WHITE PAPER SPON. Information Security Best Practices: Why Classification is Key. Published November 2011 SPONSORED BY
|
|
- Emil Wright
- 8 years ago
- Views:
Transcription
1 WHITE PAPER N Information Security Best Practices: Why Classification is Key An Osterman Research White Paper Published November 2011 sponsored by SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington USA Tel: Fax: info@ostermanresearch.com twitter.com/mosterman
2 Executive Summary Is classification important? In a word, yes. Some believe, for example, that Wikileaks would not have gained access to US government documents if the appropriate classification technology had been deployed. messages and their attachments, production reports, legal briefs, press releases, job applications, tax documents, memos and other content have varying degrees of sensitivity: some content is highly sensitive and should never be sent outside of an organization or stored on internal systems without being encrypted or access-controlled, while other content contains no sensitive or confidential information of any kind. Additionally, there are other files on the network, such as surveillance or tactical combat videos, CAD diagrams and sensitive pictures. All have a level of sensitivity that should be managed. A classification system that permits users to tag this content based on its sensitivity or confidentiality can provide any organization with a number of important benefits: Users become more aware of corporate policies and regulatory obligations to protect data. Inadvertent leaks of sensitive data are reduced dramatically. Data loss prevention (DLP) systems can operate more effectively and efficiently. Archiving systems can retain content more accurately. KEY TAKEAWAYS All organizations should deploy a content classification system to protect against inadvertent data leaks and to help users become more aware of the sensitivity of the content they create, send, read and otherwise process in the course of doing their work. Classification systems are easy to use, do not impose a burden on users normal workflows, and complement an organization s existing (or to-be-deployed) DLP and archiving systems. Is classification important? Some believe that Wikileaks would not have gained access to US government documents if the appropriate classification technology had been deployed. ABOUT THE SPONSOR OF THIS PAPER This white paper was sponsored by TITUS, a leading provider of classification technology used across a wide range of industries. A brief overview of the company is included at the end of this document. What is Classification? The concept of classification in the context of security is quite simple: it is merely the tagging of messages and files based on the sensitivity of their content. An outgoing , a file stored on a server or a document created using a desktop productivity application can be tagged with an appropriate label to ensure that the information contained within it is categorized and processed appropriately. Tags can be pre-established so that users simply select the appropriate option from a drop-down menu in an application or, in some cases, individual users can define tags. With the right technology, classification is a simple process that becomes part of users normal content sending, receiving and filing workflow Osterman Research, Inc. 1
3 The fundamental reason for tagging for security purposes is to ensure that sensitive data is not inadvertently leaked through or a file transfer system, or that sensitive data is not stored without appropriate access controls in place. A classification system is not intended to be a replacement for a DLP system in fact, a classification system actually makes DLP more effective and efficient by providing DLP systems with more information on which to base a routing, encryption or blocking decision. Conversely, DLP systems cannot be as efficient in the absence of classification simply because they lack important information about the content they scan. Why is Classification Important? There are a number of reasons that s and files need to be classified based on the sensitivity of their content. For example, within and outside an organization there is information that is sensitive and access to which should be limited only to those with a specific need for it. This information might include personnel records, job applications, marketing plans, press releases, product announcements, discussions about trade secrets, discussions with auditors or legal counsel and other content for which access needs to be managed. More importantly, there are a variety of regulatory obligations imposed on virtually all organizations to protect data. For example: Forty-six of the 50 US states, as well as the US Virgin Islands, Puerto Rico and the District of Columbia, now have laws on the books that require individuals to be notified if a data breach has occurred. Alberta also passed a similar provision in 2010 that was incorporated into its Personal Information Protection Act i. The Gramm-Leach-Bliley Act requires that financial institutions protect information collected about individuals, including names, addresses and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Payment Card Industry Data Security Standard encompasses a set of requirements for protecting the security of consumers and others payment account information. DLP solutions are not as effective without the additional information provided by a classification system. Classification gives DLP systems more information with which to manage content. The Health Insurance Portability and Accountability Act addresses the use and disclosure of an individual's health information. It defines and limits the circumstances in which an individual's protected health information (PHI) may be used or disclosed by covered entities, and states that covered entities must establish and implement policies and procedures to protect PHI. US federal agencies have an obligation to manage Controlled Unclassified Information (CUI) in a more cohesive way as a result of Executive Order The goal of this order is to categorize information in accordance with federal guidelines to safeguard and appropriately manage unclassified information ii Osterman Research, Inc. 2
