Securing Your "Crown Jewels": Do You Have What it Takes to Go From Start to Finish?
Protecting Your Most Valuable Data: Organizations face many data protection challenges, but one of the biggest is identifying and prioritizing the 0.01% - 2% of the data that is most important to your organization's survival and success. IBM Data Security Services can help by providing you with a 5-stage strategy designed to ensure that your "Crown Jewels" are protected and kept safe from loss, hackers, and being compromised. Attend this session and learn about processes to identify and prioritize your critical data, and services available from IBM to protect it.
2. Please Note
• IBM’s statements regarding its plans, directions, and intent are subject to change or
withdrawal without notice at IBM’s sole discretion.
• Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
• The information mentioned regarding potential future products is not a commitment,
promise, or legal obligation to deliver any material, code or functionality. Information
about potential future products may not be incorporated into any contract.
• The development, release, and timing of any future features or functionality described
for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks
in a controlled environment. The actual throughput or performance that any user will
experience will vary depending upon many factors, including considerations such as
the amount of multiprogramming in the user’s job stream, the I/O configuration, the
storage configuration, and the workload processed. Therefore, no assurance can be
given that an individual user will achieve results similar to those stated here.
2
4. IBM Security
Agenda
• Defining the “Crown Jewels” – the most
critical data within your enterprise
• Recognizing threats and the cost of
losing critical data
• Overcoming obstacles to effective
protection of critical data
5. IBM Security
Defining the “Crown Jewels” –
the most critical data within
your enterprise
6. Protection of your “Crown Jewels” is a strategic imperative
• For most organizations, the most critical data –
the “Crown Jewels” – amount to between 0.01% and
2.0% of total sensitive data1
• The theft, misuse or corruption of this critical data can:
- cripple operations
- severely damage brand reputation
- dramatically reduce shareholder value
1U.S President’s 2006 Economic Report to Congress Or …. 1IBM (name/date of report or study)
7. Crown Jewel data is usually found in the top 2 or 3
data categories
8. Tiny percentage, huge value
The most valuable data, intellectual property (IP) and trade secrets form the heart of an
organization’s identity and mission.
•Strategic product information – including new product designs, formulas and features,
as well as changes, improvements and other updates to existing products
•Research and development (R&D)
•IT systems and applications, including novel processes, system architecture designs,
source code and algorithms
Intellectual property and
other enterprise-critical data
represents an estimated
70% of the value of publicly
traded corporations2
2U.S President’s 2006 Economic Report to Congress
10. Understanding the threat to your critical data
Your company is not a random victim.
People have singled you out, have a specific interest
in your critical data, and have both the desire and the
means to try to take it from you.
Chances are, they can get to some of your
data with relatively little effort.
But they are also prepared to make multiple attempts
and use a mix of sophisticated methods to penetrate
your defenses.
The real threat could be inside.
There is a real possibility that they will find someone
inside your organization to help them.
If your security is inadequate, a successful
breach may go unnoticed for months.
If, and when, it is finally discovered, the odds are better
than two to one that it will be by someone outside your
organization.
1
2
3
4
11. The threat story in numbers
25%
of data breaches were targeted. The victim organization is specifically chosen, then the
attacker(s) determines what weaknesses exist within the target that can be exploited.
19%
78%
were attributed to state-affiliated actors, suggesting sophisticated organizations
with clear objectives and deep resources – less likely to be profiteers, more likely
targeting trade secrets.
of initial intrusions were rated as “low difficulty.” The perpetrators succeeded
in penetrating data defenses with routine techniques and skills.
of breaches were discovered by external parties. Mostly by unrelated third parties
and fraud detection services, but also by customers, law enforcement and others – or
actually disclosed by the perpetrators, themselves.
of breaches involved multiple methods of attack,
indicating determination and sophistication.
Verizon 2013 Data Breach Investigations Report
took months or more to discover, leaving management
blind to damage as it was occurring.
of breaches involved multiple parties. Combined ratios for outsiders (87%), insiders
(46%) and partners (1%) indicate that collusion is common.
Verizon 2013 DBIR Industry Snapshot, Intellectual Property Theft
69%
66%
34%
25%
12. The cost of lost critical data
R&D serves as a reasonable proxy for the value of trade secret theft
It is calculated that each dollar invested in R&D yields $2.90 in other economic activity during the same
year and between $16.00 and $69.00 over 10 years.
1
Data breaches involving personally identifiable information (PII)
Breach disclosure laws subject victim organizations to public scrutiny, so their financial losses tend to be
measurable – normally calculated in terms of penalties, lost sales, and declines in stock prices.
Data breaches costs2 are calculated to be as high as:
1The Center for Responsible Enterprise And Trade (CREATe.org) & PricewaterhouseCoopers LLP (PwC), Economic Analysis of Trade Secret Misappropriation, 2014
22014 Cost of Data Breach Study: Global Analysis, Ponemon Institute, 2014.
14. Making protection of critical data a top priority
Challenge 1: Defining your “Crown Jewels”
•Is there agreement within your organization on
what constitutes “Crown Jewels”?
•How much of it is there?
•Where is it?
•Who has access to it? Applications, users?
•Who are the business owners?
•What business processes rely on it?
15. Making protection of critical data a top priority
Challenge 2: Reassessing your current security strategy by asking:
• Is it too IT-centric?
Sure, we have a DLP solution; but are we ignoring how critical data is actually used in the business,
and by whom?
• Is it too risk-averse?
Do we have a “lock-it-all-down” approach that inhibits business growth and opportunities?
• Is it too inwardly focused?
