Securing Content Management Systems

Similar documents
A Buyer's Guide to Data Loss Protection Solutions

Protecting Data-at-Rest with SecureZIP for DLP

CA Technologies Data Protection

Websense Data Security Solutions

Symantec DLP Overview. Jonathan Jesse ITS Partners

10 Building Blocks for Securing File Data

RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively

Data Classification Technical Assessment

How APIs Turned Cloud on Security on Its Head

The Information Leak Detection & Prevention Guide

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Empowering Your Business in the Cloud Without Compromising Security

McAfee Data Protection Solutions

How to Secure Your Environment

Data Loss Prevention. Keeping sensitive data out of the wrong hands*

From perimeter-based to data-centric security. Why and How we walked that way!? Christian Schmalisch, Business Development IMTF

Top Four Considerations for Securing Microsoft SharePoint

Comodo MyDLP Software Version 2.0. Administration Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

: RSA 050-V60X-CSEDLPS. : CSE RSA Data Loss Prevention 6.0. Version : R6.1

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

Improving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Data Protection McAfee s Endpoint and Network Data Loss Prevention

TRITON - Data Security Help

RightsWATCH. Data-centric Security.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink

OWIS. Workflow management

DLP Quick Start

A Practical Guide to Improving PCI Compliance Posture

HiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

Data Loss Prevention Program

Architecture for ACSI33 security requirements. Implementation using janusseal and Clearswift MIMEsweeper

SM B13: Symantec Data Insight Ketan Shah, Principal Product Manager John Dodds, Director Technical Product Manager

WHITE PAPER. Stay ahead (of data leak) with Data Classification and Data Loss Prevention

ITAR Compliance Best Practices Guide

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

10 Things IT Should be Doing (But Isn t)

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

How To Integrate Identity And Security With A Network-Based Business Process

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

KEEPING UNSTRUCTURED DATA SECURE IN AN UNSTRUCTURED WORLD

Building a Security Program that Protects an Organizations Most Critical Assets

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Fight fire with fire when protecting sensitive data

AB 1149 Compliance: Data Security Best Practices

Compliance and Security Solutions

Top 10 Features: Clearswift SECURE Gateway

EverSuite. Enterprise Content Management Solutions. Capture. Manage. Store. Preserve. Publish

Telemedicine HIPAA/HITECH Privacy and Security

Securing enterprise collaboration through and file sharing on a unified platform

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

The Cloud App Visibility Blindspot

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Data Loss Prevention: Keep Sensitive Data-In-Motion Safe

How to Grow and Transform your Security Program into the Cloud

Five Tips to Ensure Data Loss Prevention Success

Always Worry About Cyber Security. Always. Track 4 Session 8

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

AlwaysMail. Sector 5. Cloud

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

White Paper. Managing Risk to Sensitive Data with SecureSphere

Towards End-to-End Security

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Extreme Networks: A SOLUTION WHITE PAPER

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION S MOST CRITICAL ASSETS

User Driven Security. 5 Critical Reasons Why It's Needed for DLP. TITUS White Paper

Information Technology Cyber Security Policy

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

Proven LANDesk Solutions

APERTURE. Safely enable your SaaS applications.

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

5THINGS COMPANIES THINK

Ensuring Security and Compliance of Your EMC Documentum Enterprise Content Management System: A Collaborative Effort of EMC Documentum and RSA

DJIGZO ENCRYPTION. Djigzo white paper

74% 96 Action Items. Compliance

GOING BEYOND BLOCKING AN ATTACK

Total Protection for Compliance: Unified IT Policy Auditing

White paper. Five Key Considerations for Selecting a Data Loss Prevention Solution

Christine M. Frye, CIPP/US, CIPM, Chief Privacy Officer, Bank of America

Uncover security risks on your enterprise network

The Impact of HIPAA and HITECH

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Web Security Update. A Radicati Group, Inc. Webconference. The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited

How Digital Rights Management improves Data Loss Prevention

CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

2H 2015 SHADOW DATA REPORT

CIPHERMAIL ENCRYPTION. CipherMail white paper

PREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents

Microsoft in an Integrated. Update. decisions faster. Presented by Steve Studer for the AIIM

Cyber and Mobile Landscape, Challenges, & Best Practices

Transcription:

