The Gamification of Data Loss Prevention

Similar documents
Symantec DLP Overview. Jonathan Jesse ITS Partners

Information & Asset Protection with SIEM and DLP

Endpoint Security for DeltaV Systems

Security.cloud Configuring DLP on to your flow and applying security to your hosted deployment

Managing PHI in the Cloud Best Practices

Web Protection for Your Business, Customers and Data

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

How To Protect A Virtual Desktop From Attack

AppGuard. Defeats Malware

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide

DLP Content Discovery: Best Practices for Stored Data Discovery and Protection

Endpoint Protection Small Business Edition 2013?

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Securing Your Business s Bank Account

The problem with privileged users: What you don t know can hurt you

It s No Game: Gamification Is Transforming the Call Center

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Configuration Information

AVeS Cloud Security powered by SYMANTEC TM

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Cloud Security: Getting It Right

Symantec Consulting Services

Nine Steps to Smart Security for Small Businesses

10 Reasons Why Yammer is an Effective Onboarding Tool

DIGITAL GUARDIAN 6. The Foundation of Enterprise Information Protection

InterGuard. Incredible and True Case Studies. A whitepaper provided by: InterGuard

The Netskope Active Platform

Cisco IPS Tuning Overview

Enabling Security Operations with RSA envision. August, 2009

How ByStorm Software enables NERC-CIP Compliance

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

INTRODUCING isheriff CLOUD SECURITY

Network Control Meets Endpoint Security

Implementing Endpoint Protection in System Center 2012 R2 Configuration Manager

Campaigner SMTP Relay

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

What Do You Mean My Cloud Data Isn t Secure?

Cisco AnyConnect Secure Mobility Client integration with ISE & SCCM client for patch remediation on windows

HIPAA DATA SECURITY & PRIVACY COMPLIANCE

Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

It s easy to protect our files our school work, our music, our photos, our games everything that we save on our computers from loss by malware.

Activities for Protecting Your Identity and Computer for Middle and High School Students

DATA CENTER SERVICES

Protecting Regulated Information in Cloud Storage with DLP

Symantec Protection Suite Add-On for Hosted and Web Security

Modular Network Security. Tyler Carter, McAfee Network Security

Sophos Endpoint Security and Control How to deploy through Citrix Receiver 2.0

OVERVIEW. Enterprise Security Solutions

Top Four Considerations for Securing Microsoft SharePoint

Malware and Other Malicious Threats

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

Using Gamification in Reward and Recognition to improve Employee Engagement

Protecting personally identifiable information: What data is at risk and what you can do about it

The Sophos Security Heartbeat:

Find the needle in the security haystack

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management

Best Practices for DLP Implementation in Healthcare Organizations

Cloud App Security. Tiberio Molino Sales Engineer

Confidence in a Connected World. MEEC Symantec Product Availability. John Lally MD Education Account Executive John_Lally@symantec.

Why The Security You Bought Yesterday, Won t Save You Today

I N T E L L I G E N C E A S S E S S M E N T

Guide: How to Build a Digital Listing Presentation

DLP Quick Start

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students

A Buyer's Guide to Data Loss Protection Solutions

Endpoint Threat Detection without the Pain

Simplify Your Windows Server Migration

The SIEM Evaluator s Guide

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Data Loss Prevention: A Holistic Approach. Sam D Amore, Principal Information Technology Security Office The Vanguard Group (

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Information Security Threats and Strategies. Ted Ericson Product Marketing - ASI

ONLINE FILE SHARING: WHO S IN CONTROL? Dave Ewart Sr. Director of Product Marketing

On and off premises technologies Which is best for you?

Trend Micro. Advanced Security Built for the Cloud

Features Business Perspective.

