Securing Your "Crown Jewels": Do You Have What it Takes to Go From Start to Finish? Protecting Your Most Valuable Data: Organizations face many data protection challenges, but one of the biggest is identifying and prioritizing the 0.01% - 2% of the data that is most important to your organization's survival and success. IBM Data Security Services can help by providing you with a 5-stage strategy designed to ensure that your "Crown Jewels" are protected and kept safe from loss, hackers, and being compromised. Attend this session and learn about processes to identify and prioritize your critical data, and services available from IBM to protect it.

1. FTS-4862
Protecting Your “Crown Jewels”:
Do you have what it takes to go from start to finish?
Erkang Zheng
October 2014
© 2014 IBM Corporation

2. Please Note
• IBM’s statements regarding its plans, directions, and intent are subject to change or
withdrawal without notice at IBM’s sole discretion.
• Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
• The information mentioned regarding potential future products is not a commitment,
promise, or legal obligation to deliver any material, code or functionality. Information
about potential future products may not be incorporated into any contract.
• The development, release, and timing of any future features or functionality described
for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks
in a controlled environment. The actual throughput or performance that any user will
experience will vary depending upon many factors, including considerations such as
the amount of multiprogramming in the user’s job stream, the I/O configuration, the
storage configuration, and the workload processed. Therefore, no assurance can be
given that an individual user will achieve results similar to those stated here.
2

3. Acknowledgements and Disclaimers
Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in
which IBM operates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for
informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant.
While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without
warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this
presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or
representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have
achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to,
nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other
results.
© Copyright IBM Corporation 2014. All rights reserved.
— U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
— Please update paragraph below for the particular product or family brand trademarks you mention such as WebSphere, DB2,Maximo,
Clearcase, Lotus, etc
IBM, the IBM logo, ibm.com, [IBM Brand, if trademarked], and [IBM Product, if trademarked] are trademarks or registered trademarks of
International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked
on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law
trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in
other countries. A current list of IBM trademarks is available on the Web at
•“Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml
•If you have mentioned trademarks that are not from IBM, please update and add the following lines:[Insert any special 3rd party trademark
names/attributions here]
•Other company, product, or service names may be trademarks or service marks of others.
3

4. IBM Security
Agenda
• Defining the “Crown Jewels” – the most
critical data within your enterprise
• Recognizing threats and the cost of
losing critical data
• Overcoming obstacles to effective
protection of critical data

5. IBM Security
Defining the “Crown Jewels” –
the most critical data within
your enterprise

6. Protection of your “Crown Jewels” is a strategic imperative
• For most organizations, the most critical data –
the “Crown Jewels” – amount to between 0.01% and
2.0% of total sensitive data1
• The theft, misuse or corruption of this critical data can:
- cripple operations
- severely damage brand reputation
- dramatically reduce shareholder value
1U.S President’s 2006 Economic Report to Congress Or …. 1IBM (name/date of report or study)

7. Crown Jewel data is usually found in the top 2 or 3
data categories

8. Tiny percentage, huge value
The most valuable data, intellectual property (IP) and trade secrets form the heart of an
organization’s identity and mission.
•Strategic product information – including new product designs, formulas and features,
as well as changes, improvements and other updates to existing products
•Research and development (R&D)
•IT systems and applications, including novel processes, system architecture designs,
source code and algorithms
Intellectual property and
other enterprise-critical data
represents an estimated
70% of the value of publicly
traded corporations2
2U.S President’s 2006 Economic Report to Congress

9. IBM Security
Recognizing threats and the
cost of losing critical data

10. Understanding the threat to your critical data
Your company is not a random victim.
People have singled you out, have a specific interest
in your critical data, and have both the desire and the
means to try to take it from you.
Chances are, they can get to some of your
data with relatively little effort.
But they are also prepared to make multiple attempts
and use a mix of sophisticated methods to penetrate
your defenses.
The real threat could be inside.
There is a real possibility that they will find someone
inside your organization to help them.
If your security is inadequate, a successful
breach may go unnoticed for months.
If, and when, it is finally discovered, the odds are better
than two to one that it will be by someone outside your
organization.
1
2
3
4

11. The threat story in numbers
25%
of data breaches were targeted. The victim organization is specifically chosen, then the
attacker(s) determines what weaknesses exist within the target that can be exploited.
19%
78%
were attributed to state-affiliated actors, suggesting sophisticated organizations
with clear objectives and deep resources – less likely to be profiteers, more likely
targeting trade secrets.
of initial intrusions were rated as “low difficulty.” The perpetrators succeeded
in penetrating data defenses with routine techniques and skills.
of breaches were discovered by external parties. Mostly by unrelated third parties
and fraud detection services, but also by customers, law enforcement and others – or
actually disclosed by the perpetrators, themselves.
of breaches involved multiple methods of attack,
indicating determination and sophistication.
Verizon 2013 Data Breach Investigations Report
took months or more to discover, leaving management
blind to damage as it was occurring.
of breaches involved multiple parties. Combined ratios for outsiders (87%), insiders
(46%) and partners (1%) indicate that collusion is common.
Verizon 2013 DBIR Industry Snapshot, Intellectual Property Theft
69%
66%
34%
25%

12. The cost of lost critical data
R&D serves as a reasonable proxy for the value of trade secret theft
It is calculated that each dollar invested in R&D yields $2.90 in other economic activity during the same
year and between $16.00 and $69.00 over 10 years.
1
Data breaches involving personally identifiable information (PII)
Breach disclosure laws subject victim organizations to public scrutiny, so their financial losses tend to be
measurable – normally calculated in terms of penalties, lost sales, and declines in stock prices.
Data breaches costs2 are calculated to be as high as:
1The Center for Responsible Enterprise And Trade (CREATe.org) & PricewaterhouseCoopers LLP (PwC), Economic Analysis of Trade Secret Misappropriation, 2014
22014 Cost of Data Breach Study: Global Analysis, Ponemon Institute, 2014.

