|
A Data-Centric, Risk Based Approach
The methodology that drives Enterprise Information Protection (EIP) is data-centric and risk based. This approach is a paradigm shift away from traditional "network or infrastructure" centric security in both architecture and process. The data-centric security approach focuses on information flow and human interaction and not on the infrastructure that it moves through or is stored on. The data-centric approach is risk based, working to identify, prioritize and proactively mitigate risks to sensitive information. Where an infrastructure approach might look at only content-aware Data Loss Protection (DLP) or USB device control, a data-centric approach looks across all data flows and holistically identifies risk across all channels throughout the global enterprise. To effectively pursue a data-centric approach, an EIP platform like Verdasys’ Digital Guardian must be used as its foundation. The ultimate goal of data-centric security is to create a proactive, sustainable and continually improving Enterprise Information Protection program across the organization that enables collaboration and competitive advantage while mitigating the risk of data compromise.
Traditional network or infrastructure based approaches to security have consistently failed to protect sensitive data. For companies to substantially reduce the risk of information loss, they need to implement an Enterprise Information Protection program following a risk based, data-centric approach to security. In other words, it's all about understanding:
-
What sensitive data exists, and where it is located
-
What user is taking what actions with sensitive data
-
Where the sensitive data is going
-
What controls are needed to mitigate the risk of the user's actions
The EIP Data-Centric Methodology Consists of Five Primary Steps
Step 1: Actionable Discovery
EIP discovery moves well beyond the “commoditized” content inspection found in existing DLP tools. EIP combines content inspection with the ability to understand context at both the data and user level. The three capabilities, combined with a distributed agent architecture enables accurate sensitive information discovery for data at rest (information previously created that is stored in a hard drive or server), data being created or used by an end user in real time and data moving through a business process from one host to another. EIP discovery dramatically reduces false positives by combining context, content, and identity understanding and offers real capabilities to mitigate the risk of encrypted data compromise. It even attempts at steganography because it interacts with the user before encryption or compromise steps occur. Classification is an extension of the discovery process and “wraps” the data in a DRM like classification wrapper that can be made persistent and offers inheritance capabilities. This creates true actionable classification.
Step 2 & 3: Global Visibility into User, Activity and Data Movement Path
In the data-centric process data is not just discovered in what is called “data at rest,” it is also discovered continuously when any data transaction occurs including creation. This is critical because to mitigate the risk of any data transaction the EIP platform must understand the sensitivity of the data, the identity of the user and the full context of the action the user is taking including where the data is being moved to. This information is brought together so that the appropriate policy and proper control can be applied. This risk evaluation can be highly sensitive, determining for example the risk difference between an email with sensitive design data from a custom application being attached and sent to a network email address versus a third party email address.
Step 4: Central and Flexible Control Enforcement
EIP Policies and the data security controls that enforce them,can be configured from broad to discrete, and enable full control over data usage both on and off-line. EIP utilizes many types of controls so that the appropriate control can be activated based on the riskiness of the activity. EIP controls can alert users to risky activities and policy violations before a final action is taken; giving the user the ability to alter their behavior without interrupting business processes, encrypt the data or block user actions outright when policy violations are repeated or severe. Policy violations trigger notifications to appropriate administrators, and all related activities are logged. It is important to note that all EIP controls are automated and do not rely on the user “self-managing” their actions. Like DRM tools, the controls interact directly with the end-user, and encrypt the data or block the action before it is put in motion.
Step 5: Continuous Logging & Audit
Another critical differentiator of an EIP data-centric methodology is the ability to collect a complete log of all Meta data events that occur across the data-centric process. From discovery to transaction events, all relative Meta data is collected for analysis, investigation, and when needed, forensics and case management.
With this holistic understanding, or data-centric "visibility," to information risk organizations can, for the first time, in a meaningful way define and apply data security policies to users who interact with sensitive data including "privileged users", contractors, outsourcers and partners creating an effective EIP program.
Part: 1 2 3
Previous: EIP Overview Next: A Continuous Improvement Process
|
