Presentation is loading. Please wait.

Presentation is loading. Please wait.

IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

Similar presentations


Presentation on theme: "IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy."— Presentation transcript:

1 IAPP 2004

2 2 CONFIDENTIAL Insider Leakage Threatens Privacy

3 3 CONFIDENTIAL Typical Customer Data Leakage Scenario 1 Ferris Research 2, 3 Based on Vontu Risk Assessment Data

4 4 CONFIDENTIAL Cost of Customer Data Breach Plus potential embarrassment, damage to company’s brand, regulatory fines, and civil lawsuits Ponemon Institute Customer Trust Study 2Including incentives (e.g. free credit report), notification, PR and customer support costs

5 5 CONFIDENTIAL Vontu Protect Data Firewall software to accurately identify, report and help prevent confidential customer and company information leakage.

6 6 CONFIDENTIAL Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment

7 7 CONFIDENTIAL Monitor outbound flow of information Support , web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points Monitor outbound flow of information Support , web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points

8 8 CONFIDENTIAL Example Customer Data Incident

9 9 CONFIDENTIAL Executive Summary Report Policy Trends for a Period Top Policy Violations Incident Status Incidents with most matches

10 10 CONFIDENTIAL Secure Data Profiles Drive Accuracy Heuristics are limited to approximate guesses. SDPs drive exact matches. False positive: not customer Social Security number False positives: not Social Security numbers False positives: not Social Security numbers Usernames, passwords, customer names can only be detected with SDP Known customer record fields

11 11 CONFIDENTIAL Goal –Executive “mandate” to monitor for customer data loss (RFP) –Regulatory requirements (PATRIOT Act, CA SB1386) –Enforce other “acceptable use” policies Configuration –Real-time scan of SMTP, HTTP, IM, and FTP for customer NPI –Geographically distributed system Results –Amount of leakage dramatically decreased –Monitoring over 10GB of and web mail traffic in U.S. per day –Global rollout to monitor to over 150k employees worldwide –NPI incident detection and response process in place Fortune 25 Bank Case Study

12 12 CONFIDENTIAL Balancing employee privacy vs. consumer privacy Complexity of incident remediation for insider issues Confusing regulatory environment Classifying and identifying confidential information Consistent policies across all channels, not just Slow adoption of encryption and DRM technologies Challenges and Opportunities

13 Michael Wolfe (415)


Download ppt "IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy."

Similar presentations


Ads by Google