Codeproof Mobile Security & SaaS MDM Platform

isheriff CLOUD SECURITY

insided Reward management Drive engagement and increase participation, growth & ROI

5 things to consider when designing a security strategy for the Cloud William Crank, MEDHOST, Blake Sutherland, VP, Enterprise Business, Trend Micro

Check Point Positions

Transcription:

SESSION ID: CRWD-R12 The Gamification of Data Loss Prevention Mark Stevens SVP, Global Services www.digitalguardian.com

Topics We ll Discuss Overview of Gamification Overview of Data Loss Prevention or DLP A Relationship that Needs Mending The IT Security Professional & The End User How to Gamify DLP Introducing DG Data Defenders Game Demonstration How to Make it Happen at Your Organization

What Is Gamification? Gamification is the process of engaging people and changing behavior using game mechanics in a non-game context. It s taking what s fun about games and applying it to situations that maybe aren t so fun. Gabe Zichermann

Could Anything Be Less Fun Than 4

Why Gamification Is On The Rise It works. Gamification has proven to be very successful in engaging people and motivating them to change behaviors, develop skills, or solve problems. It s easy to be effective. Those who use gamification in employee motivation and engagement realize that even a simplistic reward approach (i.e. leaderboards and badges) lead to significant improvements in employee engagement. 5

Success Stories Since the integration of gamification in to Deloitte Leadership Academy, there has been a 37 percent increase in the number of users returning to the site each week. OpenText made it possible for their IT team to earn points and badges by sharing information, contributing to discussions, completing assignments and passing tests and the level of active IT participation was well above 60% which is significantly higher than the current average in the rest of the company. 6

What is DLP? Data Loss Prevention is a software solution designed to prevent potential data breach/data ex-filtration by monitoring, detecting and ensure proper sensitive data handling while in-use (endpoint actions), inmotion (network transmission), and at-rest (data storage). When poor sensitive data handling is observed, DLP solutions employ data protection controls ranging from log to justify to block and alert USERS of their potential and/or past violations. 7

8

Typical Security Professionals Interaction With Idiots Users 9

Why We MUST Change This Dynamic It could take up to 20 years to address the cyber-security skills gap with the worldwide shortage of information security professionals at 1 million openings.(source: Cisco 2014 Annual Security Report) 34.5% of security leaders reported significant obstacles in implementing desired security projects due to lack of staff expertise. (Source: 451 Research) Only 24% of enterprises have 24 7 monitoring in place using internal resources. (Source: 451 Research) The demand for information security professionals is expected to grow by 53 percent through 2018. (Source: Bureau of Labor Statistics)

The Gamification of DLP Can Help! If you have, or are considering, DLP software you will have everything you need! You can gamify your data protection program by leveraging these core DLP features: Policies/Rules User Prompts Reporting E-mail Alerts 12

Data Protection Policies/Rules Set the ground rules for how your employees interact with sensitive data. In your DLP system, policies may be packages that contain sets of conditions, which are made up of transport rules, actions, and exceptions that you create in your DLP Management Console and then activate to inspect employee interactions with sensitive data. Examples: An employee may not e-mail unencrypted social security numbers. An employee cannot screenshot an R&D file coming from a specified secure data store. 13

User Prompts A pop-up dialogue that allows you to inform employees that they may be about to violate one of your data protection policies. Current DLP programs use the security hand slap approach, Gamified prompts should take a more positive spin. 14

Reporting Most DLP solutions have the ability to create custom reports. Typically they are designed to highlight the real or potential bad stuff, with our Game we want to highlight the good stuff (i.e. compliant behavior that improves data protection). 15

E-Mail Alerts Most DLP solutions have the ability to create e-mail alerts to security team members, managers and/or supervisors. Typically they are designed to report policy violations for further investigation, applying gamification requires we highlight compliant behavior that improves data protection as well. 16

Key DLP Players All the 2016 Gartner Enterprise DLP MQ Leaders offer the core features required to replicate our DLP Game, including: Policies/Rules User Prompts Reporting E-mail Alerts

Introducing 18

Objectives of DG Data Defender 1. Address the lack of awareness and individual employee accountability regarding data loss prevention and ultimately change long term behavior. 2. Establish a new data protection language and encourage open dialogue when talking about data loss prevention. 3. Engage end users. Data loss prevention is seen as a dry topic, so we ll establish dynamic, fun and engaging user communications about their positive user behaviors. 4. Measure it s effectiveness at reducing real data risk. 19

