RightsWATCH. Data-centric Security. Rui Melo Biscaia, Watchful Software www.watchfulsoftware.com Director of Product Management rui.biscaia@watchfulsoftware.com
The Perimeter Paradigm Well Meant Insider Malicious Insider 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 2
Are you controlling information disclosure? 10/4/2013 Copyright www.watchfulsoftware.com. 2012 All Rights Reserved. 3
A New Paradigm in Data Centric security Data Centric Security = RightsWATCH Data Classification for enhanced compliance & decrease liability; IRM Information Rights Management to enforce data protection; DLP Data Loss Prevention to apply and uphold policies. 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 4
10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 5 www.watchfulsoftware.com
Extending & Enhancing AD RMS AD-RMS Powerful infrastructure for encryption and rights management Rich user experience leveraging the RMS infrastructure Provides underpinnings for creating templates across the organization Automatic classification of information based upon content and context Enables integration to the internals of Active Directory at the server side for desktop systems and applications Enables integration to MS Office suite at the client side Extends RMS encryption beyond the desktop to they BYOD world Extends RMS encryption to non-office datatypes such as PDF, Visio, etc. Powerful infrastructure Complete Solution 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 6
What makes RightsWATCH different? Multilevel Security & Dynamic User Profiling Keeps information safe from security breaches or disclosure, resulting from malicious wrongdoing or inadvertent misusage Allows for a smooth deployment & roll-out, making it possible to start small and grow with a smooth learning curve Content & Context Aware Protection Brings the merger between DLP and ERM to life, In a single, simple to deploy and user-friendly software product Enhanced User Experience Delivers a transparent and intuitive user experience on multiple platforms and file types, to allow immediate ROI Watermarking & Fingerprinting (Data Labeling & Tagging) Automatic labeling, fingerprinting, and watermarking to decreasing corporate liability in case of an information security breach Audit Trails & Compliance Allows for complete Audit Trail on user and systems admin actions, enabling organizations to be compliant with regulations Addressing the BYOD Trend Keeps sensitive information safe in a BYOD world, by extending Data Classification & RMS encryption to Smartphones and Tablets. The decryption of the email messages IS DONE on the device. 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 7
1. Multilevel Security & Dynamic User Profiling www.watchfulsoftware.com Segregate access to sensitive information based on vertical and horizontal Scopes/Context: Department, Secret Project, Supply Chain, Confidential Costumers, Partners, Internal Use Ability to grant/revoke each user with multiple security clearances: In a given moment in time Public Within a specific role performed 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 8
2. Content & Context Aware Protection Intelligent and automatic information classification based on: Regular Expressions Content Enforces corporate policies where compliance is: Mandatory or Suggested not prone to human error Context Patterns 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 9
3. Enhanced User Experience Can force content protection Radio button interface with visual indicators Automatic and explicit guidance Automate protection based on content One-click protection option in the Office UI Requires user to select policy Automatic protection provided with serverside policies 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 10
3. Enhanced User Experience Forces users to classify data Documents can be protected automatically, based on content (RegEx/keywords) Radio button interface with visual indicators Automatic and explicit guidance 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 11
3. Enhanced User Experience - ALL file types 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 12
4. Watermarking and Fingerprinting Watermarking Automatic adding of watermarks, headers, footers and disclaimers to educate users and make classification explicit: Visual Labeling Decrease company liability if and when a leak occurs Fingerprinting Include metadata onto emails, docs, etc in order to transform unstructured data into a more structure form, allowing it to be better picked up by Full-featured DLPs and/or email gateways 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 13
4. Watermarking and Fingerprinting ( ) Protects the company from a legal and compliance perspective Rules-based configuration to allow flexibility Dynamic watermark support Automatic protection policies without requiring Exchange server or server-side modifications 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 14
5. Audit Trails & Compliance Audit Trails for: Compliance and Forensic analysis Monitor and audit company governance policies Logging of user actions (producing, saving, printing, exporting,.) over the information Logging of admin actions and the system Blacklisting On-the-Fly discretionary measures to prevent data leakages 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 15
