WIXLIB

Leave it to the expertsHow to implement andmanage Data Loss PreventionMatt Adams15 November 2012 2012 Deloitte LLP. Private and confidential.

IntroductionJoined Deloitte in 2006Service Lead – Information ProtectionTechnologies DLP Data classification Mobile securityCLAS, CISSP, CISM, ISO 27001 Lead Auditor2Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Agenda Introduction to Deloitte Information Protection Technologies‒ Observed trends‒ Capabilities DLP Case Study‒ Stakeholder engagement‒ Project approach‒ Lessons learned Partnering summary Q&A3Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Information Protection TechnologiesService Overview4Presentation title 2012 Deloitte LLP. Private and confidential.

Information Protection TechnologiesWhat we’re seeing. Organisations have deployed a range of „point solutions‟designed to protect sensitive information. Key challenge to ensure these solutions deliver ongoingbusiness value and secure business data. Point solutions can be difficult to integrate to achieve„defence in depth‟. Effectiveness of solutions can be eroded over time ifconfigurations and rule sets are not maintained. Resource limitations can prevent organisations from realisingthe full benefits of solution capabilities and reporting.5Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Information Protection TechnologiesHow are we helping our clients.? Team of information protection specialists, certified byleading vendors. Focussing on maximising the business value of existing andplanned implementations of information protection solutions. Leveraging combined experience of delivering projects forother leading organisations. Combining technical SME‟s with knowledge and insight frombusiness representatives. Providing access to our Information Protection Laboratory fordemos and testing.6Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Deloitte Information Protection LabShared Services InfrastructureMTASharePoint2010File ServerActiveDirectorySame virtual mantecDLP clientInternal network – Information Protection Lab – LAN AddressOracleIRMDLPVendorsVaronisPGP Universal(SMTP Gateway)Information Protection7Leave it to the experts: How to implement and manage DLPOracleDatabaseMS SQL2010Shared Database ServicesOracle IRMclientVaronisWorkstations/clients 2012 Deloitte LLP. Private and confidential.

Symantec Data Loss PreventionClient case study8Presentation title 2012 Deloitte LLP. Private and confidential.

Engagement OverviewClient ProfileDeloitte Role Leading multi-channelmedia company. Identify sensitive business data andassociated business users. National and regionalnewspaper titles plus aportfolio of more than200 websites. Account for changes in data flows as a resultof cloud and consumer device initiatives. Part of a global B2Band consumer mediagroup. Perform a DLP risk assessment againstexisting practices and controls. Lead workshops with business stakeholders. Produce high-level technical design. Manage a phased deployment of networkand endpoint DLP, data classification andinformation rights managementtechnologies.9Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Managed DLP ndor(Symantec)10ManagedDLPLeave it to the experts: How to implement and manage DLPManagedServicesProvider 2012 Deloitte LLP. Private and confidential.

Project StakeholdersClient ProjectLeadBusinessUnit RepsDeloitteProject TeamTechnologyVendors11Leave it to the experts: How to implement and manage DLPManagedServiceProvider 2012 Deloitte LLP. Private and confidential.

Project Outline - DLPNetwork Monitorfor Email and Web05/1107/1110/1101/1204/12DLP RiskAssessment07/12Network Preventfor Email and WebPhase 1(Passive)Phase 2(Active)EndpointDiscoverEndpointPrevent12Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Risk AssessmentObjectiveIdentify whether there is an issue with data leakage frombusiness systems and determine possible causes.Approach Deploy Symantec DLP Risk Assessment tool to scanoutbound emails, including attachments. Tailored search criteria developed by Deloitte incollaboration with client IT Risk team and businessrepresentatives. 5,000 email addresses monitored. Four consecutive weeks.Results13 Identified a large number of significant breaches of theData Protection Act. Observed a range of company confidential documentsbeing sent to external email addresses. Recommended improvements for remote working andinformation sharing with third-parties.Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Phase 1 – Passive MonitoringBusiness UnitWorkshopsDefine BusinessProcessesCreate Policies /Rule SetsDesign DLPInfrastructureDefine TargetOperating ModelTest DLP ToolGo Live14Understand business context of sensitive dataprocessing. Identify business requirements.Analyse output from workshops and agree what„normal‟ looks like.Specific rules for each business unit.Deloitte collaborated with client IT personnel andmanaged service provider to identify optimum networklocations to deploy DLP.Deloitte provided input based on good practice in otherleading organisations.Deloitte provided a technical review of the tool,presenting results to business unit reps for feedback.Iterative process of reviewing DLP output and refiningrules to optimise output.Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Phase 2 – Active MonitoringBusiness UnitWorkshops15Gain feedback from key stakeholders.Further PolicyRefinementUpdate baseline policies and define additionalbaseline policies for web monitoring.Tool and PolicyTestingCreation of test plan and scripts, including updatedbaseline email / web policies and response rules.Refine TargetOperating ModelUpdate Target Operating Model with workshop inputfrom key stakeholders.Alerting TestingConfiguration and testing of DLP alerting andmessaging workflow.Alerting Go LiveContinue to update and refine rule sets.Transition to BAU.Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