Overall Game Premise Make Users Aware. Encourage every employee to make good sensitive data handling decisions and follow published data protection policies. Get them Engaged. Encourage users to display their badges in their workspace (i.e. print them and post in their cube), in e-mail signatures, etc. and engage managers to recognize the good behavior by publishing a monthly Data Defender Leaderboard. Reward Good Behavior.Provide users the opportunity to earn a series of badges to acknowledge their data protection accomplishment(s) and offer modest prizes once key data protection milestones are met (done outside DLP platform). 20

Badges & Policies The Keys To Making DLP Fun

Baby Data Defender Badge Serves as a welcome to the data protection game message and provides the users first badge. Awarded at first e-mail deployed without triggering a policy violation. User Prompt will include the badge image and the printable PDF version of the badge will be automatically emailed from the DLP system to the end user (ideally to be displayed in their workspace). 22

Secure Sender Badge Awarded at the 10 th e-mail sent without triggering a policy violation. Keeps the user engaged as they will likely get two badges on the first day they join the game. 23

Cloud Data Protector Badge Awarded at the 1 st use of corporately approved Cloud Storage Engine like Azure, Box or Citrix. 24

Deputy Data Defender Awarded at the 100 th e-mail sent without triggering a policy violation. Keeps the user engaged as they will likely get a third badge within a week. 25

USB Port Patrol Awarded at the 1st use of corporately approved, encryption-enabled, external storage device. 26

General Data Defender Badge Awarded at the 500 th e-mail sent without triggering a policy violation. The number of clean e- mails sent can vary, we chose 500 th so the user prompts did not become too interruptive. 27

King s Guard of the Crown Jewels Awarded at the 1st use of data obtained from a secure shared drive and correctly stored back on the secure shared drive. Particularly useful for departments that regularly handle regulated data (i.e. PII, PHI and PCI) and intellectual property (i.e. trade secrets). 28

Clean Sweep Badge Awarded upon clean data scan whereby no sensitive data is stored locally on the endpoint. Enforces the need to follow good data at rest procedures (i.e. SSN s, credit card data, etc. should never be stored locally on an endpoint). 29

Squeaky Clean Badge Awarded upon clean system scan where no unapproved applications are present the endpoint. Enforces the idea that unapproved applications can be dangerous. A lot of malware infections happen via downloaded web applications (i.e. waterhole attacks) and should be avoided. 30

Super Secure Sender Badge Awarded at the 1,000 th e-mail sent without triggering a policy violation. Users will be most active in the game through e-mail. Select levels of clean e-mail send badges that are most suited to your organization. 31

Leaderboards & Additional Prizes Keep It Simple! Simple Works! Build a leaderboard report in your DLP solution and publish it out to your organization on a regular basis: Display on a monitor in common spaces (if available). Send via e-mail. Work with HR to offer modest prizes for top performers (i.e. those who accumulate the most badges in a fixed time period): Make them digital for ease of distribution (i.e. digital gift cards that appeal to many tastes Amazon, itunes, Netflix, Fandango, etc.) 32

33

Gamified DLP In Action! Justin Bortnick, Sr. Sales Engineer Digital Guardian 34

Make It Happen At Your Organization If you currently own and operate a DLP solution from Digital Guardian, Symantec, Intel Security, ForcePoint, etc.: 1. Policies/Rules: Start to define your gamified data protection policies that will enforce and reward the actions you want users to take in a positive, non-finger wagging, way. Load policies in your DLP system. 2. User Prompts: work with a designer to develop some fun badges that can be presented when the users treat sensitive data in the appropriate way (or just use the ones we developed I ll share). Upload to your DLP system. 3. Reporting: create a dashboard in your DLP management console that can be viewed by the security team and shared with managers and participating users. 4. E-mail Alerts: write the copy for the various e-mails to be deployed to users with the badge/certificates attached as PDF s for display in their workspace. 5. Announce & Promote the Game: use e-mail, develop posters to display in common areas, etc. and include the prizes that can be earned once you earn a certain level of badges (if you decide to incorporate them).

Make It Happen At Your Organization If you DO NOT currently own and operate a DLP solution from Digital Guardian, Symantec, Intel Security, ForcePoint, etc.: 1. Consider purchasing and implementing one!

Thank You! Questions & Answers Contact Me: Mark Stevens, SVP, Global Services mstevens@digitalguardian.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information