5. Audit Trails & Compliance ( ) Rich System Admin Experience Rapid learning curve for administrators and infrequent users alike Access segregation to information being accessed by different stakeholders; Detailed & Incremental configuration and Roll-out Deploy and use at your own pace. Doesn t disrupt workflows and existing procedures and processes Serving multiple and heterogeneous environments System integrity controls To perform damage control actions To prevent mistakes and harmful actions against AD 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 16
6. Addressing the BYOD Trend RightsWATCH keeps sensitive information safe in a BYOD world by extending Information Protection & Control to Smartphones and Tablets RMS protection goes mobile: Full Featured RMS encryption extended to mobile environments No need for extra servers. THE DECRYPTION PROCESS IS DONE ON THE DEVICE The email messages are accessible on the mobile devices. Possibility to reply/forward/compose information is controlled according to user rights Create protected email Consume protected email ios Yes Yes Android Yes Yes BlackBerry Yes Yes Windows Phone No Yes 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 17
In a nutshell: Capabilities Simplified user experience Centralized policy enforcement Formats supported PDF Support Watermarking Mobile devices Automatic data classification Data Labeling Client-side logging Intrusion Detection System Administration Monitoring, Auditing and Reporting Outlook Web App (Exchange) SharePoint Collaboration RightsWATCH s Value Added Easy and transparent user interaction based on data classification, labeling, and tagging User must select a policy defined by the administrator; removes the ability for a user to create an ad hoc permission policy All file types, including documents, image, and video, can be protected with a wrapper protection IRM protected PDF consumption; protect PDF files using Save as or the right-click Protect option Dynamic Watermarking incorporates end-user and computer information ios, BlackBerry, Android, Windows Phone Create custom rules to automatically protect email messages that match specific triggers Metadata associated with document classification Log client-side actions including print, view, and reclassification User-intrusion detection system based on Keystroke Dynamics Centralized management interface for classification, users, roles, and document revocation Complete audit trail logs end user actions and system administrator actions Easy and transparent user interaction based on data classification, labeling, and tagging (Exchange 2010 SP1 or later) Content classification applied to documents upon upload to a document library 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 18
RightsWATCH. Data-centric Security. Rui Melo Biscaia, Watchful Software www.watchfulsoftware.com Director of Product Management rui.biscaia@watchfulsoftware.com
Back-up Slides 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 20
RightsWATCH Unique BYOD Strengths Simplicity No discreet mobile server components needed In BlackBerry world, nothing required on the BBS No additional connectors needed No user interaction required to grant mobile device access when creating content Wide support This is all handled by the AD RMS infrastructure ios support Both for iphone and ipad Available through the App Store BlackBerry support Across multiple releases Available on BlackBerry World Android support Device independent No requirement for ActiveSync support on device Available on Google Play Market Windows Mobile Provides AD RMS support in the mobile environment Enterprise-class management Know when an object is opened, forwarded, etc. regardless of where it is in the world 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 21
RightsWATCH for ios Information Protection Extends the Information Security Schema to the device with RMS protection Simplicity App available from the App Store to enable handling of AD RMS encrypted email messages on the device Enforces access and handling control detailed rights No Active Sync Connector needed Management Allows easy Central Management and Auditing Future Extended support for handling of RMS encrypted email attachments 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 22
RightsWATCH for Android Information Protection Extends the Information Security Schema to the device with RMS protection Simplicity App available from Google Play market to be able to handle RMS encrypted email messages on the device No Active Sync Connector needed Independent of Android device type Management Allows easy Central Management and Auditing Future Extending support for RMS encrypted email attachments 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 23
RightsWATCH for BlackBerry Information Protection Extends the Information Security Schema to the device with RMS protection Simplicity Works in a seamlessly integrated way on BB s OX 7 email client, enforcing access and handling control detailed rights No BES Server connector nor Active Sync Connector needed Management Allows for easy Central Management and Auditing Future Extending support for RMS encrypted email attachments Support for BB OX 10 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 24
RightsWATCH for Windows Phone Information Protection Provides Native RMS support for the Windows Mobile phone environment Enforces access and handling control detailed rights to email messages on the device Simplicity User able to Read, Reply and Forward AD RMS protected email messages Independent of Windows Phone device type Management Allows for easy Central Management and Auditing 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 25
Simple, Powerful Admin Interface 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 26
System Architecture 10/4/2013 Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 27