WE HAVE SPENT MILLIONS ON SECURITY BUT STILL FACE LEAKS TO THE PUBLIC AND THE PRESS?
Download this resource
Spending huge sums of money have not resulted in the reduction of information leaks caused by the internal staff. These leaks could be either accidental or deliberate in nature as can be seen from the following examples:
“Google accidentally leaked hundreds of thousands of customers’ personal details — and didn’t notice for 2 years”Business Insider, March 13th, 2015
“David Bowie, Diane Von Fürstenberg, Diego Forlán, and other famous names that appeared in HSBC’s Swiss bank leak”Business Insider, Feb 2015
NSA leaks by Edward SnowdenJune 2013
Secret military and diplomatic files leaked to Wikileaks by Bradly ManningFeb 2010
Information Owners (Heads of Department) are unable to directly control the information for which they are responsible
Sensitive information is created daily in a decentralised manner at the departmental level. The only people who can actually decide the appropriate use of this information are the department staff themselves. Unfortunately, traditional security approaches rely on central tagging and monitoring of sensitive information and there is no automated way of tagging new information being created on a daily basis. Furthermore, as they rely on central monitors rather than departmental-level monitors, they have no idea what qualifies as inappropriate usage of sensitive information. As such, sensitive information which can actually hurt the organisation never gets tagged and monitored.
Real sensitive information is not shared with, or monitored by, IT staff
Real sensitive information like board papers, new acquisition documents, etc are often considered to be too sensitive and are not shared with the IT staff maintaining the security system. When the information cannot be shared with the IT staff, the information never gets protected.
No education or involvement of users and so no modification of user behaviour
Indicate whether documents contain sensitive information or not. This means that users are unaware of the importance of some documents and unwittingly violate DLP rules regarding their usage. Furthermore, DLP systems do not allow users to provide feedback directly to the information owners as to their changing business needs regarding the sensitive information. The lack of education means the users are unable to modify their behaviour in handling sensitive information. The lack of involvement means they are unable to modify the behaviour of the DLP system to match their business needs. This quickly leads to user dissatisfaction with the DLP system.
THE SOLUTION : CORPORATE INTEGRITY MANAGEMENT SYSTEM A SMART DLP
e-Safe Compliance is a corporate integrity management system. It is built on the philosophy of “Educate, Trust and Verify”. e-Safe Compliance enables information owners and users to educate each other on what information is sensitive and the changing business needs regarding its use. e-Safe Compliance avoids operational overheads through trust, by making information owners responsible for protecting sensitive information through specification of document rights, and allowing users to override document rights when necessary. e-Safe Compliance enables information owners and auditors to verify that sensitive information is protected, and not misused, by monitoring its usage and highlighting potential issues.
e-Safe Compliance is the only system to protect against both insider and outsider threats:
Behavioural analytics to detect potential threat points
e-Safe Compliance uses user behaviour analytics to automatically build a profile of each of your users’ normal activity, and alerts security teams to anomalies. e-Safe picks up indicators of compromise like unusual use of admin / hacking tools, unusual transfers or consolidation of data, and unusual after-hours activity. When used in combination with threat intel feeds and/or perimeter security tools, e-Safe can also be used to identify compromised machines and the source of an attack.
Empowering end-users to classify and monitor sensitive information themselves
e-Safe Compliance ensures that all transactions done by authorised users are analysed and monitored by users who understand them. This is made possible via e-Safe Compliance decentralised management components as follows:
- Using e-safe Compliance information tagging utility, authorised information owners can classify large amounts of information into rules which are applied within their department.
- Information owners can classify sensitive documents as secret, confidential or internal use using document rights management. They can also specify who can access this information by defining document rights without involving the central admin.
- Potential data leak incidents which are produced by these decentralized definitions are reviewed by the information owners themselves, and, in some cases, completely without involving the IT admin. As the information owners have a good understanding of the people using the information, the operational circumstances, and what constitutes misuse of the information, they are able to identify serious misuse of information accurately.
The decentralised security facilities ensure that end-users are engaged in the maintaining the security of the information, as they can clearly see results of any mishandling, making security part of everyday operations.
Integrity management workflow
e-Safe Compliance integrity management workflow ensures that any dubious transaction done by the users is reported to the user’s manager (the information owner) and the security personnel. This mechanism of reporting to the users who actually understand the information, ensures that staff do not misuse information. Furthermore, to ensure that the information owners are not stealing sensitive information, the usage reports are centrally audited by the security department (or similar). This dual-reporting is an essential requirement for compliance with ISO27001 standards.
A high level diagram of the checks and balances within e-Safe Compliance is shown in figure 1 below.
Figure 1 – Decentralized Information Monitoring System (Security is everyone’s responsibility)