The document outlines 5 steps to lock down sensitive files and regain control of data: 1) Discover sensitive data using tools like DLP to scan for regulated data. 2) Identify data owners to understand who is responsible for specific files and data. 3) Communicate with data owners to discuss remediation of sensitive data. 4) Implement policy controls using tools like DLP and FAM to enforce real-time access policies. 5) Remediate issues by applying controls like encryption, deleting files, and changing permissions to protect sensitive data that has been discovered.

1. 5 Ways to Lockdown Your Sensitive Files
with DLP and FAM
Presented by,
Ash Devata, Sr. Manager, DLP Products, RSA
Raphael Reich, Director of Product Marketing, Imperva

2. Agenda
 Major Trends
 5 Steps to Regain Control
 Conclusion And Q&A

3. Today’s Presenter
Ash Devata, Sr. Manager, DLP Products, RSA
 Expertise
+ DLP, data security, information
classification
+ Presented at RSA, ISC2 sessions, EMC
World, etc.
 Worked at
+ RSA, EMC, Startups
+ Chaired sustainable development
projects in Boston
 Academics
+ Degrees in MBA and Electronics and
Instrumentation Engineering
+ Co-author of books/journals on BPO

4. Today’s Presenter
Raphael Reich, Dir. Product Marketing, Imperva
 Expertise
+ 20+ years in product marketing,
product management, and software
engineering
 Professional Experience
+ Cisco, Check Point, Digital Equipment
Corp.
 Academics
+ Bachelor’s degree in Computer Science
from UC Santa Cruz
+ MBA from UCLA

5.  Major Trends
 5 Steps to Regain Control
 Conclusion And Q&A
CONFIDENTIAL

6. Data is Growing & Constantly Changing
Enterprise data volume
20%
Substantial volume
80% Unstructured (file data) IDC: 2009 File-Based Storage Taxonomy, 11/09
Structured (DB, Apps)
500
400 60%
Volume
300
200 Constant growth
100 IDC: 11/09
0
1 2 3 4 5 6 7 8 9
Time
• As data grows, so does the volume of user access rights
• Rights are also very dynamic
• Employees, contractors, consultants, etc., join/leave the
organization, start/finish projects, change job roles, etc.

7. Two Types of Sensitive Data
Data You Data You
Collect Create
• Credit card data • Intellectual property
• Privacy data (PII) • Financial information
• Health care information • Trade secrets

8. And Companies Are Losing Data
Three Main Threat Vectors
1 2 3
Non-malicious end IT and Business Malicious user
user trying to get the managing data stealing data using
job done without total visibility authorized tools

9. And There Are Regulations to Prevent Data Loss
 Regulations: sensitive data must be protected
Regulation Scope Example Requirement Control measure
Requirement 7: “Restrict access to cardholder Audit and review user
PCI-DSS Credit card data
data by business need to know” rights
Section 164.312(b): “Implement…mechanisms
HIPAA Healthcare-related PII Activity monitoring
that record and examine activity…”
FERC- Requirement 5.1.2: “…create historical audit trails
US energy industry Activity monitoring
NERC of individual user account access activity.”
Section 120.17: Restricts “Disclosing…or Audit and review user
ITAR US weapons export
transferring technical data to a foreign person…” rights
Section 17.04 (1d): “…restrict access to active Audit and review user
MA 201 users and active user accounts…" rights, plus Activity
PII of state residents Summary
CMR 17 Section 17.04 (2a) "restrict access...to those who monitoring to identify
Requirements Controls
need…to perform their job duties" dormant users
Business need-to-know User rights auditing and reviews
access
Historical audit trails Audit file access activity
Restrict access to active users Correlate file rights with file access
activity

10. Personal Information Breach Notification Laws
46 States have PII breach
notification laws
3214 Number of notified
incidents since Jan 2006
75% PII breaches are a result
of insider actions
States with No PII Breach Notification Laws
Alabama, Kentucky, New Mexico, and South Dakota

11. Highly Prescriptive Regulations for Managing PII
Proactive
Prescriptive
Auditable

12. End of The Day, Data Loss is Very Expensive
What does a data breach
cost? US$7.2 Million
or $214 per record
Source: 2010, Annual Study: Cost of a Data Breach, Ponemon Institute

13. The Second Type of Sensitive Data Is Import Too
Source Code Financial Results Blue Prints Patent Filings
Road Maps Contracts Strategic Plans M&A Initiatives Bidding
ns Partnership Plans Investment Details Portfolio Models Competitive Intel
roduct Docs Research Results Un-Published Docs Raw R&D Data Busin
“Secrets comprise two-thirds of the value
of firms’ information portfolios”
Forrester 2009: Securing Sensitive IP Survey
Competitive Brand Employee
Advantage Equity Morale

14. Taking Data With Them When They Go
Insiders
 70% of employees plan to
take something with them
when they leave the job
+ Intellectual Property: 27%
+ Customer data: 17%
 Over 50% feel they own it
Source: November 2010 London Street Survey of 1026 people, Imperva

15. Example breach: $50M+ in automotive designs
Xiang Dong Yu
• Worked at Ford 10 years
• Took 4,000 design documents
• Estimated $50-100 Million in value
• Went to work for Beijing Automotive Co.

