If recent history teaches us anything it is that confidential information is not secure in its traditional form and access to information is not controlled at all.
So it’s not a question of if your sensitive is going to be leaked, but rather, when it will.
We have been witnessing several situations like this in recent times…
Other examples:
NSA
G20
Sony
HSBC
...
In 2015, the number of business emails sent and received per user per day totals 122 emails per day. This figure continues to show growth and is expected to average 126 messages sent and received per business user by the end of 2019.
In 2015, having an average of about 34 emails sent by employee each day, an average organization of 5k employees sends each year over 38 million emails.
Assuming that ONLY 10% of these emails are sensitive in nature, this means that your organization’s exposure (on emails only) is almost 4 million emails each year!
http://www.radicati.com/wp/wp-content/uploads/2015/03/Email-Statistics-Report-2015-2019-Executive-Summary.pdf
RightsWATCH is centered on allowing organizations to control and protect their sensitive and confidential information, and to protect against information leakage, by dynamically applying the defined IPC (Information Control Policy) to all types of unstructured information (emails, documents, spreadsheets, presentations, etc.) as that information is created.
To successfully implement a policy-driven classification process, your organization must answer a few questions…
how RightWATCH addresses and complements every major security topic/needs of any organization:
Data Classification & Labelling: all sensitive data must be classified and labelled accordingly
This means that it’s put into its appropriate category depending on it’s criteria
This could be based on Content, Context and Metadata
Once if falls into a classification, it’s labelled appropriately with headers, footers, watermarks, legal jargon, etc. to protect the organization
It should also have its metadata tagged to allow tracking and forensics
2. Legacy Data: this is addressed by RW’s Global Protector feature
Global Protector feature has information security policy rules embedded. Thus, companies can use Global Protector classification legacy files according to the defined content, context and metadata aware policy rules established by the corporation.
3. Data Loss Prevention: By deploying RightsWATCH together with a DLP, enterprises will enhance the broad, effective application of protection and governance policies across the entire enterprise IT ecosystem, and throughout all the phases of the data life cycle.
4. Rights Management: RightsWATCH’s policy driven engine allows a company to set up different policy rules to be applied only to designated users or groups of users. Thus, enterprises are able to segregate and decide to which individual users or Active Directory (AD) group of users the policies are to be applied.
- Role-based policy rules (RBPR) applicability allows a corporation to “escape” the limitations of a “one-type-fits-all” approach to policy rules. Leveraging RBPR will have the appropriate policy rules applied to the data depending on the organizational unit, project and/or department to which the user belongs.
5. Mobile Devices: RW keeps sensitive information safe in a BYOD world, by extending Information Protection & Control to Smartphones and Tablets such as iPhone, iPad, Android, and BlackBerry platforms
6. Data Analytics: Enterprises running RightsWATCH and SIEM tools are able to leverage them to correlate events and generate dashboards, alarms and reports, knowing in real time who is doing what, when, and how with classified information.
Start with Increased Security and go clockwise.
Give examples of features related to each topic, for example:
Increased Security:
- Protection extended to mobile (addressing the BYOD paradigm and supporting MDM software)
Improved Compliance:
- Also covers legacy files (with the Global Protector capability)
Increased Productivity:
- Flexible re-classification (using ITA, for example)
Decreased Costs:
- Cost of auditing (refer to the Monit console capability)
Explain the data classification process (automatic & user-driven) and the labelling (marks & tags) capabilities of RightsWATCH.
Refer the consistent interface of RightsWATCH across all platforms (oulook, office, pdf…)
ITA gives the possibility of automatic file re-classification:
-> ITA allows automatic update of the classification of Microsoft Office files after a specified date in the future
1. The IT Manager defines the allowed options and permissions for any given level, scope and user role, according to corporate policies
2. The user is able to define the ITA time frame for a given file, according to corporate policies
-> ITA is particularly interesting in situations in which classification levels are related to projects/initiatives that have an expiration date and/or whose sensitivity decreases/increases after a specific day in the future
-> ITA applies only to and from non-RMS encrypted levels of classification
The User/company has unclassified legacy data files in his/her desktop, shared network drive, or cloud based drive
Existing legacy files need to be classified according to the company’s defined information security policy
GP Web is an HTTP(s) proxy that enables to automatic classify files, based on the defined content, context and metadata aware policy rules.
The RW GP Web is a software component that is installed on an IIS - Internet Information Services web server, and operates independently of any agent and/or plug-in (COM Add-on) running on the endpoint.
With the RW GP Web, MS Office files are classified when “leaving” (i.e. being exported/downloaded from) the web server, being the process completely “transparent” to the end user.
Warning Policy Rule: An alert is shown for user educational and training purposes. The user will be able to save the file or send the email
Blocking Policy Rule: An alert is shown to the user and, independently of the chosen classification level, the file won’t be able to be saved or the email won’t be sent
Tagging for DLP:
Uniting RightsWATCH and DLP, enables enterprises to have mechanisms to discover information, monitor its flow and protect it to prevent exfiltration (intentional or inadvertent), to ensure compliance with information security and access policies, and to maintain an audit trail for control and compliance.
Combining RightsWATCH classification with a Data Loss Protection system allows enterprises to:
Remind users of information management policies as the information is created;
Enforce the policies – tag, watermark, append headers, add metadata – before the data leaves the endpoint;
Track where what type of unstructured data is being created, and by whom;
Streamline information classification and protection across the extended enterprise (BYOD).
Option 1) Remove the recipient(s) from the recipients list, and then send the email
Option 2) Downgrade the classification level of the email being sent so that all recipients are able to open and read it
Option 3) Ignore the warning and send the email anyway
MDM solutions allows IT to leverage existing enterprise resources such as email, content repository, security certs and identity management, and enables the use of both corporate owner or employees devices in the enterprise.
Single Sign-on and PIN Authentication - Users need only enter a single secure password (or PIN) to gain access to all MDM enabled apps.
Automatic App Configuration for Users – Distribute mail login and server URL information centrally via MDM. When RightsWATCH is first deployed, users are not required to enter complicated email configuration information.
AppTunnel Integration – Secure, app specific VPN connectivity over SSL that is invisible to the user
Secure Data Removal - If a phone is lost or stolen, the app and all its data can be selectively wiped
Device Pinning – Only allow corporate users to log on to an App on a device that is authorized by the MDM.
The RightsWATCH monitoring interface will continue to exist and be available, except for the “Dashboard” TAB which is in a phase out process until the end of 2015, after which will no longer be supported by Watchful Software
RightsWATCH delivers a manual on how to integrate booth tools and a configuration file that allows for the SYS Admin to have predefined metrics and analytics being shown in the SIEM interface
Splunk® is able to understand and reason over the logged events from RightsWATCH
Splunk® leads the market in providing tools to search, monitor, and analyze machine-generated big dat
Enterprises running RightsWATCH and Splunk® are able to leverage Splunk® to correlate events and generate dashboards, alarms and reports, knowing in real time who is doing what, when, and how with classified information.
Further support for other SIEM tools, such as ArcSight (from HP), QRadar (IBM), PowerBI (Microsoft), etc… is already planned for future releases
Answers:
1) It can enforce corporate policies and not rely on users to know, understand, reason with or be willing to apply policies to data
2) It allows data to be shared via any media and still uphold corporate policies
3) It does not impact on users workflows, as it does not demand users to click on any extra buttons, pop-ups, or combo boxes
4) It does not require enterprises to onboard, nor manage “external users” identities
5) It does not require “external users” to have to buy or install any RightsWATCH proprietary software
6) It delivers a comprehensive audit trail that enables leveraging SIEM tools to do data analytics
