Data Loss Prevention In 2009
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Data Loss Prevention In 2009 as PDF for free.
More details
- Words: 366
- Pages: 8
Data Loss Prevention in 2009 Simon Perry Principal Associate Analyst - Sustainability
© 2009 Quocirca Ltd
What is this presentation about? • This presentation deck was created in November of 2008, and updated in February of 2009. • It gives an overview of the the concept of “data loss prevention”; including: – Market drivers that create the need for DLP – An introduction to the layered content/computer/context model of security – Recommendations on policy approaches and desirable technology features – Pointers to further reading
© 2008 Quocirca Ltd
Market Drivers
Effective Asset Management
Internal © 2009 Quocirca Ltd
More and more remote workers
Increased petty theft and Targeted thefts
Regulations
External
C++ Security
Context
• Location
Computer
• HW state
Content
• History
• SW stack
• Classified • Encrypted • Trackable • Erasable
© 2009 Quocirca Ltd
Security classifications • Sensitive corporate data
• Personally Identifiable Information © 2009 Quocirca Ltd
• Publicly available content Unregulated, commercially advantageous
Generally open
Highly regulated
Unregulated, commercially advantageous
• Intellectual property
Preventing data loss
Data inclusion and movement policy
Data protection policy and technology “Diving save” – cleaning up the mess
© 2009 Quocirca Ltd
Recommendations • Truly critical data should not be copied to laptops and other portable devices • When portable devices are taken out of the office with critical data onboard they must be encrypted • Access controls should exist to ensure critical data can’t be forwarded inappropriately • The ability to remotely delete and wipe critical information provides the “diving save” • This is a problem that bridges the virtual and physical worlds – where a device physically is is important to the execution of the protection policy
© 2009 Quocirca Ltd
References and further reading • Managing 21st Century Networks (Quocirca, January 2007) http://www.quocirca.com/pages/analysis/reports/view/store250/item3609/?link_683=3609 • The Distributed Business Index (Quocirca, March 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item20918/?link_683=209 18 • Quocirca recommends the forthcoming book from Stewart Room of Field Fisher Waterhouse LLP based on its seminar series reviewing legal aspects of data protection and data privacy. For more information go to: http://www.ffw.com/publications/all.aspx?Person=1282 • Why Application Security is Crucial (Quocirca, March 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item21107/?link_683=211 07 • Superhighway at the Crossroads (Quocirca, September 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item21547/?link_683=215 47
© 2009 Quocirca Ltd
© 2009 Quocirca Ltd
What is this presentation about? • This presentation deck was created in November of 2008, and updated in February of 2009. • It gives an overview of the the concept of “data loss prevention”; including: – Market drivers that create the need for DLP – An introduction to the layered content/computer/context model of security – Recommendations on policy approaches and desirable technology features – Pointers to further reading
© 2008 Quocirca Ltd
Market Drivers
Effective Asset Management
Internal © 2009 Quocirca Ltd
More and more remote workers
Increased petty theft and Targeted thefts
Regulations
External
C++ Security
Context
• Location
Computer
• HW state
Content
• History
• SW stack
• Classified • Encrypted • Trackable • Erasable
© 2009 Quocirca Ltd
Security classifications • Sensitive corporate data
• Personally Identifiable Information © 2009 Quocirca Ltd
• Publicly available content Unregulated, commercially advantageous
Generally open
Highly regulated
Unregulated, commercially advantageous
• Intellectual property
Preventing data loss
Data inclusion and movement policy
Data protection policy and technology “Diving save” – cleaning up the mess
© 2009 Quocirca Ltd
Recommendations • Truly critical data should not be copied to laptops and other portable devices • When portable devices are taken out of the office with critical data onboard they must be encrypted • Access controls should exist to ensure critical data can’t be forwarded inappropriately • The ability to remotely delete and wipe critical information provides the “diving save” • This is a problem that bridges the virtual and physical worlds – where a device physically is is important to the execution of the protection policy
© 2009 Quocirca Ltd
References and further reading • Managing 21st Century Networks (Quocirca, January 2007) http://www.quocirca.com/pages/analysis/reports/view/store250/item3609/?link_683=3609 • The Distributed Business Index (Quocirca, March 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item20918/?link_683=209 18 • Quocirca recommends the forthcoming book from Stewart Room of Field Fisher Waterhouse LLP based on its seminar series reviewing legal aspects of data protection and data privacy. For more information go to: http://www.ffw.com/publications/all.aspx?Person=1282 • Why Application Security is Crucial (Quocirca, March 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item21107/?link_683=211 07 • Superhighway at the Crossroads (Quocirca, September 2008) http://www.quocirca.com/pages/analysis/reports/view/store250/item21547/?link_683=215 47
© 2009 Quocirca Ltd
Related Documents
Data Loss Prevention In 2009
May 2020 5
Data Loss Prevention In 2009
May 2020 4
Data Loss Prevention In 2009
May 2020 4
Data Execution Prevention
May 2020 3
Loss
May 2020 19