16.  Major Trends
 5 Steps to Regain Control
 Conclusion And Q&A
CONFIDENTIAL

17. 5-Steps To Regain Control
Discover
sensitive data
Identify data
Remediate
owners
Implement Communicate
policy with data
controls owners

18. Discover Sensitive Data
Attributes & Identity Analysis
SharePoint
Grid
• File extension
• File type, size, etc.
Databases
Virtual Grid
Content in File
RSA DLP
• General keywords
Datacenter
NAS/SAN • Specialized keywords
Temp Agents
• Patterns and strings
• Proximity analysis
File Servers Agents • “negative” rules
Endpoints

19. Data Discovery Is Part of RSA Data Loss Prevention
RSA DLP Enterprise Manager
RSA DLP RSA DLP RSA DLP
Network Datacenter Endpoint
Connected Disconnected
Email Web File shares SharePoint Databases PCs PCs

20. When You Find Sensitive Data…
IT decides on remediation
 • IT does not have business context
• Potential of disruption to business
Result
Sensitive files
discovered by DLP
Involve end-user in remediation
• Who to contact?
• What to ask?
 •
•
•
How to track responses?
How to follow up?
How to orchestrate?
• How to manage the process?

21. Step 2 In Regaining Control
Discover
sensitive data
Identify data
Remediate
owners
Implement Communicate
policy with data
controls owners

22. How Owners Are Identified Today
 See who created the file/folder
 Examine ACLs
 Mass e-mails
 Phone calls
 Keep notes
Finding an owner: 1 hour per folder on average
22

23. Who Owns It? Ask The People Who Know Best…
?
23

24. Step 3 In Regaining Control
Discover
sensitive data
Identify data
Remediate
owners
Implement Communicate
policy with data
controls owners

25. Communicate With Data Owners
SharePoint
Grid Business Users
Databases
Virtual Grid
RSA DLP RSA DLP
NAS/SAN Datacenter Risk Remediation Manager
Temp Agents
File Servers Imperva FAM
Agents
Endpoints
Manage Remediation
Discover Sensitive Data
Workflow

26. Step 4 In Regaining Control
Discover
sensitive data
Identify data
Protect files
owners
Implement Communicate
policy with data
controls owners

27. Real Time Policy Enforcement Through FAM
Block and alert when users outside
Finance access Finance data
See triggered alerts
Drill down for details on
“who, what , when, where”

28. Leverage DLP Data Discovery in FAM
Click to import CSV

29. Leverage DLP Data Discovery in FAM
View classification in
SecureSphere and
use in policy building
29

30. Step 5 In Regaining Control
Discover
sensitive data
Identify data
Remediate
owners
Implement Communicate
policy with data
controls owners

31. Apply Controls to Protect Data
SharePoint
Grid Business Users
Apply DRM
Databases
Virtual Grid Encrypt
RSA DLP RSA DLP Delete / Shred
NAS/SAN Datacenter Risk Remediation Manager
Change Permissions
Temp Agents
Policy Exception
File Servers Imperva FAM
Agents
Endpoints
Manage Remediation Apply
Discover Sensitive Data
Workflow Controls

32. Remediate Excessive Access
Should “Everyone” have access to sensitive data? Are there dormant users?
• “Everyone” group in Active Directory literally means all users • May want to revoke rights of inactive users
What rights are not used?
• Users with access they appear not to need

33. Understand Access Rights And Their Origins
See what a user can access
…and how they got access to data

34. Traditional Approach – The Old Way
Day 4
Minimal context
for file
ownership. Day 150
Spreadsheet consolidation
Let the e-mail into an access database -
exchange begin. Attempt to deliver metrics
Day 1
30K files discovered
by DLP
Day 180
No consistent data.
Contractor funding extensions have ended.
Internal resources left with no repeatable process.

35. With The Solution: Reduce Time Up To 85%
Day T + 60
90% of files remediated
Day T + 5
1200 Owners
Repeatable and
in 10 Countries
continuously monitored
Identified by RSA
DLP
Analyst work space and
executive metrics in DLP
Imperva identifies RRM.
file owners based
on access to files Day T + 15
DLP RRM sends initial
Day T questionnaire to data
30K files owners
discovered by RSA
DLP Data owners and IT
agree on remediation
controls

36.  Major Trends
 5 Steps to Regain Control
 Conclusion And Q&A
CONFIDENTIAL

37. To Wrap Up…
Discover
sensitive data
• Data protection is essential
Protect files
Identify data
owners
• Data protection goes beyond IT
• Focus on people & process
• Look for more complete solutions
• Involve all stake holders in planning
Communicate
Implement
with data
policy controls
owners

38. About RSA, The Security Division of EMC
Network
SIEM DLP Monitoring
Authentication
Web Fraud
Detection
eGRC IT GRC Encryption
Manage Risk Prove Compliance Secure Access Secure
and Threats Virtualization
& Cloud

39. Imperva: Our Story in 60 Seconds
Attack Usage
Protection Audit
Virtual Rights
Patching Management
Reputation Access
Controls Control

40. Webinar Materials
Get LinkedIn to
Imperva Data Security Direct for…
Answers to
Post-Webinar
Attendee
Discussions
Questions
Webinar
Much more…
Recording Link

41. Questions and Answers
Questions and Answers