What about the role of third parties, such as vendors and partners? What happens when our critical
data is shared outside the enterprise?
• Are we mistaking compliance with security?
Is our strategy too focused on passing audits instead of actually protecting data in a way that is
comprehensive?
• Does it assume routine security implementations equate to an evolving strategy?
Are we simply going through the motions with upgrades and patches, or are we continuously evaluating
our strategy in the face of ever-changing threats and technologies?
• Do we simply lack a direction or starting point when it comes to critical data?
16. IBM Critical Data Protection Program
The Approach: A comprehensive method for safeguarding your Crown Jewels
and protecting your brand
• Define Crown Jewels
• Determine Data Security Objectives
• Understand Client Data Security Environment and Infrastructure
• Define and Complete Data Discovery Process
• Perform Data Analysis and Classify
• Establish Crown Jewels Baselines
• Assess and Score Client Data Security Processes and/or Controls
• Perform Gap Analysis and Develop Hypotheses
• Determine Risk Remediation Plan
• Prioritize and Validate Risk Remediation Solutions
• Plan, Design, and Implement
• Determine Crown Jewels Governance Metrics and Process
• Enable Monitoring, Communications and Response
• Establish Revalidation Criteria and Process
17. Delivered with structured delivery methodology
• Determine data
protection objectives
• Develop data model
and define “Crown
Jewels”
• Obtain stakeholder
consensus
• Understand data
lifecycle and
environment
• Identify critical data
storage repositories,
paths, and access
• Establish baseline
requirements
• Access current
controls to identify
gaps and propose
solutions
• Plan and prioritize
technical & business
process
transformations,
strategy & roadmap
• Prepare for detailed
design & deploy of
identified solutions
High level (Macro) and
detail design (Micro),
implementation, and
monitoring of selected
data protection
solutions
• Operationalize the
solutions and
processes defined
previously
• Continuously improve
to evolve and adapt
to changes
Building a SOC and
integrating CDPP into
enterprise security
operations / MSIEM
DEFINE:
What are the “crown
jewels”?
DISCOVER:
Where are they? How are
they used?
BASELINE:
What is required to protect
critical data?
SECURE:
How to plan, design, and
implement protection
solutions?
MONITOR:
What to consider
operationally?
Consulting
Approach
- Data collection
- Interviews &
workshops
- Development of data
taxonomy
- Risk evaluation &
prioritization
Strategic+Technical
Assessment
- Iterative tool based
discovery
- Data flow mapping
- Data classification
- Develop initial
strategy
Gap Assessment +
Strategic Planning
- Requirements
gathering
- Target state
definitions
- Gap assessment
- Roadmap and
prioritization
System Integration
For solutions identified
in previous phase (e.g.
DLP, Guardium, etc.),
develop
- Client Environment
- Solution Outline
Consulting
Approach
- Program charter
- Functional model, org
structure, and staffing
- Metrics, processes &
procedures
- Governance & comm.
Service
Delivery
Phases
Main
Objectives
Method
Approach
Follow up or
add-on
services
Detailed architecture
development such as
Database Security
Reference Architecture
IBM Confidential
20. IBM provides unmatched global coverage and
security awareness
monitored countries (MSS)
service delivery experts
+
devices under contract
+
endpoints protected
+
events managed per day
IBM Security by the Numbers
+
+
21. Learn more about IBM Security
IBM Security
Intelligence. Integration. Expertise.
Visit our website
IBM Security Website
Watch our videos
IBM Security YouTube Channel
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity
22. We Value Your Feedback!
• Don’t forget to submit your Insight session and speaker feedback!
Your feedback is very important to us – we use it to continually
improve the conference.
• Access the Insight Conference Connect tool to quickly submit your
surveys from your smartphone, laptop or conference kiosk.
22
24. WIP
A financial services firm teams with IBM to protect its “Crown
Jewels”
Protect your critical assets
Identified and blocked
650+
suspicious incidents
in the first 6 months
of SOC operations
Business Challenge
The bank did not have the security skills and resources to build its first SOC
within the aggressive milestones set by their Board
Wanted global protection for 16,000,000 accounts across 44 countries
IBM Security Solution benefits
Provides automated, real-time advanced analytics to evaluate 13M+ events per day
from 400K+ assets and 28K+ active log sources
Provides 24x7 SOC management and incident response support at ~$2M lower cost
than in-house management
Notes de l'éditeur
A critical data protection program from IBM can help provide a comprehensive approach to safeguarding your most strategic information. Rather than implementing a technology “fix” that locks down your critical data and limits your business productivity, our approach provides an end-to-end, repeatable program. It helps you determine what data is most important to the organization and find better ways to more securely use it in your day-to-day operations. We also help optimize your level of control by providing both consulting services to establish your data protection strategy, and implementation and integration services using market-leading loss prevention and encryption technologies.
The benefits of a critical data protection program from IBM are considerable. They include supporting your organization’s competitiveness, profitability and brand reputation; centralizing and automating data security while reducing the cost of compliance; helping you more effectively avert costly data breaches; and establishing a security program that can adapt to heightened cyber risks and attacks.
Why choose IBM? First, because we provide unmatched global coverage and security awareness. We have thousands of consultants, analysts and delivery specialists providing security service for clients every day. In addition, we have 10 security research centers, 10 security operations centers, and 14 security development laboratories.
Why choose IBM? First, because we provide unmatched global coverage and security awareness. We have thousands of consultants, analysts and delivery specialists providing security service for clients every day. In addition, we have 10 security research centers, 10 security operations centers, and 14 security development laboratories.