4 The Personal Information Protection and Electronic Documents Act is a Canadian privacy law that applies to all private companies operating in Canada. Like many other privacy laws, it requires that personal information be stored and transmitted securely. Two US states Nevada and Massachusetts have passed laws requiring that sensitive information about residents of the respective states be encrypted during transit. While classification does not encrypt content, it can classify content, either for individuals or DLP systems, to identify information that should be sent with encryption. ISO is an emerging Information Security Management System standard that requires the protection of information assets for risk avoidance. The system requires that organizations bring information security, including labeling and classification of s and documents, under explicit management control. NERC is the organization responsible for the reliability and security of the bulk power system in North America. NERC standards define the reliability requirements for planning and operating the North American bulk power system. They have created a set of Critical Infrastructure Protection (CIP) standards that ensure the information and computer systems security for any entity that generates, distributes or transmits power across the grid. A key component of these standards is the information protection standard. This standard states that utility organizations must implement a program to identify, classify, and protect information. Classification of data is a key issue and content must be categorized based on business value. However, this was difficult with conventional classification technologies. We needed a solution that was easy to use to ensure that users would actually use it. G4S Security Services These are but a few of the many obligations that organizations have to protect content that they send or store. By minimizing the potential that data will be inadvertently leaked in violation of corporate policy or statute, organizations can dramatically reduce their risk exposure. The Benefits of Classification There are several benefits that any organization regardless of size or industry can realize through the use of a classification system: Classification protects data and makes breaches much less likely One of the primary benefits of classification is that it makes inadvertent data breaches much less likely simply because every and file is clearly marked with a label based on the sensitivity of the content. While an intentional data breach can still occur when classification is used such as a user copying sensitive or confidential information to a USB drive or sending this content to a personal Webmail account accidental leaks become 2011 Osterman Research, Inc. 3
5 highly unlikely. Moreover, the combination of classification and DLP further improves protection against data leaks. Users become more aware of content sensitivity Because users are called upon to classify content, users become much more aware of the sensitivity of content they create, read, send and save. After classifying content for just a short while, users change their behavior simply because they are reminded on a regular basis to think about corporate data security policies and statutory obligations in the context of information that they process. This is particularly important when users are forwarding s sent to them by others. For example, an may contain sensitive information of which the user is unaware if they have not read all of the threads on which they have been copied or if they don t fully read the attachments in an . However, if the original and subsequent senders classify the content, it is much easier to determine just how sensitive the content is without scanning or reading all of it. DLP effectiveness is improved As noted earlier, DLP effectiveness can be improved dramatically by providing more information about content in an or file. Moreover, DLP efficiency can be improved because deep content inspection is not required to nearly the same extent. For example, an marked Confidential by a user does not need to be inspected by the DLP system because the s status and, consequently, the necessary disposition of the by the DLP system can be determined without any detailed inspection. This can dramatically improve the throughput of DLP systems because fewer CPU cycles are required to examine content. Moreover, an organization does not have to rely completely on a DLP system making the right call that something is confidential, thereby reducing the impact of false positives and false negatives. Data retention is made easier All organizations must retain their business records for long periods for reasons of regulatory or legal compliance, or simply because of corporate best practice. Classification makes data retention easier because there is more information available for a content archiving system and individual users to process when making decisions about the length of time that content should be retained. Automated Encryption Encryption solutions may be too complex for the average user. Classification of data can remove the complexity of encryption by prompting users to simply classify or categorize an or document. These classification selections can then be configured to automatically trigger encryption or rights management protection based on the sensitivity of the data and the label applied to ensure protection of an organization's valuable information. In short, user classification of data raises users awareness of content sensitivity, adds visual markings to content about its sensitivity level, adds persistent metadata, protects against data breaches through , and adds content protection, such as encryption or information rights management capabilities Osterman Research, Inc. 4
