Data Leakage Prevention
Dimension Data’s preferred method of client engagement is based on our Secure Infrastructure Framework and a lifecycle approach, from assessment, through planning, architecture and integration of solutions to ongoing management. This engagement method is the result of both extensive experience and established best practices.
In order to illustrate how this model is applied in a real case scenario, the following Data Leakage Prevention (DLP) engagement example is given:
Assessment:
Dimension Data’s DLP assessment is a consultative led service that provides organisations with visibility into how their sensitive data enters traverses and leaves the corporate network. The assessment methodology includes various phases that quickly identify where information is stored and how it is being used.
The assessment may include the following phases based on individual needs:
• Policy review: understanding current organisational policies including data classification and data retention.
• Information profiling: understanding what information is important to the business and where it resides.
• Create search perimeters: establish search expressions to capture information based on the profiling exercise.
• Initiate discovery: search for information across networks, file repositories and systems based on the parameters set within the search boundaries.
Planning:
The results of the assessment are analysed and a report produced that identifies instances of potential information leakage. This report will enable us to build a roadmap detailing how to deal with the challenges in DLP across the organisation – when data is in motion on the network or across the perimeter, stored on devices or in use in applications.
Architecture
Now we know all the instances of potential information leakage, based on the report, we will be able to see what, if any, network redesign needs to be carried out in order to optimally support the organisation’s objectives.
Solution – Implementation and Integration
Based on the assessment findings, the security requirements and the maturity level of the organisation’s security posture we suggest implementation of a solution that ticks all the boxes and supports the individual business requirements.
Maturity level 1 – Tactical control
Suggested solutions: Device Encryption, Secure File Transfer
Maturity level 2 – Perimeter protection
Suggested solutions: policy adjustments of existing content security solutions (Web Proxy, Firewall, etc), User Education
Maturity level 3 – Internal information flow management
Suggested solutions: visibility of information flows within the organisation through device management (USB storage devices, wireless Internet, CD/DVD-Rs etc). Security Incident and Event Management System (SIEM)
Maturity level 4 – External information flow management
Suggested solutions: Digital Rights Management technology for information flow management for sensitive information that does need to leave the organisation,
In short:
Dimension Data’s data leakage solution set:
Supports security policy and compliance strategies
Is modular and scalable
Protects all electronic leakage points
Uses best-of-breed solutions
Utilises a centralised user database
Provides end-to-end visibility
Fulfils the primary objectives of the data leakage strategy
Operations Management
Having implemented and integrated a DLP solution, Dimension Data can provide a number of Managed Services as part of our Operations Management offering that cover Maintenance/Support, Monitoring, Managed Security and Tuning.
Clients can outsource some of the ongoing management of their security infrastructure, or ask for resources / people onsite – or alternatively we can provide consolidated support (contracts) for different vendor technologies in a DLP environment, which is likely to be complex and include multiple vendor solutions.