MOST FRAUD CASES INVOLVE SENIOR MANAGEMENT. HOW TO PREVENT THEM FROM MISUSING THEIR POWER?
Download this resource
“Worldwide spending on information security will reach $71.1 billion in 2014, an increase of 7.9 percent over 2013, with the data loss prevention segment recording the fastest growth at 18.9 percent, according to the latest forecast from Gartner, Inc. Total information security spending will grow a further 8.2 percent in 2015 to reach $76.9 billion”
Information Owners (Heads of Department) are unable to directly control the information for which they are responsible
Sensitive information is created daily in a decentralised manner at the departmental level. The only people who can actually decide the appropriate use of this information are the department staff themselves. Unfortunately, traditional security approaches rely on central tagging and monitoring of sensitive information and there is no automated way of tagging new information being created on a daily basis. Furthermore, as they rely on central monitors rather than departmental-level monitors, they have no idea what qualifies as inappropriate usage of sensitive information. As such, sensitive information which can actually hurt the organisation never gets tagged and monitored.
Real sensitive information is not shared with or monitored by IT staff
Real sensitive information like board papers and new acquisition documents is often considered to be too sensitive and is not shared with the IT staff maintaining the security system. When the information cannot be shared with the IT staff, the information never gets protected.
No education or involvement of users and so no modification of user behaviour
DLP systems do not visually indicate whether documents contain sensitive information or not. This means that users are unaware of the importance of some documents and unwittingly violate DLP rules regarding their usage. Furthermore, DLP systems do not allow users to provide feedback directly to the information owners as to their changing business needs regarding the sensitive information. The lack of education means the users are unable to modify their behaviour in handling sensitive information. The lack of involvement means they are unable to modify the behaviour of the DLP system to match their business needs. This quickly leads to user dissatisfaction with the DLP system.
THE SOLUTION : A STAFF BEHAVIOUR IMPROVEMENT SYSTEM A SMART DLP
e-Safe Compliance is a staff behaviour improvement system. It is built on the philosophy of “Educate, Trust And Verify”. e-Safe Compliance enables information owners and users to educate each other on what information is sensitive and the changing business needs regarding its use. e-Safe Compliance avoids operational overheads through trust, by making information owners responsible for protecting sensitive information through specification of document rights, and allowing users to override document rights when necessary. e-Safe Compliance enables information owners and auditors to verify that sensitive information is protected and not misused by monitoring its usage and highlighting potential issues.
e-Safe Compliance is the only system to protect against both insider and outsider threats:
Behavioural analytics to detect potential threat points
e-Safe Compliance using user behaviour analytics automatically builds a profile of each user’s normal activity, and alerts security teams to anomalies. e-Safe picks up indicators of compromise like unusual use of admin / hacking tools, unusual transfers or consolidation of data, and unusual after-hours activity. When used in combination with threat intel feeds and/or perimeter security tools, e-safe can also be used to identify compromised machines and the source of an attack.
Empowering end users to classify and monitor sensitive information themselves
e-Safe Compliance ensures that all transactions done by authorized users are analysed and monitored by users who understand them. This is made possible via e-Safe Compliance decentralized management components, which are as follows:
Using the e-Safe Compliance information tagging utility, authorised information owners can classify large amounts of information using rules, which are applied within their department.
Information owners can classify sensitive documents as secret, confidential or internal use using document rights management. They can also specify who can access this information by defining document rights without involving the central admin.
Potential data leak incidents which are produced by these decentralized definitions are reviewed by the information owners themselves, and, in some cases, completely without involving the IT admin. As the information owners have a good understanding of the people using the information, the operational circumstances and what constitutes misuse of the information, they are able to identify serious misuse of information accurately.
The decentralized security facilities ensure that end-users are engaged in maintaining the security of the information as they can clearly see the results of any mishandling, thus making security part of everyday operations.
Security management workflow
e-Safe Compliance security management workflow ensures that any dubious transaction done by a user is reported to the user’s manager (the information owner) and to the security personnel. This mechanism of reporting to the owners who actually understand the information ensures that staff do not misuse the information. Furthermore, to ensure that the information owners are not stealing sensitive information, the usage reports are centrally audited by the security department (or similar). This dual-reporting is a central requirement for compliance to ISO27001 standards.
A high-level diagram of the checks and balances within e-Safe Compliance is shown in figure 1 below.
Figure 1 – Decentralized Information Monitoring System (Security is everyone’s responsibility)