Securing Content Management Systems The Next Frontier in Leakage Prevention 1

Terms and Definitions 2

Leakage/Loss Prevention (DLP) Technology, products, or services that prevent sensitive information from being exposed Types of DLP Systems: Network DLP Typically installed on network egress points to monitor and enforce (if needed) on traffic leaving a perimeter Endpoint DLP - Scanning and enforcement on end-user devices, such as, Laptops, servers, mobile devices, SMTP DLP Scanning and enforcement on Mail Gateways targeting inbound/outbound mail inspection 3

Unstructured Information that either does not have a pre-defined data model and/or does not fit well into relational tables. Typically text-heavy, but may contain data such as dates, numbers, and facts as well. (source: Wikipedia) Examples: Excel, Power Point, PDF, Open Document Format (ODF), plain text, 4

Content Management Systems (CMS) Computer program that allows publishing, editing and modifying content as well as maintenance from a central interface. Such systems of content management provide procedures to manage workflow in a collaborative environment. (source: Wikipedia) Can also be referred to as Repositories Examples: Wikis, web based file storage (documentation, ), etc Very important for Social Collaboration 5

End of Definitions 6

Typical DLP Coverage Organizations Intranet SMTP (mail) DLP repository A repository B repository C Enterprise Content Management Systems Employees and Applications share files External facing traffic e.g. Google search Mail Server Internet Endpoint DLP Network DLP 7

Typical DLP Coverage Organizations Intranet SMTP (mail) DLP repository A repository B repository C Employees and Applications share files Enterprise Content Management Systems Is there a problem with this picture? External facing traffic e.g. Google search Mail Server Internet Endpoint DLP Network DLP 8

Is There Something Still Exposed? Organizations Intranet SMTP (mail) DLP repositories repository A repository B repository C Enterprise Content Management Systems Employees and Applications share files External facing traffic e.g. Google search Mail Server Internet Endpoint DLP Network DLP 9

What Would a Hacker or Malicious Person Do? Organizations Intranet repository A public PII SPI Confidential Private repository B repository C SMTP (mail) DLP Enterprise Content Management Systems Employees and Applications share files External facing traffic e.g. Google search Mail Server Internet Endpoint DLP Network DLP Export SPI, Confidential, 10

Latest Themes in Protection Move security closer to data (source: IDC DLP Report 12/2011) Involve data owners in DLP Strategy (source: Aberdeen Group 05/2012) 11

Properties of Content Management System Owner centric each file has one or more owner(s) Each file has Access Controls List (ACL), such as, Public, Private, or Controlled share APIs to CRUD file meta data, access controls, and file content (REST, SOAP, ) 12

Can Known CMS Properties Help Secure it? 13

1. Automated centralized file content scanning/classification Classifiers SPI PII Confidential Enterprise Repositories repository A repository B repository C Multiple scanners per data repository Use Repository APIs to access data/files 14

2. Engage Content Owners in Violation Remediation Engage content owner(s) to handle any content found in violation e.g. email owner if Business Sensitive file is found without Access Controls; avoid IT security guy chasing them manages Judy File Name File Owner(s) Classification Access Controls MyFile1.ppt Bob Sensitive Public MyFile2.ppt Alice Sensitive Public Bob manages Jack Alice 15

3. Automated Risk Remediation There will always be delinquent users Let the system close the gap using Repository APIs e.g. public file with violation(s), the system can make it private via API usage 16

The Result: Secured Content Management Systems Organizations Intranet repository A public Non-sensitive data Private PII SPI Confidential repository B repository C SMTP (mail) DLP Enterprise Content Management Systems Employees and Applications share files External facing traffic e.g. Google search Mail Server Internet Endpoint DLP Network DLP Export NON-sensitive data 17

Proper Ways to Secure Unstructured Repositories Tell employees about data repository scanning and why you are implementing it Central content classification to be used for all data repositories Automated remediation Involving content owners in the remediation process, even as simple as email notification or escalation Empower content owner Provide violation evidence (e.g. you put Company Confidential in this file) Provide evidence location (e.g. pages 2, 4, 5, 6) 18

It is important in social collaborative environment not to threaten collaborators (users) and cause them to stop sharing. A delicate balance between user sharing and sensitive assets protection is needed. 19

20

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information