How Digital Rights Management improves Data Loss Prevention

Transcription

1 How Digital Rights Management improves Data Loss Prevention Case Study from UBS Marek Pietrzyk CDC DRM Business Project Manager March, 2015

2 How to avoid such "Breaking News"? Breaking News "Goldman Sachs Group Inc (GS.N)": Wed Jul 2, :50pm EDT (Reuters) - Goldman Sachs Group Inc (GS.N) on Wednesday said Google Inc (GOOGL.O) has blocked access to an containing confidential client data that a contractor sent to a stranger's Gmail account by mistake, an error that the bank said threatened a "needless and massive" breach of privacy. The breach occurred on June 23 and included "highly confidential brokerage account information," Goldman said in a complaint filed on Friday in a New York state court in Manhattan. Goldman said the contractor meant to her report, which contained the client data, to a "gs.com" account, but instead sent it to a similarly named, unrelated "gmail.com" account. Data Leakage Breaking News: coming alone with reputational and financial losses. 1

3 Risks of Accidental or Unintended Data Leakage Protection of sensitive data before the era of electronic data storage Physical perimeter barriers: only authorized users can access sensitive data (one-dimensional risk) => Risks of accidental CID disclosure during the era of electronic data storage 1. Root cause: CID well maintained within of IT applications, but after its retrieval and download spreading through the organization's collaboration environment. 2. Some CID leakage scenarios: ing CID externally to unauthorized recipients ("autocomplete") Printing CID and then losing the print-outs Creating screenshots of CID and using those in non-sensitive documents Copying & pasting CID content into a new document Accessing CID off-premise, in unsecure environment (e.g. mobile devices) Cyber attacks pilfering unprotected sensitive files (e.g. CID) Issue's complexity: we cannot prevent all of the above scenarios with just one protection barrier, but applying appropriate security solutions, we can considerably reduce the imminent risk levels. 4. So how to protect efficiently? Perimeter based protection proved not helpful, as we give up control when data leaves the secure zone, like applications or encrypted file shares. Therefore UBS, as global operating financial institution, managing millions of sensitive customer data, has decided to build in cooperation with leading technology partners, an innovative data centric solution to efficiently "stop-the-bleeding" 2

4 Digital Rights Management (DRM) at UBS - Objectives Only authorized users, authenticated with a smartcard have access to protected documents Outside UBS UBS Collaboration Environment UBS Applications Only documents marked for "3 rd party access" are readable outside UBS Phase 1: Automatic DRM Classification and Encryption of Downloads from Applications Phase 2: Classification and Encryption of user generated data assets Principles Data classification is enforced for all documents and s, based on the UBS information classification framework. DRM protection is automatically applied to all unstructured data according to the data classification. Access to unstructured data is granted according to the authentication strength and other controls, i.e. off-premise, x- border, access group. Authentication strength is dependent on the DRM protection and therefore dependent on the data classification (e.g. smartcard required for access to strictly confidential data: superior 2FA). How do we get there? Phase 1: Protect application downloads Phase 2: Protect user generated data assets From perimeter based protection controls to Protection and Access Control at Data Asset Level. 3

5 Required DRM Features and affected Use Cases Required Features: File Security Properties including Confidentiality Classification What are the file's metadata that can be effectively used for implementation of control measures File Protection and Access Controls Rules In which cases files must be protected: during download, user generated files, copy&paste inheritance What are the required protection measures: encryption, 2FA, offline work, LAAC, access groups (black/white lists) User interactions and user interface Under which circumstances and how user can modify file's security properties / confidentiality classification Rule based automatic re-protection / re-classification What are the rules allowing for automatic re-protection: periodic CID scans of File Shares and SharePoints External DA Transmission What are the sender / recipient / attachment rules, and required sender interactions (blocking, requesting justification) Logging and reporting Which are the reporting dimensions: user decryptions, classification downgrades, justifications of external sending Affected Use Cases: Download file / create new file: automatic protection (classification / encryption) => performance? Access to file: depending on the required authentication and authorization controls => access denied? Transmit file internally / externally: decrypt / re-encrypt depending on sender/receiver/attachment => intrusive? Challenge: how to avoid severe impact on daily Business Processes. 4