6 Five Myths About Classification There are five myths about classification that are important to address because they can inaccurately impact decision makers perceptions about the decision to implement classification technology: 1. We can t trust users to classify things properly Organizations pay their information workers to create, read, process, send and otherwise manage s, word processing documents, spreadsheets, presentations and various other types of content. An individual who can compose or read an or file is certainly capable of classifying the sensitivity of the content contained within it. In fact, the individual who composes a particular piece of content is normally the one most knowledgeable about its sensitivity and, therefore, the best person to classify it. 2. Employees won t want to classify content That may be true to an extent, but there are two things to consider here. First, classification is incredibly simple, requiring nothing more than selecting an option from a drop down list in an client or a desktop productivity application. Second, users will benefit from classification because it will help them to avoid embarrassing mistakes and avoid leaking information that should be protected. Granted, there may be some initial resistance to the use of classification technology on the part of some users, but this opposition will be minimal and short-lived in almost every instance. 3. Classification is time-consuming and difficult This is simply not the case. While classification may require a couple of seconds per sent or document created, it is not time-consuming and it definitely is not difficult. 4. Our DLP system is all we need to protect data As noted earlier, a classification system is complementary to a DLP system, not a substitute for it. In fact, Osterman Research recommends that organizations deploy both because of the synergies that are created when both technologies are used in tandem. 5. We just don t need to classify content Is there an organization that doesn t create business records, send confidential information via , or at least occasionally receive sensitive content? In short, every organization sends, receives, creates and processes information that runs the gamut from general business content to sensitive information that must be protected from inadvertent data breaches and other unauthorized access. Summary Classification technology provides a number of important benefits to any organization, regardless of its size or the industry it serves. These benefits include sensitizing users to corporate data security policies and regulatory obligations to protect data, improving the ability to scan content using DLP systems, and improving the effectiveness of content archiving systems. Most importantly, classification makes inadvertent data breaches much less likely, thereby mitigating corporate risk Osterman Research, Inc. 5
7 About TITUS TITUS is the leading provider of security and compliance software that helps organizations share information securely while meeting policy and compliance requirements. Their solutions enable military, government, and large enterprises to raise awareness and meet regulatory compliance by visually alerting end users to the sensitivity of information. Products include TITUS Classification, the leading message, document and file classification and labeling solutions; TITUS Aware, products that enhance Data Loss Prevention by detecting sensitive information at the desktop; and the TITUS family of classification and security solutions for Microsoft SharePoint. TITUS solutions are deployed to over 1.5 million users within our over 300 military, government and enterprise customers worldwide. We liked the TITUS solution because we found it simpler than competing solutions, it did not require any servers, and it was simple to install and configure. UniCredit Tiriac Bank 2011 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, Laws )) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. i ii Osterman Research, Inc. 6
EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, 2012-2017. Published May 2013. An Osterman Research Executive Brief
EXECUTIVE BRIEF N Sharing Market Forecast, sponsored by An Osterman Research Executive Brief Published May 2013 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationEXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April 2013. An Osterman Research Executive Brief. sponsored by.
EXECUTIVE BRIEF PON Explosion An Osterman Research Executive Brief Published April 2013 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationWHITE PAPER SPON. Do Ex-Employees Still Have Access to Your Corporate Data? Published August 2014 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N Do Ex-Employees Still Have Access to Your Corporate Data? An Osterman Research White Paper Published August 2014 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box
More informationUser Driven Security. 5 Critical Reasons Why It's Needed for DLP. TITUS White Paper
User Driven Security 5 Critical Reasons Why It's Needed for DLP TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility
More informationWHITE PAPER SPON. Making File Transfer Easier, Compliant and More Secure. Published February 2012 SPONSORED BY!!! An Osterman Research White Paper
WHITE PAPER N Making File Transfer Easier, Compliant and More Secure An Osterman Research White Paper Published February 2012 SPONSORED BY sponsored by SPON sponsored by sponsored by Osterman Research,
More informationWHITE PAPER SPON. Business-Class File Sharing Best Practices SPONSORED BY. An Osterman Research White Paper. sponsored by.
WHITE PAPER N sponsored by Business-Class File Sharing An Osterman Research White Paper SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationWHITE PAPER SPON. Making File Transfer Easier, Compliant and More Secure. Published February 2012 SPONSORED BY!!! An Osterman Research White Paper
WHITE PAPER N Making File Transfer Easier, Compliant and More Secure An Osterman Research White Paper Published February 2012 SPONSORED BY sponsored by sponsored by SPON sponsored by Osterman Research,
More informationEXECUTIVE BRIEF SPON. Third-Party Archiving Solutions Are Still Needed in Exchange 2013 Environments. Published April 2015
EXECUTIVE BRIEF Third-Party Archiving Solutions Are Still Needed in Exchange Environments An Osterman Research Executive Brief sponsored by Published April 2015 SPON sponsored by Osterman Research, Inc.