DLP Essentials16Ensure businessdefines teams /employees to bemonitoredOverall projectsponsorship shouldcome from thebusiness, not ITIdentify key riskswith business unitsDon‟t be tempted bya „catch-all‟approachThink about worstcase scenariosLet the businessdefine keywordsand key phrases formonitoringEnsure regularprocesses that maytrigger DLP areaccounted forDefine a clear targetoperating modelPlan your incidentremediationstrategyConsider engagingan experienceddelivery partnerLeave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Partnering for success17Presentation title 2012 Deloitte LLP. Private and confidential.

Partnering for greater valuePoint solutionsIT entationexperienceFlexible pool ofSMEsDELOITTE VALUECLIENT CHALLENGES18Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Why Deloitte? We are a global strategic partner with leading vendors of information protectiontechnologies Symantec Security Partner of the Year 2012 (EMEA) Enterprise Solution Provider for Symantec DLP Wealth of experience in supporting clients to deploy and manage solutionsthroughout the information protection lifecycle, including: 19Data Loss PreventionData Access GovernanceData ClassificationData EncryptionInformation Rights ManagementMobile Device ManagementLeave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Why Deloitte?Our security and IT risk consulting services areindependently recognised as world leading.“In Forrester’s 75-criteria evaluation of information securityand risk consulting service providers, we found that Deloitteled the pack because of its maniacal customer focus and deeptechnical expertise.”Our peopleAt Deloitte, our global team can draw on the experience of; 11,000 risk management and security, privacy and resiliencepractitioners 16,000 risk consulting professionals 210 computer forensics examiners 11,530 human capital consulting professionals53 Security & Forensics labs locatedstrategically across the globeOur skills ISACA: Over 8,000 involved with ISACA; approximately 2,000 certifiedas CISA, CISM, & CGEIT ISC2 : Over 1,100 CISSPs BSI: 150 trained lead system auditors IAPP: Privacy certified practitioners PMI: PMP certified practitioners20Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Questions?Please feel free to ask questions now, or get incontact with me through the followingaddresses.Email: mattradams@deloitte.co.ukTwitter: @mattrwaAlternatively, please come along to the Deloittestand (PL1) in the Expo Hall.21Leave it to the experts: How to implement and manage DLP 2012 Deloitte LLP. Private and confidential.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, and its network of member firms,each of which is a legally separate and independent entity. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL andits member firms.Deloitte LLP is the United Kingdom member firm of DTTL.This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out willdepend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any ofthe contents of this publication. Deloitte LLP would be pleased to advise readers on how to apply the principles set out in this publication to their specificcircumstances. Deloitte LLP accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of anymaterial in this publication. 2012 Deloitte LLP. All rights reserved.Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New StreetSquare, London EC4A 3BZ, United Kingdom. Tel: 44 (0) 20 7936 3000 Fax: 44 (0) 20 7583 1198.Member of Deloitte Touche Tohmatsu Limited 2012 Deloitte LLP. Private and confidential.

Varonis Varonis Oracle IRM client SharePoint 2010 Active Directory Shared Services Infrastructure Information Protection Shared Database Services MS SQL 2010 Titus client Symantec DLP client Workstations/clients Workstations/clients PGP Universal (SMTP Gateway) File Server S a m e v i r t u a l b o x Leave it to the experts: How to implement and manage DLP . Deloitte UK screen 4:3 (19.05 cm x .