Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Leave it to the experts How to implement and manage Data Loss Prevention
Matt Adams
15 November 2012
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Introduction
Joined Deloitte in 2006
Service Lead – Information Protection
Technologies
• DLP
• Data classification
• Mobile security
CLAS, CISSP, CISM, ISO 27001 Lead Auditor
2 Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Agenda
• Introduction to Deloitte Information Protection Technologies
‒ Observed trends
‒ Capabilities
• DLP Case Study
‒ Stakeholder engagement
‒ Project approach
‒ Lessons learned
• Partnering summary
• Q&A
3 Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential. Presentation title 4
Information Protection Technologies Service Overview
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Information Protection Technologies
5
What we’re seeing...
• Organisations have deployed a range of „point solutions‟
designed to protect sensitive information.
• Key challenge to ensure these solutions deliver ongoing
business value and secure business data.
• Point solutions can be difficult to integrate to achieve
„defence in depth‟.
• Effectiveness of solutions can be eroded over time if
configurations and rule sets are not maintained.
• Resource limitations can prevent organisations from realising
the full benefits of solution capabilities and reporting.
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Information Protection Technologies
6
How are we helping our clients...?
• Team of information protection specialists, certified by
leading vendors.
• Focussing on maximising the business value of existing and
planned implementations of information protection solutions.
• Leveraging combined experience of delivering projects for
other leading organisations.
• Combining technical SME‟s with knowledge and insight from
business representatives.
• Providing access to our Information Protection Laboratory for
demos and testing.
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Deloitte Information Protection Lab
7
Internal network – Information Protection Lab – LAN Address
MS
Exchange
2010MTA
Oracle
IRM
Oracle
Database
DLP
VendorsVaronis Varonis
Oracle IRM
client
SharePoint
2010
Active
Directory
Shared Services Infrastructure
Information Protection Shared Database Services
MS SQL
2010
Titus
client
Symantec
DLP client
Workstations/clients
Workstations/clients
PGP Universal
(SMTP Gateway)
File Server
Sa
me
virtu
al b
ox
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential. Presentation title 8
Symantec Data Loss Prevention Client case study
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Engagement Overview
9
Client Profile
• Leading multi-channel
media company.
• National and regional
newspaper titles plus a
portfolio of more than
200 websites.
• Part of a global B2B
and consumer media
group.
Deloitte Role
• Identify sensitive business data and
associated business users.
• Account for changes in data flows as a result
of cloud and consumer device initiatives.
• Lead workshops with business stakeholders.
• Perform a DLP risk assessment against
existing practices and controls.
• Produce high-level technical design.
• Manage a phased deployment of network
and endpoint DLP, data classification and
information rights management
technologies.
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Managed DLP Deployment
10
Business
Enablement
(Deloitte)
Managed
Services
Provider
Technology
Vendor
(Symantec)
Managed
DLP
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Project Stakeholders
11
Deloitte
Project Team
Business
Unit Reps
Client Project
Lead
Leave it to the experts: How to implement and manage DLP
Managed
Service
Provider
Technology
Vendors
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Project Outline - DLP
12
05/11 07/11 10/11 01/12
Phase 1
(Passive)
DLP Risk
Assessment
04/12 07/12
Leave it to the experts: How to implement and manage DLP
Phase 2
(Active)
Network Prevent
for Email and Web
Network Monitor
for Email and Web
Endpoint
Prevent
Endpoint
Discover
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Risk Assessment
13
Objective Identify whether there is an issue with data leakage from
business systems and determine possible causes.
Approach
• Deploy Symantec DLP Risk Assessment tool to scan
outbound emails, including attachments.
• Tailored search criteria developed by Deloitte in
collaboration with client IT Risk team and business
representatives.
• 5,000 email addresses monitored.
• Four consecutive weeks.
Results
• Identified a large number of significant breaches of the
Data Protection Act.
• Observed a range of company confidential documents
being sent to external email addresses.
• Recommended improvements for remote working and
information sharing with third-parties.
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Phase 1 – Passive Monitoring
14
Business Unit
Workshops
Understand business context of sensitive data
processing. Identify business requirements.