More informationWHITE PAPER SPON. The Cost and ROI Advantages of IronKey Workspace W300 for Windows to Go. Published May 2013 SPONSORED BY
WHITE PAPER N of IronKey Workspace W300 An Osterman Research White Paper Published May 2013 SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA
More informationSURVEY REPORT SPON. Identifying Critical Gaps in Database Security. Published April 2016. An Osterman Research Survey Report.
SURVEY REPORT Gaps in Database An Osterman Research Survey Report sponsored by Published April 2016 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationWHITE PAPER SPON. Achieving Rapid Payback With Mobile Device Management. Published November 2012. An Osterman Research White Paper.
WHITE PAPER N Achieving Rapid Payback With An Osterman Research White Paper Published November 2012 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationWHITE PAPER. Taking a Strategic Approach to Unified Communications: Best of Breed vs. Single Vendor Solutions SPON. Published February 2013
WHITE PAPER sponsored by Unified Communications: Best of Breed vs. Single Vendor An Osterman Research White Paper Published February 2013 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationSURVEY REPORT SPON. Security Awareness Training Effectiveness Report. Results of a Survey of KnowBe4 Customers and Non-Customers. Published July 2013
SURVEY REPORT Security Awareness Training Effectiveness Report Results of a Survey of An Osterman Research Survey Report sponsored by Published July 2013 SPON sponsored by Osterman Research, Inc. P.O.
More informationSURVEY REPORT PON SPON. Results of a Survey Conducted for Electric Cloud. Published January 2011. An Osterman Research Survey Report.
SURVEY REPORT PON sponsored by Results of a Survey Conducted for Electric Cloud An Osterman Research Survey Report Published January 2011 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationTitus and Cisco IronPort Integration Guide Improving Outbound and Inbound Email Security. Titus White Paper
Titus and Cisco IronPort Integration Guide Improving Outbound and Inbound Email Security Titus White Paper Information in this document is subject to change without notice. Complying with all applicable
More informationWHITE PAPER SPON. Pain Free Unified Communications and Collaboration. Published May 2011 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Pain Free Unified Communications and Collaboration An Osterman Research White Paper Published May 2011 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black
More informationWHITE PAPER SPON. Email Archive Migration: Opportunities and Risks. Published February 2014. An Osterman Research White Paper.
WHITE PAPER N Email Archive Migration: An Osterman Research White Paper Published February 2014 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationThe Cost Effective Migration to Integrated Hybrid SaaS Email Security
y The Cost Effective Migration to Integrated SaaS Email Security An Osterman Research White Paper Published July 2010 SPONSORED BY #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black
More informationWHITE PAPER SPON. The Benefits of Vendor Consolidation and Centralized IT Management. Published June 2014 SPONSORED BY
WHITE PAPER N An Osterman Research White Paper Published June 2014 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel: +1 253
More informationWhy You Need to Consider Virtualization
! An Osterman Research White Paper Published September 2008 SPONSORED BY!! Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866 842 3274 info@ostermanresearch.com
More informationWHITE PAPER SPON. Considerations for Archiving in Exchange Environments. Published July 2013 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N Considerations for Archiving in An Osterman Research White Paper Published July 2013 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationCloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
More informationSURVEY REPORT SPON. Small and Medium Business: IT/Security Priorities and Preferences. Published September 2015. An Osterman Research Survey Report
SURVEY REPORT N sponsored by An Osterman Research Survey Report Published September 2015 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel: +1 253 630
More informationWHITE PAPER SPON. Email Encryption is an Essential Best Practice. Published August 2014 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Email Encryption is an Essential An Osterman Research White Paper Published August 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationWHITE PAPER SPON. What is the Total Value of Ownership for a Hosted PBX? Published September 2012. An Osterman Research White Paper.
WHITE PAPER N What is the Total Value of An Osterman Research White Paper Published September 2012 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationMicrosoft Lync Server 2010 and the Unified Communications Market Key Considerations for Adoption, Deployment and Ongoing Management
y Microsoft Lync Server 2010 and the Unified Communications Market Key Considerations for Adoption, Deployment and Ongoing Management An Osterman Research White Paper Published October 2010 SPONSORED BY!