6 DRM - Solution Design and Implementation Approach Security Technology and Integration Partners Microsoft RMS used as basis encryption technology Secure Islands IQP(rotector) provides UI and supports non-ms-office file formats Business Logic defined by DRM Governance Group (Information Security, L&C) Classification levels - divisionally specific, depending on file's information category and type Mapping between confidentiality classifications levels and protection mechanisms (i.e. encryption) UI and user interaction principles (e.g. "external ") Rules implemented as "IQP Policies with RMS templates" distributed to end point IQP agents. Implementation and Roll-out Approach Extensive functional and non-functional tests, to ensure required protection, but no severe impacts: End user performance (encryption / decryption additional system time) System performance and scalability (RMS License Server, IQP Policy Server, network load) Gradual roll-out: Validation using a pilot roll-out to a few thousand users downloading bulk CIDs from Sales Applications Onboarding of users by locations and business divisions Applications onboarding and registration of download capabilities (granularity vs. accuracy) "Switching on" DRM features successively, tightening the "stop-the-bleeding" controls. 5

7 DRM - Roll-out and Deployment Strategy High Complexity and Dependency Management required to: Provide different functionalities to the users applying download protection and to the rest of the staff: "Full enabled mode" and "Collaboration mode" Staggered deployment to the downloading users (weekly deployment waves): Taking into account temporary limitations by exchanging protected files between teams In favour of closer monitoring and control of increasing load on RMS and IQP Servers and on the network. Dedicated L2/L3 support teams helping to resolve any related end user issues. No issues related to encryption / decryption performance. Few issue types traced back to clashes with other processes (all resolved either by policy update or with IQP upgrades): Slowdown of data upload process into MS-Excel spreadsheet, using certain plug-ins and processes (wscript.exe and cscript.exe) Performance degradation when working with the following 3 rd party products: FactSet, REOS, SSH Client, Thomson Reuters Eikon Processing slowdown of developer tools RAD, Talend, Eclipse, ANT, Maven, Tomcat Deploy, as those are intensively accessing.txt,.csv and.png files SAP BEx (excel) reports cannot be generated, as BEx add-in clashing with IQP Add-in. Roll-out phase stats Successful: since July 2014 DRM in production, protecting 10'000 CID downloads weekly. 6

8 DRM Key Usage Indicators (examples) Since July 2014 reports downloaded from registered applications are auto protected and then all DRM related operations on such files are included in audit trail and reported to Security Org. Registered vs not registered downloads 6,000 5,000 4,000 3,000 2,000 1, registered downloads not-registered downloads Analysis of registered downloads 6,000 5,000 4,000 3,000 2,000 1, not encrypted (i.e. "internal") encrypted (containing Swiss CID) Confidentiality classification changes File un-protections and the trend Enlightened: monitoring users' behavior to (a) find possible malicious activities, and (b) discover patterns allowing for further improvements of DRM controls. 7

9 DRM Outlook (next steps and challenges) Global roll-out (locations & business divisions) Further (more automated) applications onboarding Improved usability: integration of new IQP 5.0 UI automated decryption / re-encryption (reducing user interactions) simplification of offline work with encrypted files Protection of user generated files Copy & paste security context inheritance Improved reporting: detection of flows of classified files through the organization Decryption services for ediscovery, Forensic and Compliance processes File Shares and SharePoint scanning and file auto-protection DRM on Mobile Devices (read & write features) Integration with ADRMS & S/MIME in MS-Office and MS-Outlook: aligned look & feel Searching for a balance between controls and usability: Data Centric Protection ("immunization") successfully reduces data leakage related risks, but also decreases efficiency of daily business processes it is a learn process. 8

10 Contact information Marek Pietrzyk, CDC Pillar 3, Corporate Center COO, UBS UBS AG, 8048 Zurich, Office: Mobile: