Embed Size (px)
Citation preview
Presented by Sudhakar Gummadi, CISO
Data Loss Preven9on
1
3
What is Data Loss Prevention?
What is your confidential data?
How is it being used?
How best to prevent its loss?
Protect Discover Monitor
Data Loss Prevention (DLP)
How it Works
2 3 4
Policy
■ Enable or customize policy templates
Manage ■ Remediate
and report on risk reduction
1 5
Protect ■ Block,
remove or encrypt
■ Quarantine or copy files
■ Notify employee & manager
Monitor ■ Inspect data
being sent
■ Monitor network & endpoint events
Discover ■ Identify scan
targets
■ Run scan to find senstivie data on network & endpoint
4
Brand Damage
Compliance LiabiliCes
Costly Fines
Why Have Data Loss Prevention?
5
What was the driving force behind DLP?
• In 2012, data breaches cost organizaCons an average of $5.4 million. • Healthcare Industry breaches averaged $233 per record.
• Compare with Financial Industry average $215 per record.
• Data breaches resulCng from a malicious aNack yielded the highest cost. • $277 per record.
Data Loss Preven9on was our answer to the following security challenge: • Protect against potenCal loss of sensiCve data
• Keep data safe without impacCng users
6
In-House vs. Outsourced
Choosing In-‐House VS. Outsourced DLP Solu9on • Topics to consider
• Size of OrganizaCon • Number of Filters • Staff Skillset • Staff Overhead • Data Ownership
The Spotlight on: Security
Choosing a Product • Signing HIPAA Business Associate Agreement • Professional Services for iniCal deployment • Virtual or Physical infrastructure • Database requirements • CompaCble mail gateway (email encrypCon) • CompaCble proxy for SSL inspecCon
7
Choosing Data Loss Prevention
The Spotlight on: Security
Crea9ng DLP team • Hiring staff with DLP experience
• What to look for?
• IT Security experience • DLP experience • HIPAA and Privacy background • Phone/help desk skills • Team leadership
8
Data Loss Prevention Team
9
It Takes a Village..
GeQng ready for ini9al deployment • Sebng up one-‐on-‐one meeCngs with each affected department.
• Networking • Storage • Exchange • Desktop • Server • Database
• Gathering informaCon about our environment in order to properly size our deployment
• Sebng up required servers (16 physical/virtual) • Having the vendor assist with the iniCal install and deployment
10
Initial Problem
Ini9al Problem Once we had DLP deployed, we had no official way of agreeing on what policies to enable.
• There were legal concerns about what we needed to do about incidents • Who would be responsible for incidents? • How do we get business buy-‐in for remediaCng incidents?
11
Initial Problem
Solu9on • We formed a commiNee with heads of each departments. This included Legal, HIPAA,
Compliance, and IT Security. • We created groups within each department that would be responsible for incidents within
their field of experCse (HIPAA incidents, Legal incidents, Compliance Incidents, IT Security incidents)
• We created queues within DLP which enabled us to assign “Cckets” (incidents) to a queue that only specific users had access to. This allowed them to work on incidents only assigned to them for their area. They are unable to poke around and view incidents not assigned to their area.
Confidential & Proprietary Use pursuant to company instructions
© 2013 Molina Healthcare, Inc. All rights reserved
The Spotlight on: Security Agent Deployment
• Discussed and approved by the DLP CommiNee • Met with Desktop Support team to for Q&A about the agent • Started with DLP team test machines as pilot • Expanded to 10 users within IT Security • Expanded to all users in IT Security • Expanded to 50 users throughout the organizaCon • Expanded to 200 users throughout the organizaCon • Full deployment/integraCon with new machine images
• No agent related issues reported by users
12
DLP Agent Deployment
Confidential & Proprietary Use pursuant to company instructions
© 2013 Molina Healthcare, Inc. All rights reserved
The Spotlight on: Security
Agent block and aler9ng mode
• We iniCally introduced DLP pop-‐up alerts to a hand full of test subjects.
• Aler successful deployment of alerts to a wider group, we moved on to full block mode.
• Block mode must be done with extreme cauCon not to disrupt the business. Policies must be fine tuned to avoid false posiCves when possible.
13
Agent Block/Alerting Mode
Confidential & Proprietary Use pursuant to company instructions
© 2013 Molina Healthcare, Inc. All rights reserved
Addi9onal uses of the DLP system
• PCI/HIPAA scans on workstaCons/servers • Database scanning • SharePoint scanning • File Share scanning • AlerCng of spam bots
14
Additional Uses For DLP
Confidential & Proprietary Use pursuant to company instructions
© 2013 Molina Healthcare, Inc. All rights reserved
The Spotlight on: Security
Lessons learned • Forming commiNees was key to having a successful deployment of
policies and new modules. • Gebng buy-‐in from business stakeholders was crucial • Involve key teams (Networking, Storage, Exchange etc..) early on. • Take policy updates and deployments slowly. Causing a disrupCon to
business can make it difficult to gain approval for further deployments.
• Refrain from iniCally enabling mulCple policies at the same Cme, this will cause a flood of incidents with duplicates.
• Turn on one policy, fine tune to perfecCon before moving to the next policy.
15
Lessons Learned
16
Questions and Answers