More informationUsing SaaS to Reduce the Costs of Email Security
Using SaaS to Reduce the Costs of Email Security y An Osterman Research White Paper Published February 2009 SPONSORED BY onsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationShould You Install Messaging Security Software on Your Exchange Server?
Should You Install Messaging Security Software on Your Exchange Server? An Osterman Research White Paper Published July 2008 SPONSORED BY Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationProtecting Business Information With A SharePoint Data Governance Model. TITUS White Paper
Protecting Business Information With A SharePoint Data Governance Model TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws
More informationEXECUTIVE BRIEF SPON. Third-Party Archiving Solutions Are Still Needed in Exchange 2010 Environments. Published March 2012
EXECUTIVE BRIEF Third-Party Archiving Solutions Are Still Needed in Exchange 2010 Environments An Osterman Research Executive Brief sponsored by Published March 2012 SPON sponsored by Osterman Research,
More informationHow To Calculate Total Cost Of Ownership (Tco) For Email Systems
WHITE PAPER N The TCO of Enterprise Email An Osterman Research White Paper Published June 2012 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationIdentifying Broken Business Processes
Identifying Broken Business Processes A data-centric approach to defining, identifying, and enforcing protection of sensitive documents at rest, in motion, and in use 6/07 I www.vericept.com Abstract The
More informationThe Growing Problem of Outbound Spam
y The Growing Problem of Outbound Spam An Osterman Research Survey Report Published June 2010 SPONSORED BY! #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationTotal Cost of Ownership - SharePoint Security
y Comparing Leading Email and SharePoint Security Solutions An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationAchieving Greater TCO Benefits Using a Secure Workspace Solution: Comparing TCO for Three Telework Approaches
WHITE PAPER N Using a Secure : Comparing TCO for An Osterman Research White Paper Published May 2012 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationRealizing the Cost Savings and Other Benefits from SaaS Email Archiving
y Realizing the Cost Savings and Other Benefits from SaaS Email Archiving An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by sponsored by Osterman Research, Inc. P.O. Box 1058
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationWHITE PAPER SPON. The Need for IT to Get in Front of the BYOD Problem. Published October 2012 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N The Need for IT to Get in Front An Osterman Research White Paper Published October 2012 sponsored by SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationWHITE PAPER SPON. A Cloud-Client Architecture Provides Increased Security at Lower Cost. Published January 2012 SPONSORED BY
WHITE PAPER N A Cloud-Client Architecture Provides Increased Security at Lower Cost An Osterman Research White Paper Published January 2012 SPONSORED BY sponsored by! SPON sponsored by Osterman Research,
More informationCompliance and Security Solutions
Content-aware Compliance and Security Solutions for Microsoft SharePoint SharePoint and the ECM Challenge The numbers tell the story. According to the consulting firm Doculabs, 80 percent of the information
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationWHITE PAPER SPON. Three Steps to Get Started With Email DLP. Published July 2013 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Three Steps to Get Started With An Osterman Research White Paper Published July 2013 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationSolving.PST Management Problems in Microsoft Exchange Environments
Solving.PST Management Problems in Microsoft Exchange Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More information10 Steps to Establishing an Effective Email Retention Policy
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION
More informationWHITE PAPER SPON. Why Should You Encrypt Email and What Happens if You Don t? Published July 2013. An Osterman Research White Paper.
WHITE PAPER N An Osterman Research White Paper Published July 2013 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel: +1 253 630 5839 Fax:
More informationWHITE PAPER SPON. Dealing with Data Breaches and Data Loss Prevention. Published March 2015. An Osterman Research White Paper.
