Question : Why do F1 cars have the biggest brakes ? Answer : Because they need to go the fastest.
Protect Infrastructure or protect information ?? Lessons from Wikileaks Presentation at NullCon 2011, Goa Vishal Gupta Seclore
TELEMARKETER Information exchange in the collaborative world Information is exchanged between Employees of the organisation Enterprise CUSTOMERS VENDORS Information is exchanged between employees & vendors & employees & customers Competitors What happens if an employee with privileged access leaves to join a competitor ? What happens if information shared with a vendor is lost by the vendor ? VPN SSL UTM Firewall … Firewalls
The compromise... Increasing risks of systems and data Decreasing availability of systems and data Data Center Enterprise + Partners Enterprise The world Decreasing control and protection over data
Underlying Issues Share it = It becomes his (also) Ownership and usage cannot be separated Shared once = Shared forever Impossible to recall information Out of the firewall = Free for all Technology & processes are only applicable within
The Result
Create Store Transmit & collaborate UseArchive & Backup Delete DLP Anti-virus Anti-… Hard disk encryption SSL UTM Application security IDM DLPVaultsDigital shredders DesktopsLaptops Heterogeneous policies … Heterogeneous infrastructure Mobile devices Removable media Content Management Online workspaces Remote desktops Information lifecycle … Shared folders Removable media Instant Messaging DesktopsLaptops Mobile devices Archive Backup Document retention Security NTFS
Unstructured information security Option 1 : Control Distribution... Security Collaboration
Unstructured information security Option 2 : Control Usage... Security Collaboration Right Location Right Time Right Action Right Person
WHO can use the information People & groups within and outside of the organization can be defined as rightful users of the information WHAT can each person do Individual actions like reading, editing, printing, distributing, copy-pasting, screen grabbing etc. can be controlled WHEN can he use it Information usage can be time based e.g. can only be used by Mr. A till 28th Sept OR only for the 2 days WHERE can he use it from Information can be linked to locations e.g. only 3rd floor office by private/public IP addresses IRM systems allow enterprises to define, implement & audit information usage policies. A policy defines : Information Rights Management Policies are persistent with data, dynamic & audit-able
Lessons from Wikileaks Content is King security supposed to be like s security 1 Thou shall focus on protecting the information …because no wall is too high 3 Thou shall listen to dad & not watch TV beyond 7 pm 2
About … Seclore is a high growth information security product company focused on providing Security without compromising collaboration Seclores flagship product Seclore FileSecure is used by More than 1 million users & some of the largest enterprises
Contact Vishal Gupta