![Page 1: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/1.jpg)
![Page 2: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/2.jpg)
Question : Why do F1 cars have the biggest brakes ?
Answer : Because they need to go the fastest.
![Page 3: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/3.jpg)
Protect Infrastructure or protect information ??Lessons from Wikileaks
Presentation at NullCon 2011, GoaVishal Gupta
Seclore
![Page 4: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/4.jpg)
TELEMARKETER
Information exchange in the collaborative worldInformation exchange in the collaborative world
Information is exchanged between Employees of the organisation
Enterprise
CUSTOMERS
VENDORS
Information is exchanged between employees & vendors & employees & customers
Competitors
What happens if an employee with privileged access leaves to join a competitor ?What happens if information shared with a vendor is lost by the vendor ?
VPN
SSL
UTM
Firewall
…
Firewalls
![Page 5: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/5.jpg)
The compromise ...The compromise ...
Increasing risks of systems and data
Decreasing availability of systems and data
Data CenterEnterprise
+ Partners
Enterprise The world
Decreasing control and protection over data
![Page 6: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/6.jpg)
Underlying IssuesUnderlying Issues
Share it = It becomes his (also)Ownership and usage cannot be separated
Shared once = Shared foreverImpossible to “recall” information
Out of the firewall = Free for allTechnology & processes are only applicable within
![Page 7: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/7.jpg)
The ResultThe Result
![Page 8: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/8.jpg)
Create Store Transmit & collaborate Use Archive & Backup Delete
DLP Anti-virus Anti-…
Hard disk encryption
SSL UTM
Application security
IDM DLP Vaults Digital shredders
Desktops
Laptops
Heterogeneous policies … Heterogeneous infrastructure
Mobile devices
Removable media
Content Management
Online workspaces
Remote desktops
Information lifecycle …Information lifecycle …
Shared folders Removable
media
Instant Messaging
Desktops
Laptops
Mobile devices
Archive
Backup
Document retention
Security
NTFS
![Page 9: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/9.jpg)
Unstructured information securityUnstructured information security
Option 1 : Control Distribution
. . .
Security Collaboration
![Page 10: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/10.jpg)
Unstructured information securityUnstructured information security
Option 2 : Control Usage
. . .
Security Collaboration
RightLocation
RightTime
RightAction
RightPerson
![Page 11: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/11.jpg)
• WHO can use the information
People & groups within and outside of the organization can be defined as rightful users of the information
• WHAT can each person doIndividual actions like reading, editing, printing,
distributing, copy-pasting, screen grabbing etc. can be controlled
• WHEN can he use itInformation usage can be time based e.g. can
only be used by Mr. A till 28th Sept OR only for the 2 days
• WHERE can he use it fromInformation can be linked to locations e.g. only
3rd floor office by private/public IP addresses
IRM systems allow enterprises to define, implement & audit information usage “policies”. A “policy” defines :
Information Rights ManagementInformation Rights Management
Policies are persistent with data, dynamic & audit-able
![Page 12: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/12.jpg)
Lessons from WikileaksLessons from Wikileaks
Content
is
King
security
supposed to be like ‘s security1Thou shall focus on protecting the information
…because no “wall” is too high
3 Thou shall listen to dad & not watch TV beyond 7 pm
2
![Page 13: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/13.jpg)
About …About …
Seclore is a high growth information security product company focused on providing Security without compromising collaboration
Seclore’s flagship product Seclore FileSecure is used by More than 1 million users & some of the largest enterprises
![Page 14: nullcon 2011 - Protect infrastructure of protect information – Lessons from Wikileaks](https://reader035.vdocuments.mx/reader035/viewer/2022070317/5566971bd8b42a51558b53dd/html5/thumbnails/14.jpg)
ContactVishal Gupta
+91-22-4015-5252
www.seclore.com