Define Business
Processes
Analyse output from workshops and agree what
„normal‟ looks like.
Create Policies /
Rule Sets
Specific rules for each business unit.
Design DLP
Infrastructure
Deloitte collaborated with client IT personnel and
managed service provider to identify optimum network
locations to deploy DLP.
Define Target
Operating Model
Deloitte provided input based on good practice in other
leading organisations.
Test DLP Tool
Deloitte provided a technical review of the tool,
presenting results to business unit reps for feedback.
Go Live Iterative process of reviewing DLP output and refining
rules to optimise output.
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Phase 2 – Active Monitoring
15
Business Unit
Workshops Gain feedback from key stakeholders.
Further Policy
Refinement
Update baseline policies and define additional
baseline policies for web monitoring.
Tool and Policy
Testing
Creation of test plan and scripts, including updated
baseline email / web policies and response rules.
Refine Target
Operating Model
Update Target Operating Model with workshop input
from key stakeholders.
Alerting Testing
Configuration and testing of DLP alerting and
messaging workflow.
Alerting Go Live
Continue to update and refine rule sets.
Transition to BAU.
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
DLP Essentials
16
Ensure business defines teams /
employees to be monitored
Overall project sponsorship should
come from the business, not IT
Identify key risks with business units
Don‟t be tempted by a „catch-all‟ approach
Think about worst case scenarios
Let the business define keywords
and key phrases for monitoring
Ensure regular processes that may
trigger DLP are accounted for
Define a clear target operating model
Plan your incident remediation
strategy
Consider engaging an experienced delivery partner
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential. Presentation title 17
Partnering for success
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Partnering for greater value
18
DELOITTE VALUE
CLIENT CHALLENGES
Point solutions Sustaining
value
Resource
constraints IT focus
Significant
implementation
experience
Flexible pool of
SMEs
Strategic
vendor
partnerships
Industry
knowledge
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Why Deloitte?
19
• We are a global strategic partner with leading vendors of information protection
technologies
• Symantec Security Partner of the Year 2012 (EMEA)
• Enterprise Solution Provider for Symantec DLP
• Wealth of experience in supporting clients to deploy and manage solutions
throughout the information protection lifecycle, including:
• Data Loss Prevention
• Data Access Governance
• Data Classification
• Data Encryption
• Information Rights Management
• Mobile Device Management
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Why Deloitte?
20
Our security and IT risk consulting services are
independently recognised as world leading.
“In Forrester’s 75-criteria evaluation of information security
and risk consulting service providers, we found that Deloitte
led the pack because of its maniacal customer focus and deep
technical expertise.”
Our people
At Deloitte, our global team can draw on the experience of;
• 11,000 risk management and security, privacy and resilience
practitioners
• 16,000 risk consulting professionals
• 210 computer forensics examiners
• 11,530 human capital consulting professionals
Our skills
ISACA: Over 8,000 involved with ISACA; approximately 2,000 certified
as CISA, CISM, & CGEIT
ISC2 : Over 1,100 CISSPs
BSI: 150 trained lead system auditors
IAPP: Privacy certified practitioners
PMI: PMP certified practitioners
53 Security & Forensics labs located
strategically across the globe
Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Please feel free to ask questions now, or get in
contact with me through the following
addresses.
Email: [email protected]
Twitter: @mattrwa
Alternatively, please come along to the Deloitte
stand (PL1) in the Expo Hall.
Questions?
21 Leave it to the experts: How to implement and manage DLP
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2012 Deloitte LLP. Private and confidential.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, and its network of member firms,
each of which is a legally separate and independent entity. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and
its member firms.
Deloitte LLP is the United Kingdom member firm of DTTL.
This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out will
depend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any of
the contents of this publication. Deloitte LLP would be pleased to advise readers on how to apply the principles set out in this publication to their specific
circumstances. Deloitte LLP accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any
material in this publication.
© 2012 Deloitte LLP. All rights reserved.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street
Square, London EC4A 3BZ, United Kingdom. Tel: +44 (0) 20 7936 3000 Fax: +44 (0) 20 7583 1198.
Member of Deloitte Touche Tohmatsu Limited