13. IBM Security
Overcoming obstacles to
effective protection of critical
data

14. Making protection of critical data a top priority
Challenge 1: Defining your “Crown Jewels”
•Is there agreement within your organization on
what constitutes “Crown Jewels”?
•How much of it is there?
•Where is it?
•Who has access to it? Applications, users?
•Who are the business owners?
•What business processes rely on it?

15. Making protection of critical data a top priority
Challenge 2: Reassessing your current security strategy by asking:
• Is it too IT-centric?
Sure, we have a DLP solution; but are we ignoring how critical data is actually used in the business,
and by whom?
• Is it too risk-averse?
Do we have a “lock-it-all-down” approach that inhibits business growth and opportunities?
• Is it too inwardly focused?
What about the role of third parties, such as vendors and partners? What happens when our critical
data is shared outside the enterprise?
• Are we mistaking compliance with security?
Is our strategy too focused on passing audits instead of actually protecting data in a way that is
comprehensive?
• Does it assume routine security implementations equate to an evolving strategy?
Are we simply going through the motions with upgrades and patches, or are we continuously evaluating
our strategy in the face of ever-changing threats and technologies?
• Do we simply lack a direction or starting point when it comes to critical data?

16. IBM Critical Data Protection Program
The Approach: A comprehensive method for safeguarding your Crown Jewels
and protecting your brand
• Define Crown Jewels
• Determine Data Security Objectives
• Understand Client Data Security Environment and Infrastructure
• Define and Complete Data Discovery Process
• Perform Data Analysis and Classify
• Establish Crown Jewels Baselines
• Assess and Score Client Data Security Processes and/or Controls
• Perform Gap Analysis and Develop Hypotheses
• Determine Risk Remediation Plan
• Prioritize and Validate Risk Remediation Solutions
• Plan, Design, and Implement
• Determine Crown Jewels Governance Metrics and Process
• Enable Monitoring, Communications and Response
• Establish Revalidation Criteria and Process

17. Delivered with structured delivery methodology
• Determine data
protection objectives
• Develop data model
and define “Crown
Jewels”
• Obtain stakeholder
consensus
• Understand data
lifecycle and
environment
• Identify critical data
storage repositories,
paths, and access
• Establish baseline
requirements
• Access current
controls to identify
gaps and propose
solutions
• Plan and prioritize
technical & business
process
transformations,
strategy & roadmap
• Prepare for detailed
design & deploy of
identified solutions
High level (Macro) and
detail design (Micro),
implementation, and
monitoring of selected
data protection
solutions
• Operationalize the
solutions and
processes defined
previously
• Continuously improve
to evolve and adapt
to changes
Building a SOC and
integrating CDPP into
enterprise security
operations / MSIEM
DEFINE:
What are the “crown
jewels”?
DISCOVER:
Where are they? How are
they used?
BASELINE:
What is required to protect
critical data?
SECURE:
How to plan, design, and
implement protection
solutions?
MONITOR:
What to consider
operationally?
Consulting
Approach
- Data collection
- Interviews &
workshops
- Development of data
taxonomy
- Risk evaluation &
prioritization
Strategic+Technical
Assessment
- Iterative tool based
discovery
- Data flow mapping
- Data classification
- Develop initial
strategy
Gap Assessment +
Strategic Planning
- Requirements
gathering
- Target state
definitions
- Gap assessment
- Roadmap and
prioritization
System Integration
For solutions identified
in previous phase (e.g.
DLP, Guardium, etc.),
develop
- Client Environment
- Solution Outline
Consulting
Approach
- Program charter
- Functional model, org
structure, and staffing
- Metrics, processes &
procedures
- Governance & comm.
Service
Delivery
Phases
Main
Objectives
Method
Approach
Follow up or
add-on
services
Detailed architecture
development such as
Database Security
Reference Architecture
IBM Confidential

18. Understanding your data is a key step towards actionable
security intelligence

19. Advantages of IBM Critical Data Protection Program

20. IBM provides unmatched global coverage and
security awareness
monitored countries (MSS)
service delivery experts
+
devices under contract
+
endpoints protected
+
events managed per day
IBM Security by the Numbers
+
+

21. Learn more about IBM Security
IBM Security
Intelligence. Integration. Expertise.
Visit our website
IBM Security Website
Watch our videos
IBM Security YouTube Channel
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity

22. We Value Your Feedback!
• Don’t forget to submit your Insight session and speaker feedback!
Your feedback is very important to us – we use it to continually
improve the conference.
• Access the Insight Conference Connect tool to quickly submit your
surveys from your smartphone, laptop or conference kiosk.
22

23. Thank You

24. WIP
A financial services firm teams with IBM to protect its “Crown
Jewels”
Protect your critical assets
Identified and blocked
650+
suspicious incidents
in the first 6 months
of SOC operations
Business Challenge
 The bank did not have the security skills and resources to build its first SOC
within the aggressive milestones set by their Board
 Wanted global protection for 16,000,000 accounts across 44 countries
IBM Security Solution benefits
 Provides automated, real-time advanced analytics to evaluate 13M+ events per day
from 400K+ assets and 28K+ active log sources
 Provides 24x7 SOC management and incident response support at ~$2M lower cost
than in-house management