DevEX - reference for building teams, processes, and platforms
Tackling data security
1. Protecting Clients’ Assets and Brand Reputation
Data exfiltration
Just when we thought we had it
addressed
2. Protecting Clients’ Assets and Brand Reputation
My Top 5 Worries
•
•
•
•
•
Social Media
Ineffective Patching
Portable Media
Internet Printing Protocol
Email
4. Data Management & Control
Protecting Clients’ Assets and Brand Reputation
Key Questions
• Where is our data?
• Who is using our data internally?
• Who have they shared our data with externally?
• How is our data being stored?
• Is our data being protected?
• Is our data SAFE?
• What is it we WANT to achieve?
5. But all I need is DLP right?
Protecting Clients’ Assets and Brand Reputation
DLP is an essential part of any Data Management and Control
program, but there are things it cant do:
• Protect your data when its not on your premises
• Stop 3rd parties forwarding it on
• Prevent the human factor
• Secure the physical
• Stop theft!
7. Where is your Data?
Protecting Clients’ Assets and Brand Reputation
Think about it, it may not be obvious. We can all guess our file
stores and our systems but;
• Your suppliers?
• Your bins?
• On twitter?
• Your employees websites?
• On your premises?
• In the cloud?
• Behind the fridge?
• Is it safe?
• Cornell Universities Spider
8. How do you use your data?
Protecting Clients’ Assets and Brand Reputation
We know we use our data to carry out business, but how is it
actually used?
• What do finance do with all those numbers?
• Why do marketing have all those mp3 files?
• How are development maintaining their source code?
• Has payroll embedded data in hidden spreadsheet fields?
• 3rd party processing?
• Is it safe?
9. We understand our data – lets protect it
Protecting Clients’ Assets and Brand Reputation
Protecting your data can prove harder than you think. 80% of the
challenge is to fix the human element
• User Training, User Training & User Training
• Policy Process & Procedure
• Fostering culture change
• Remember, Accidents Happen!
10. We understand our data – lets protect it
Protecting Clients’ Assets and Brand Reputation
The technology is easy, isn't it? Remember: if you can think of a
way around your technical controls, your staff will think of 5.
• Encrypt your laptops & devices
• Use strong endpoint technologies
• Have good identity management
• Enforce Data Classification
• Audit the change logs
• Train those above you
• Now train those below you
11. Take the Holistic View
Protecting Clients’ Assets and Brand Reputation
There is no one product that fits all scenarios, you need to find
what fits in your business.
• Protect at creation – Awareness Training? DLP?
• Protect during transmission – Awareness Training? Encryption?
• Protect in processing – Awareness Training? IRM?
• Protect the physical – Awareness Training?
• Protect at rest – Awareness Training? DLP?
12. Protecting Clients’ Assets and Brand Reputation
Tackling Data Security - Links:
• Our Website
• Information Security
• Our Skills, Your Team
• Penetration Testing