3 CONFIDENTIAL Typical Customer Data Leakage Scenario 1 Ferris Research 2, 3 Based on Vontu Risk Assessment Data
4 CONFIDENTIAL Cost of Customer Data Breach Plus potential embarrassment, damage to company’s brand, regulatory fines, and civil lawsuits. 12004 Ponemon Institute Customer Trust Study 2Including incentives (e.g. free credit report), notification, PR and customer support costs
5 CONFIDENTIAL Vontu Protect Data Firewall software to accurately identify, report and help prevent confidential customer and company information leakage.
6 CONFIDENTIAL Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment
7 CONFIDENTIAL Monitor outbound flow of information Support email, web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points Monitor outbound flow of information Support email, web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points
9 CONFIDENTIAL Executive Summary Report Policy Trends for a Period Top Policy Violations Incident Status Incidents with most matches
10 CONFIDENTIAL Secure Data Profiles Drive Accuracy Heuristics are limited to approximate guesses. SDPs drive exact matches. False positive: not customer Social Security number False positives: not Social Security numbers False positives: not Social Security numbers Usernames, passwords, customer names can only be detected with SDP Known customer record fields
11 CONFIDENTIAL Goal –Executive “mandate” to monitor for customer data loss (RFP) –Regulatory requirements (PATRIOT Act, CA SB1386) –Enforce other “acceptable use” policies Configuration –Real-time scan of SMTP, HTTP, IM, and FTP for customer NPI –Geographically distributed system Results –Amount of leakage dramatically decreased –Monitoring over 10GB of email and web mail traffic in U.S. per day –Global rollout to monitor to over 150k employees worldwide –NPI incident detection and response process in place Fortune 25 Bank Case Study
12 CONFIDENTIAL Balancing employee privacy vs. consumer privacy Complexity of incident remediation for insider issues Confusing regulatory environment Classifying and identifying confidential information Consistent policies across all channels, not just email Slow adoption of encryption and DRM technologies Challenges and Opportunities
Michael Wolfe email@example.com (415) 227-8107
Your consent to our cookies if you continue to use this website.