WHITE PAPER N Dealing with Data Breaches and An Osterman Research White Paper Published March 2015 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationHiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint
HiSoftware Policy Sheriff SP HiSoftware Security Sheriff SP Content-aware Compliance and Security Solutions for Microsoft SharePoint SharePoint and the ECM Challenge The numbers tell the story. According
More informationWhy You Need to Focus on Social Networking in Your Company
y Why You Need to Focus on Social Networking in Your Company An Osterman Research White Paper Published July 2010 SPONSORED BY #$!#%&'()*(!!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationThe Benefits of Unified Communications
y The Benefits of Unified Communications for SMBs An Osterman Research White Paper Published February 2010 SPONSORED BY! #$!#%&'()*(!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationThe Cost Benefits of a Hybrid Approach to Security
ed by The Cost Benefits of a Hybrid Approach to Security An Osterman Research White Paper Published February 2010 SPONSORED BY! #$!#%&'()*(!!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black
More informationWHITE PAPER SPON. Improving the Compliance Management Process. Published April 2014 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Improving the Compliance An Osterman Research White Paper Published April 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationSolving Key Management Problems in Lotus Notes/Domino Environments
Solving Key Management Problems in Lotus Notes/Domino Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationA Buyer's Guide to Data Loss Protection Solutions
A Buyer's Guide to Data Loss Protection Solutions 2010 Websense, Inc. All rights reserved. Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. Websense
More informationThe Need for a Better Way to Send Files and Attachments an Osterman Research white paper sponsored by
The Need for a Better Way to Send Files and Attachments an Osterman Research white paper sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax:
More informationWHITE PAPER SPON. What is the Total Value of Ownership for a Hosted PBX? Published September 2012 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N What is the Total Value of An Osterman Research White Paper Published September 2012 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationHow To Choose Between Onpremises Or Cloud Based Email
WHITE PAPER Why the Cloud is Not Killing Off the On-Premises Email Market An Osterman Research White Paper Published April 2011 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O.
More informationBest Practices for DLP Implementation in Healthcare Organizations
Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology
More informationWHITE PAPER SPON. Managing Content in Enterprise Social Networks. Published August 2014 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Managing Content in Enterprise An Osterman Research White Paper Published August 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationCurrent Email and Archiving Practices in the Enterprise an Osterman Research research summary
Current Email and Archiving Practices in the Enterprise an Osterman Research research summary Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 253
More informationEmail Compliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationAchieving Regulatory Compliance through Security Information Management
www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations
More informationWHITE PAPER SPON. A Comparison of Email and Collaboration Platforms. Published October 2012 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N A Comparison of Email and An Osterman Research White Paper Published October 2012 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationDATA LEAKAGE PREVENTION IMPLEMENTATION AND CHALLENGES
DATA LEAKAGE PREVENTION IMPLEMENTATION AND CHALLENGES From This article focuses on common pitfalls when implementing a DLP solution to secure your organizational information assets. The article also lists
More informationWHITE PAPER SPON. Securely Enabling Remote Workers at Lower Cost Than Traditional Approaches. Published January 2014 SPONSORED BY
WHITE PAPER Workers at Lower Cost Than An Osterman Research White Paper Published January 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationSkybox Security Survey: Next-Generation Firewall Management
Skybox Security Survey: Next-Generation Firewall Management November 2012 Worldwide Results Notice: This document contains a summary of the responses to a November 2012 survey of medium- to largesize organizations
More informationMuscle to Protect Your Grid July 2009. Sustainable and Cost-effective Muscle to Protect Your Grid
July 2009 Sustainable and Cost-effective Muscle to Protect Your Grid Page 2 Ensuring the reliability of the North American power grid is no small task and one that continues to grow in complexity on a
More informationHIPAA Email Compliance & Privacy. What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationData Classification Technical Assessment
Data Classification Update: February 13th, 2015 Statement of Confidentiality This Confidential Information is being provided to Customer ABC as a deliverable of this consulting engagement. The sole purpose
More informationWHITE PAPER PON SPON. Comparing the Cost of Alt-N MDaemon and Exchange. Published July 2013 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER PON MDaemon and An Osterman Research White Paper Published July 2013 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationFocusing on Value-Added Services in a Hosted Messaging Environment
Focusing on Value-Added Services in a Hosted Messaging Environment An Osterman Research White Paper Published July 2008 Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone:
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE
Information is an organization s most important strategic asset the lifeblood of the organization s knowledge, processes, transactions, and decisions. With information continuing to grow exponentially,
More informationWHITE PAPER. The Protection and Operational Benefits of Agentless Security in Virtual Environments SPON. Published March 2012 SPONSORED BY
WHITE PAPER The Protection and Operational Benefits of Agentless Security in Virtual Environments An Osterman Research White Paper Published March 2012 SPONSORED BY sponsored by! SPON sponsored by Osterman
More informationRightsWATCH. Data-centric Security.
