you can't teach an old dog new tricks

Download You can't teach an old dog new tricks

Post on 15-Apr-2017

161 views

Category:

Software

2 download

Embed Size (px)

TRANSCRIPT

Best Practices for an Information Control Policy

You Cant Teach an Old Dog New TricksThe fallacy of the Secure Perimeter approachWebinar, Tuesday June 23rd 2015

1

Introductions & House RulesEffective Data Protection Requires ChangeTackle the compromised security perimeter via Data-centric information securityRightsWATCH Live DemoQuestions & AnswersTuesday June 23rd 20152AgendaWEBINAR: "You Cant Teach an Old Dog New Tricks"

2

Eric HanselmanEric is the Chief Analyst at 451 Research. He has an extensive, hands-on understanding of a broad range of IT subject areas, having direct experience in the areas of networks, virtualization, security and semiconductors. He coordinates industry analysis across the broad portfolio of 451 research disciplines.

Rui Melo BiscaiaRui serves as the Director of Product Management for Watchful Software, and is responsible for the company's product direction and go-to-marketTuesday June 23rd 20153IntroductionsWEBINAR: "You Cant Teach an Old Dog New Tricks"

You are muted centrally. You dont need to mute/unmute yourselfThis webinar is being recorded. The recording will be available tomorrow at www.watchfulsoftware.com The Q&A session will be at the endYou are welcomed to enter questions anytime, using the Chat feature in the GoToWebinar Control Panel4Some House RulesTuesday June 23rd 2015WEBINAR: "You Cant Teach an Old Dog New Tricks"

4

Introductions & House RulesEffective Data Protection Requires ChangeTackle the compromised security perimeter via Data-centric information securityRightsWATCH Live DemoQuestions & AnswersTuesday June 23rd 20155AgendaWEBINAR: "You Cant Teach an Old Dog New Tricks"

5

You Can't Teach an Old Dog New TricksEffective Data Protection Requires ChangeEric Hanselman, Chief Analyst

Security Protections are More Critical Than EverToo many examples of data breachesThe world has changedProtections have to changeData is the most valuable asset and the easiest to lose

7

Were Still Buying Lots of SecurityBudgets and purchasing expectations are up

Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 20148

But Were Changing What We BuyChasing effective mitigationsSource: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014Q. How will your spending on this technology change in 2015 as compared to 2014? n=210 to 213. Data from respondents not using the technology or that don't know about spending are hidden. 9

Focusing On Data for Effective ControlsEncryption has to be applied effectivelyIntegrating encryption into useBecoming transparent to usersScalable policy controlsLong standing data classification complexityDelegating policy elementsDealing with transitionProtections for existing data

10

Utilization of Encryption in Organizations

Q. Since you are using encryption, where is encryption used within your organization? Check all that apply. n=169.Source: Information Security Wave 17 2015 451 Research LLC.11

WHO: Eric w/ Matt chiming in11

To be Effective, There Has to be VisibilityTraditional tools are challengedFewer points to observeIncreasing encryption useMobile users are beyond view and controlsActivity-based controls face user resistance

We have to look to different ideas for protection

12

Introductions & House RulesEffective Data Protection Requires ChangeTackle the compromised security perimeter via Data-centric information securityRightsWATCH Live DemoQuestions & AnswersTuesday June 23rd 201513AgendaWEBINAR: "You Cant Teach an Old Dog New Tricks"

13

Tackle the compromised security perimeter via Data-centric information securityRui Melo Biscaia, Director of Product Management

Accidental disclosure (e.g., via the internet)Malicious codeImproper or accidental disposal of records or portable equipmentInsider ThreatIts not a matter of if but whenIts not really about databases anymoreHackers arent the greatest threatThis doesnt have to keep happeningTuesday June 23rd 2015WEBINAR: "You Cant Teach an Old Dog New Tricks"15

Well IntentionedInsider MaliciousInsider

Disgruntled employeeProfit-seeking employeeA Former employee

15

Data-centric Security16WEBINAR: "You Cant Teach an Old Dog New Tricks"Tuesday June 23rd 2015

GOVERNANCE

PROTECTION

LOSSPREVENTION

CLASSIFICATION

Data-centric Security17WEBINAR: "You Cant Teach an Old Dog New Tricks"Tuesday June 23rd 2015

GOVERNANCE

PROTECTION

LOSSPREVENTION

CLASSIFICATION

to enhance compliance

to apply policies

to decrease liability

to uphold policies

17

New Perimeter Spectrum18Tuesday June 23rd 2015WEBINAR: "You Cant Teach an Old Dog New Tricks"

Introductions & House RulesEffective Data Protection Requires ChangeTackle the compromised security perimeter via Data-centric information securityRightsWATCH Live DemoQuestions & AnswersTuesday June 23rd 201519AgendaWEBINAR: "You Cant Teach an Old Dog New Tricks"

19

RightsWATCH Live Demo20WEBINAR: "You Cant Teach an Old Dog New Tricks"Tuesday June 23rd 2015

Introductions & House RulesEffective Data Protection Requires ChangeTackle the compromised security perimeter via Data-centric information securityRightsWATCH Live DemoQuestions & AnswersTuesday June 23rd 201521AgendaWEBINAR: "You Cant Teach an Old Dog New Tricks"

21

You Cant Teach an Old Dog New TricksQuestions & AnswersWebinar, Tuesday June 23rd 2015

22

You Cant Teach an Old Dog New TricksThe fallacy of the Secure Perimeter approachWebinar, Tuesday June 23rd 2015

23