Agile Information Lifecycle: A Customer Journey March 2016 Dan Jennings Veritas Partner Technical Account Manager +44 (0) Veritas Technologies LLC Office: +44 (0) address:
Background Regional Healthcare Company: Protects Sensitive Data 2 GoalsData Insight Benefits Found sensitive data How to protect it? Who should have access? 10 Data centers/sites NetApp (>20K shares) 15,000 users 4M access events/day Key benefit: Decreased open shares and lockdown sensitive files. Identified data owners and notify to resolve non-compliance Located private sensitive data (i.e. medical records) with excessive permissions Accessed activity reports for audit Investigated issues with important folders disappearing Reduce loss of confidential data Secure PII Demonstrate Compliance (HIPAA…) Incident Response
Copyright © 2015 Symantec Corporation3
An Analogy… 4
IT “Service” Today – Silos of Tactical Delivery 5 Service/Application Owners Storage AdministratorsServer Administrators IT Project 1 Inefficiency Separated Infrastructure Isolated Information Siloed Data
Silo Effect – Multiplied. 6 Strategic Inefficiency Separated Infrastructure Isolated Information Business Unit 1 Business Unit 2 Business Unit 3 Business Unit 4
Business Value of Information TIME EXPECTED (+)(+) (-)(-) 37% FILE SHARING > DATABERG! $5M – 1PB 14% clean 32% ROT 54% Dark 7% CDO GOV GAP GAIN VISIBILITY TAKE ACTION ASSUME CONTROL WHAT? WHERE? WHAT TO DO WITH IT? WHO’S RESPONSIBLE? REALIZED Veritas Step Change Governance 7
Zoom in on Storage 8
9
The nuts and bolts – Share Breakdown 10
11 The nuts and bolts – “Duplicate” Files
Copyright © 2015 Symantec Corporation12 The nuts and bolts – Last Accessed
Strategy for Information Management 1 Discover 2 Report and Recommend 3 Execute Policy – Archive & eDiscovery 4 Execute Policy – Data Loss Prevention 5 Execute Policy – Information Delivery 13
Information Management 3 Archive Exchange & Unstructured Value: Efficient storage and management of business information only. Delete irrelevant information On-Prem / Cloud 4 eDiscovery Regulatory &/or Legal Hold Value:Brand protection. Compliance. IT burden reduction. FoI GDPR On-Prem / Cloud 5 DLP with Symantec / Other Value:Prnad protection Privacy GDPR compliance On-Prm / Cloud Target People: IT Security Management, Legal 6 Information Delivery with Veritas Infoscale and Infrastructure Value: OnpPrem, Priv/Pub Cloud, Hybrid 14 Discovery Layer
Strategic Information Delivery 15 Project 2 Business Unit 1 Business Unit 3 Strategic Storage Implementation EfficientStandardised Shared Information Infrastructure Service/Application Owners Storage Administrators Server Administrators Service/Application Owners Storage Administrators Server Administrators Service/Application Owners Storage Administrators Server Administrators
Case Study: Regional Energy Company 16 Background GoalsData Insight Benefits Lacked visibility into who owns what data on shared storage Environment –NetApp® 300 TB –Windows® 100 TB –Regulated design data Identified data owners and bill shared resources to appropriate line of business Reduced stale data, PST files and chose appropriate storage for migrations Locate “Lost Files”; Investigate issues with legally protected data being deleted Evaluated ACLs for Department of Energy protected data Chargeback Data Clean-up Data Forensics Secure Regulated Data
Our Analogy… 17
Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Dan Jennings +44 (0)
Information Social Access Mapping: Who is doing what with data? Dan Jennings Technical Account Manager March 2016
Identify Data Owners 20
Rule-based Inference of Data Owners with Custom Attribute Mapping 21
Track User Activity for Investigations or Audit 22
Policies to Proactively Monitor Sensitive Data Usage 23 Monitor activity to data Select folders or use DLP classification Alert if activity exceeds threshold Monitor activity of users Alert if user activity deviates from baseline Monitor activity to data Select folders or use DLP classification Alert if activity exceeds threshold Monitor activity of users Alert if user activity deviates from baseline Symantec Data Insight 4.0
Social Network Map: Secure Collaboration 24 Detect outliers among users Reduce risk from excessive access permissions
Data Loss Prevention View: Incident and Data Owner Symantec Data Insight John Smith Data Insight
Case Study 26 Background GoalsData Insight Benefits Focus on securing unstructured data Where to start? How to remediate? NetApp, Windows, SharePoint (1PB+) Key benefit: Facilitate investigations for malicious activities Discover Open Shares, Review ownership/activity analysis to drive lockdown without disruption Prioritize DLP scans based on Open Shares report; Identify data owners Identify complex shares, data owners and active departments Identify hotspots or unusual spikes in activity; Data clean-up by type Reduce Open Shares Risk Sensitive Data Clean-up File Shares Consolidation Storage Remediation Large Financial Services Company Remediates Open Shares
Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Dan Jennings +44 (0)
Time & Cost DIaaS Service eXSP 1. Install Two weeks 2. Discover, 3. Report, 4. Recommend Up to three months 28 Low cost design to implement and execute automated storage policies that deliver end-customer business information
What is Information Governance? Copyright © 2015 Symantec Corporation29 Copyright © 2015 Symantec Corporation 29 Copyright © 2015 Symantec Corporation29Copyright © 2015 Symantec Corporation29Copyright © 2015 Symantec Corporation29 …the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs
Information Governance – The risk side Copyright © 2015 Symantec Corporation30Copyright © 2015 Symantec Corporation30Copyright © 2015 Symantec Corporation30Copyright © 2015 Symantec Corporation30 FINANCE 6 Global banks £2.6bn FOREX Conversations on social & Connect MANUFACTURING German Sausage cartel £268m Colluding on price TRAVEL £150k to Information Commissioners Office Data Breach Fine – 1.5m user details HEALTHCARE Torbay Care Trust £175k Personal data published REGULATORS €100m/5% proposed EU fines for Data Privacy Compliance CHARITY £70k due to ‘lost’ data
Emerging EU Data Privacy Laws 1995 Data Protection Directive to be replaced by General Data Protection Regulation (GDPR) – 2017 EU Zone – 28 member countries, 0.5billion citizens producing $18 trillion every year –Mandatory breach notifications - 72 hours and large fines –The ‘Right To Be Forgotten’ - Article 17 –Consumer Profiling Restricted - Data should not used without consent –Be Accountable for your Data - Data Protection Officer (DPO) GDPR aim is to HARMONISE 31
Shifting Sands 32
Background Case Study 33 GoalsData Insight Benefits Found sensitive data How to protect it? Who should have access? 10 Data centers/sites NetApp (>20K shares) 15,000 users 4M access events/day Key benefit: Decreased open shares and lockdown sensitive files. Identified data owners and notify to resolve non-compliance Located private sensitive data (i.e. medical records) with excessive permissions Accessed activity reports for audit Investigated issues with important folders disappearing Reduce loss of confidential data Secure PII Demonstrate Compliance (HIPAA…) Incident Response Regional Healthcare Company Protects Sensitive Data