RightsWATCH. Data-centric Security. Rui Melo Biscaia, Watchful Software www.watchfulsoftware.com Director of Product Management rui.biscaia@watchfulsoftware.com The Perimeter Paradigm Well Meant Insider
More informationA Review of MessageSolution Enterprise Email Archive and Enterprise File Archive
A Review of MessageSolution Enterprise Email Archive and Enterprise File Archive An Osterman Research Review Published September 2008 Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationAttestation of Identity Information. An Oracle White Paper May 2006
Attestation of Identity Information An Oracle White Paper May 2006 Attestation of Identity Information INTRODUCTION... 3 CHALLENGES AND THE NEED FOR AUTOMATED ATTESTATION... 3 KEY FACTORS, BENEFITS AND
More informationIntegrating Records Management and ediscovery Processes for Greater Efficiencies
WHITE PAPER: RECORDS MANAGEMENT AND EDISCOVERY Integrating Records Management and ediscovery Processes for Greater Efficiencies APRIL 2008 Peter Pepiton II CA INFORMATION GOVERNANCE SOLUTIONS Table of
More informationWHITE PAPER SPON. Why the Cloud is Not Killing Off the On-Premises Email Market. Published April 2011 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER Why the Cloud is Not Killing Off the On-Premises Email Market An Osterman Research White Paper Published April 2011 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O.
More informationOsterman Research Executive Summary
Osterman Research Executive Summary Much of what is transmitted through an email system or an instant messaging (IM) system constitutes a record, or a document that must be kept for a minimum period of
More informationTHE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements
THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION Technology Overview, Business Justification, and Resource Requirements Introduction to Data Loss Prevention Intelligent Protection for Digital Assets Although
More informationTHE VALUE OF VOICE-ENABLING OFFICE 365. By Mike Osterman President Osterman Research
THE VALUE OF VOICE-ENABLING OFFICE 365 By Mike Osterman President Osterman Research EXECUTIVE SUMMARY The importance of email continues to grow: it s the most widely used communications tool in most organisations,
More informationSecure Messaging is far more than email encryption.
Secure Messaging is far more than email encryption. 1. Product service description It s a powerful yet simple cloud-based secure communications platform that enables greater productivity and collaboration.
More informationTITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud
Business Brief TITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud Nine out of 10 businesses cite security as the top obstacle for cloud adoption. - IDC Control Data
More informationHIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions
HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions A. Business Associate. Business Associate shall have the meaning given to such term under the Privacy and Security Rules, including,
More informationWHITE PAPER SPON. Managing SharePoint Growth: Strategies for Planning and Governance. Published October 2012. An Osterman Research White Paper
WHITE PAPER N Managing Growth: An Osterman Research White Paper Published October 2012 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationSecure and Protect Sensitive Information Digitized on Multifunction Devices
NSi AutoStore Secure and Protect Sensitive Information Digitized on Multifunction Devices Contents NSi AutoStore... 1 Why Security is Important?... 3 Compliance, it's everywhere... 4 What is data loss?...
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationThe Pros and Cons of DLP Tools
Risks and Rewards of Using Data Loss Prevention Technology in Information Security Programs reprinted with permission of Margaret P. Eisenhauer, Esq., CIPP Companies spend substantial time and money developing
More informationData Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide
Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide. Four steps for success Implementing a Data Loss Prevention solution to address PCI requirements may be broken into four key
More informationE-MAIL RETENTION BEST PRACTICE. Issue Date: April 20, 2011. Intent and Purpose:
E-MAIL RETENTION BEST PRACTICE Issue Date: April 20, 2011 Intent and Purpose: The intent of this best practice is for county officials to have an educational mechanism to explain requirements for maintaining
More informationHIPAA Privacy Breach Notification Regulations
Technical Bulletin Issue 8 2009 HIPAA Privacy Breach Notification Regulations On August 24, 2009 Health and Human Services (HHS) issued interim final regulations implementing the HIPAA Privacy Breach Notification
More informationTHE BENEFITS OF A CLOUD BASED PBX WITH HOSTED LYNC. By Mike Osterman President Osterman Research
THE BENEFITS OF A CLOUD BASED PBX WITH HOSTED LYNC By Mike Osterman President Osterman Research EXECUTIVE SUMMARY Communications is a critical component of the daily work activity for information workers,
More informationGuidance for Data Users on the Collection and Use of Personal Data through the Internet 1
Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationDid security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside
Help protect your data and brand, and maintain compliance from the outside September 2006 Copyright 2006 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States
More informationEmerging Trends in Fighting Spam
An Osterman Research White Paper sponsored by Published June 2007 SPONSORED BY sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866
More information