically right at the point of origin, the risk is mitigated and the proper treatment of that information can be applied by users throughout the data lifecycle. 2. Leveraging content and context scanning automation, RightsWATCH’s policies allow the automatic update of the classification of files after a specified date in the future. This is particularly interesting in situations in which classification levels are related to projects/initiatives that have an expiration date and/or whose sensitivity decreases/increases after a specific day in the future. 3. e 4. While increasing user and organizational awareness for the value and sensitivity of data, RightsWATCH significantly reduces corporate liability in the event of breach or exposure, by delivering a comprehensive audit trail for real-time data analysis and data intelligence, make sure you are compliant with a variety of Governance, Risk and Compliance (GRC) requirements, like: HIPAA - US Health Insurance Portability and Accountability Act ISO 27001 PCI Compliance - Payment Card Industry Data Security Standard UK Government Security Classifications (GSC) Etc…
  5. Explain the data classification process (automatic & user-driven) and the labelling (marks & tags) capabilities of RightsWATCH. Refer the consistent interface of RightsWATCH across all platforms (Outlook, Office, PDF…) ITA gives the possibility of automatic file re-classification: -> ITA allows automatic update of the classification of Microsoft Office files after a specified date in the future ITA: 1. The IT Manager defines the allowed options and permissions for any given level, scope and user role, according to corporate policies 2. The user is able to define the ITA time frame for a given file, according to corporate policies -> ITA is particularly interesting in situations in which classification levels are related to projects/initiatives that have an expiration date and/or whose sensitivity decreases/increases after a specific day in the future -> ITA applies only to and from non-RMS encrypted levels of classification
  6. How does RW address the Legacy data issue? All those unclassified pre-existing data in users’ desktops, shared network drives, or cloud based drives.. This can be done in 2 ways: GP Client and GP Server There is a third way, that we call: Global Protector Web that enables the automatic classification of files, based on the defined content and metadata aware policy rules. The RW GP Web is a software component that is installed on an IIS - Internet Information Services web server, and operates independently of any agent and/or plug-in (COM Add-on) running on the endpoint. So, MS Office files are classified when “leaving” (i.e. being exported/downloaded from) the web server, being the process completely “transparent” to the end user.
  7. Warning Policy Rule: An alert is shown for user educational and training purposes. The user will be able to save the file or send the email Blocking Policy Rule: An alert is shown to the user and, independently of the chosen classification level, the file won’t be able to be saved or the email won’t be sent RightsWATCH adds visual labels to enforce corporate policies, educate users with visual clues and prompts to protect the company from a legal and compliance perspective. Digital fingerprint can also be tracked as metadata, as RightsWATCH adds the RMS unique identifier to the metadata of emails, MS Office files and PDFs to leverage “downstream” technologies (e.g. a DLP, an email gateway,…). Tagging for DLP: Combining RightsWATCH and DLP, enables enterprises to have mechanisms to discover information, monitor its flow and protect it to prevent leakage, to ensure compliance with information security and access policies, and to maintain an audit trail for control and compliance. By classifying and labelling unstructured data at creation, RightsWATCH vets the unstructured data with the enterprise’s document management policies, thus the DLP can implement precise and deeply content-aware decisions about an asset (document, email, …). ********************** Combining RightsWATCH classification with a Data Loss Protection system allows enterprises to: Remind users of information management policies as the information is created; Enforce the policies – tag, watermark, append headers, add metadata – before the data leaves the endpoint; Track where what type of unstructured data is being created, and by whom; Streamline information classification and protection across the extended enterprise (BYOD).
  8. Here is an example of RW enforcing role-based access control policies. In this case, when a user tries to send internal information by email to an external user (a Gmail account): RW detects that some recipients might not be able to open the email and access the information attach because they do not have permissions to do so; RW presents the user with 3 options: Option 1) Remove the recipient from the recipients list, and then send the email Option 2) Downgrade the classification level of the email, so that all recipients are able to open and read it Option 3) Ignore the warning and send the email anyway, however, the user with the Gmail account will not be able to open it
  9. MDM solutions allows IT to leverage existing enterprise resources such as email, content repository, security certs and identity management, and enables the use of both corporate owner or employees devices in the enterprise. RW adds to this by managing the data itself on the device, by classifying it, enforcing role-based access control policies and being able to perform remote kill access on-demand Single Sign-on and PIN Authentication - Users need only enter a single secure password (or PIN) to gain access to all MDM enabled apps. Automatic App Configuration for Users – Distribute mail login and server URL information centrally via MDM. When RightsWATCH is first deployed, users are not required to enter complicated email configuration information. AppTunnel Integration – Secure, app specific VPN connectivity over SSL that is invisible to the user Secure Data Removal - If a phone is lost or stolen, the app and all its data can be selectively wiped Device Pinning – Only allow corporate users to log on to an App on a device that is authorized by the MDM.
  10. RightsWATCH has a monitoring interface that allows for Logging, Audit Trails, Forensics and Damage Control actions: With a Content Rich Database All-in-one Centralized Management Scalable Architecture Secure Implementation Comprehensive Audit Trails Information Tracking for Forensic Analysis On top of this, it also supports and integrates with SIEM tools, so for example: - Enterprises running RightsWATCH and Splunk® are able to leverage Splunk® to correlate events and generate dashboards, alarms and reports, knowing in real time who is doing what, when, and how with classified information. RW currently supports Splunk®, that leads the market in providing tools to search, monitor, and analyze machine-generated big data Further support is planned for other SIEM tools To do this, RightsWATCH delivers a manual on how to integrate booth tools and a configuration file that allows for the SYS Admin to have predefined metrics and analytics being shown in the SIEM interface (such as ArcSight (from HP), QRadar (IBM), PowerBI (Microsoft), etc… is already planned for future releases
  11. CISOs and SYS Admins need to: 1. Design a simple information security model, easy to understand, implement and apply. With levels of classification for sensitive information applicable to structured and unstructured data (for example: Public, Internal, Confidential and Secret) 2. Support data classification initiatives with the necessary policies, processes and tools to achieve the project's objectives 3. Make sure that your data classification process and tools take in consideration your data’s lifecycle and that they are able to accommodate possible classification changes 4. Address your business needs, like legislative and regulatory compliance, with clearly defined project scopes