CA Technologies Data Protection can you protect and control information? Johan Van Hove Senior Solutions Strategist Security Johan.VanHove@CA.com
CA Technologies Content-Aware IAM strategy CA Technologies purchased Orchestria in 2009 Core capabilities of DLP: discovery, content classification & enforcement Support CSU Content-Aware IAM strategy Continued Content-Aware IAM execution Identity & Content: As roles change the control of data is maintained Access & Content: Content-aware access management 2 Security software from CA Technologies Controls identities, their access & how they can use the information they access that s Content Aware IAM!
IT challenges it is all about the unknowns Information Protection and Control Classification and location of sensitive data is not known Authorized or not authorized data users and usage is unknown Appropriate or inappropriate data flow is unknown Data Data relation to compliance is unknown Compounding Factors 3 Data is dynamic and massive Existing business processes can t be hindered Data usage education is not effective Virtualization and cloud amplify the issues Now what?
What do these numbers represent? 69% Of companies send sensitive information over email Source: Ponemon Institute LLC, The Escalating Importance of Email, September 2011 50% 71% 50% Of mission critical documents are stored in companies SharePoint environment Source: OpenText Global 360, How are Businesses using Microsoft SharePoint in the Enterprise? Fall 2011 Market Survey. Companies believe mobile devices have contributed to security events Source: CheckPoint Software Technologies, The Impact of Mobile Devices on Information Security, January 2012 Of global 1000 companies will have stored customersensitive data in the public cloud by 2016 Source: Gartner, Gartner reveals Top Prediction s for IT Organizations and Users for 2012 and Beyond 4
CA data protection solution areas 4 enterprise areas of high data risk EMAIL Mitigate the risk of exposing sensitive information through the accidental, negligent and malicious email communications COLLABORATION Control sensitive information posted, stored and shared in collaboration platforms Cloud Control the storage of sensitive corporate information across the datacenter and cloud MOBILITY Control the distribution and communication of sensitive information via mobile technologies 5
Product Suite
single solution provides best value not 3 but 4 channels of control DATA AT ACCESS DATA IN USE DATA IN MOTION DATA AT REST Classification Classifies content enabling fine grained access controls Endpoint Monitor and control data at the endpoint Network Monitor and control data at network egress points Message Server Monitor and control email at messaging servers Stored Data Scan and manage data on shared folders, file and document repositories, public folders, ODBC sources and other repositories. ENTERPRISE MANAGEMENT Management Platform One management platform with common reporting, data policies and incident review 7
single solution provides best value DATA AT ACCESS DATA IN USE DATA IN MOTION DATA AT REST ENTERPRISE MANAGEMENT Classification Classifies content enabling fine grained access controls Scan, extract and classify content from file servers, databases and repositories Classification of content for consumption by 3rd party software components Web Services API enables external commands and integration of classification data Enables content aware Identity & Access Management Technology Supported: IAM Storage File Servers Collaboration Software SharePoint CA SiteMinder 3rd party software Classification Windows CA Access Control *Future 8
single solution provides best value DATA AT ACCESS DATA IN USE DATA IN MOTION DATA AT REST ENTERPRISE MANAGEMENT Endpoint Monitor and control data at the endpoint Controls email, web, printing and saving data Scans for sensitive data on the endpoint On-line and off-line enforcement Incident-appropriate response upon detection of a violation Educate end-users with an educational popup window to explain company or regulatory policy Scalable to tens and hundreds of thousands of endpoints Endpoint Email Web Save Print App Control Infrastructure Load Gateways Common Services File Scan Management Platform 9
single solution provides best value DATA AT ACCESS DATA IN USE DATA IN MOTION DATA AT REST ENTERPRISE MANAGEMENT Network Monitor and control data at network egress points Controls many protocols (web, email, instant message, ftp, etc) Implemented as a network appliance or integrated to ICAP servers and MTA s Message Server Monitor and control email at messaging servers (MS Exchange and Lotus Notes) Control out bound but also internal, web access and mobile device email Implemented as a component in conjunction with mail servers. Corporate Boundary Message Server Network Appliance Management Platform ICAP/MTA Plug-in 10
single solution provides best value DATA AT ACCESS DATA IN USE DATA IN MOTION DATA AT REST ENTERPRISE MANAGEMENT Stored Data Scan and manage data on shared folders, file and document repositories, public folders, ODBC sources and other repositories. Data Repositories File Shares SharePoint Databases Implemented as a local server or network scan. Discovery/scanning tasks can be executed on-demand or on a specified schedule Highly scalable and distributed architecture Information can be deleted, copied, stubbed or moved to another location Stored Data Management Platform 11
accurate, scalable, and modular DATA AT ACCESS DATA IN USE DATA IN MOTION DATA AT REST ENTERPRISE MANAGEMENT Management Platform Accurate Analysis Fingerprinting Zero False Positives Full fingerprinting Partial fingerprinting Description Minimize False Negatives Modular architecture to expand on demand Scalable Architecture Common reporting, data policies and incident review Address Multiple Use Cases Surveillance and supervision of compliance related information and DLP CA DATAMINDER PROVIDES COMPLETE SET OF DETECTION METHODS TO ACCURATELY DETECT CRITICAL DATA CONTENT REGISTRATION Exact Data Partial Data Fingerprinting CONTEXT ANALYSIS Identity Hierarchy Role CONTENT DESCRIPTION Keywords Stemming Wildcards CONCEPT ANALYSIS Intent Aware Business Aware Absence of Content 12
Technology Partnerships
Partnerships broad technology support protects sensitive information wherever it goes Partnerships Discovery Data Protection Network Protection System Protection Archive Encryption Digital Rights Management Message Server & ICAP Proxy Access Control
iconsole
iconsole Review events for all policies and control points from a single UI Interactive Dashboard with drill-down in charts to individual violations Get a quick status of the risk areas across the company URL access from SIM solutions 16
policy/role-based security and review user hierarchy controls the security applied to data access Reviewer roles control access to policy information and the subsequent audit trail 17
protection ecosystem Flexible Remediation Monitor for violations Warn to educate Quarantine for approval Encrypt valid use Block improper use Digital rights assignment Justification for improper use Replace sensitive data with links Move stored data Delete within unacceptable locations 18
flexible and scalable architecture Network HTTP/S SMTP IM FTP ICAP MTA Message Server Exchange Domino Bloomberg MTA Endpoint Removable Media Print, Screen Print Web Email App Execution File Scanning Stored Data File Shares NAS SharePoint Public Folders MS SQL, Oracle Data Import CA Message Manager 3rd Party Archives Historical Email, IM logs Gateway Scale and Load Balance Gateway Scale and Load Balance Policy Central Management Server Captured Events Review + Dashboards Workflow Policies Reports + Queries Identity / Roles Control Points Unified Platform Pre-Built Templates 19
summary Content Aware IAM CA Technologies is the only IAM vendor with DLP capabilities Identity Centric Approach Understand and leverage the relationship between people and data Complete Control of Data At-access, in-use, in-motion and at-rest Discover, monitor and protect Partner ecosystem Rapid Value Provide accurate analysis driven by flexible, identity-aware policies (accuracy leads to effective DLP) Modular solution 20
Endnotes *Source: Gartner, Magic Quadrant for Content-Aware Data Loss Prevention ; Eric Ouellet, Rob McMillan; August 10, 2011 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from CA. The Magic Quadrant is copyrighted August 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. **Source: Forrester Research, Inc., The Forrester Wave : Data Leak Prevention Suites, Q4 2010 ; October 12, 2010 The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. 21
Thank You 22