#symvisionemea - voxvox.veritas.com/legacyfs/online/veritasdata/...strategy-aligned solution, drives...
TRANSCRIPT
#SymVisionEmea
#SymVisionEmea
The Future of Data Loss Prevention: 5 Trends Shaping Symantec's Vision and Roadmap
Stephane Laguerre Jean-Christophe Ribola Symantec Security presales engineer Accenture Security Director
SYMANTEC VISION SYMPOSIUM 2014 The Future of DLP 3
Breaches increased by 62% in 2013.
SYMANTEC VISION SYMPOSIUM 2014
Méga-brèches
• 8 parmi le Top 10 des brèches représentent plus de 10 millions d’identités
• Moyenne du nombre d’identités exposées : + 400% par rapport à 2012
The Future of DLP 4
SYMANTEC VISION SYMPOSIUM 2014
Mega-breach
• Healthcare, Education and Government summarize 58% of all breaches
• But Retail, Computer Software and Financial represent 77% of all data breaches in 2013
The Future of DLP 5
SYMANTEC VISION SYMPOSIUM 2014 The Future of DLP 6
Bring Your Own Cloud
SYMANTEC VISION SYMPOSIUM 2014
You Can’t Secure What You Don’t Know About
Source: Netskope
The Future of DLP 7
SYMANTEC VISION SYMPOSIUM 2014
From what you manage
The Future of DLP 8
Symantec O3
SYMANTEC VISION SYMPOSIUM 2014
To what employees use
The Future of DLP 9
SYMANTEC VISION SYMPOSIUM 2014 The Future of DLP 10
40% of employees download business data to mobile devices.
SYMANTEC VISION SYMPOSIUM 2014
72% 78%
48% 33%
HAVE AT LEAST AN ANTIVIRUS
STORE SENSITIVE DATA ON FREE CLOUD SERVICES
Mobility and cloud
11
Source: 2013 Norton Report
The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Malicious Insiders
SYMANTEC VISION SYMPOSIUM 2014
Trends, News & What’s at Stake
88% experienced data loss
59% of employees leave with data
$5.5million average cost of a breach
Legal & compliance penalties
A corporate black eye
13 The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Data breach actors
The Future of DLP 14
SYMANTEC VISION SYMPOSIUM 2014 The Future of DLP 15
Possibly use visuals from keynote here (Information Governance)
Information Protection
SYMANTEC VISION SYMPOSIUM 2014
Protect what’s Important
16
Customer Information
Company Information
Credit Card Info
Medical Records
SSNs and Government IDs
Financials HR Records
Intellectual Property
Internal Auditing
M&A and Strategy
The Future of DLP
#SymVisionEmea
Symantec Technology
The Future of DLP 17
SYMANTEC VISION SYMPOSIUM 2014
You need more than a technology solution
The Dynamics of DLP
18
Where is your confidential data?
DISCOVER
How is it being used?
MONITOR
How best to prevent its loss?
PROTECT
The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Our Vision
Information Protection
Content
Access
Context
Identity
The Future of DLP 19
SYMANTEC VISION SYMPOSIUM 2014
Information Protection: Beyond Preventing Data Loss
The Future of DLP 20
Information Protection
Data Loss Prevention
•Context-aware
•User risk analytics
• Information governance
•Access and entitlements management
•Continuous monitoring
• Identity & content-aware
•Cloud & mobile
•Ready for next-gen. datacenter
Same job
new IT landscape
New, bigger jobs
SYMANTEC VISION SYMPOSIUM 2014
Data Loss Prevention Threat Coverage
21
USB/CD/DVD
Stored data
Instant Message
FTP
SharePoint / Lotus Notes /
DMS
Databases
File Servers
Print/Fax
DLP Policy Monitoring & Prevention Discovery & Protection
Webmail
Web servers
Untrusted networks
Browser sessions
iPad / iPhone
The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Symantec Mobile + DLP Integration: Use-Cases
The Future of DLP 22
1. Control whether sensitive email attachments can be downloaded on trusted/untrusted email clients
2. Ensure sensitive documents can only be shared among trusted apps on device
3. Prevent sensitive documents from being shared in the cloud
SYMANTEC VISION SYMPOSIUM 2014
1000
800
600
400
200
0
Continuous Risk Reduction
23
Competitive Trap
Risk Reduction Over Time
Inci
den
ts P
er W
eek
Visibility
Remediation
Notification
Prevention
The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Intelligent Data Security
The Future of DLP 24
SYMANTEC VISION SYMPOSIUM 2014
Companies using security intelligence technologies were more efficient in detecting and
containing cyber attacks. As a result, these companies enjoyed an average cost savings of $4
million when compared to companies not deploying security intelligence technologies.
Ponemon Institute
Protecting the digital enterprise requires addressing a complex, evolving set of potentially unknown challenges and threats
Implications of Inaction
• Loss Unknown value of intellectual property to growth opportunities
• Increasing costs of compliance and regulatory fees
• Degradation of brand reputation
• Customer attrition due to lack of trust and satisfaction
• Damage to competitive positioning in the marketplace due to exposure
Security
Organization’s
Information
Protection
Strategy
Dig
ita
l C
om
pli
ca
tio
ns
Co
mb
attin
g
Un
kn
ow
n
Th
rea
ts
Protecting Intellectual
Property
Maintaining External
Compliance
The Future of DLP 25
SYMANTEC VISION SYMPOSIUM 2014
Business and Technology Challenges Protecting the enterprise information requires addressing a complex, evolving set of business and technology challenges
26
Business
Challenges Technology Challenges
Maintain competitive position and brand
reputation to avoid potentially lost business
and/or customer attrition
Handle higher volumes of personally identifiable
customer information at the same risk level while
transforming business models
Protecting corporate restricted non-public
information as companies pursue M&A for global
expansion opportunities
Shift focus of dedicated resources towards
growth opportunities and away from maintenance
and systems upkeep
Awareness of cross-border exchanges of critical
Intellectual Property (e.g. source code, product
design) as operations scale globally
Adopting emerging technologies (i.e. Social,
Mobile, Analytics, Cloud) with confidence to
enhance enterprise productivity
Knowledge of inventory and utilization of the
company’s most valuable and sensitive
information
Automating responses to “zero-day” attacks by
aligning policies/processes with business
objectives
The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Accenture Intelligent Security Transformation: Business Benefits Drive The Choices
Business Value Driven Security: Better business results, reduced risk
The Future of DLP 27
Enable an organization to set a business value driven security
strategy to transform their approach to security to meet the needs
of the business
Value Proposition
Protect an organization’s core IT infrastructure through preventative,
due diligence activities that every organization needs to run a secure
infrastructure within their four walls
Maintain a proactive approach to preparing, detecting, and
responding to security threats. Multiply the effectiveness of the
security operations team with enabling technologies and process
capabilities.
Security Strategy,
Transformation
& Risk
Enterprise
Security
Cyber Security
Define how organizations address security outside of the firewall to
the extended IT environment
Extended
Enterprise
Security
Provides clients with a standard operating model and an
industrialized approach to manage and support security
infrastructure and processes.
Managed Security
Operations
SYMANTEC VISION SYMPOSIUM 2014
Our vision of Data Security
The Future of DLP 28
SYMANTEC VISION SYMPOSIUM 2014
Accenture-Symantec Joint Initiative Value Proposition
The Future of DLP 29
• Market leader in Security and Risk Consulting
• Transformational capability and delivery know-how
• Deep industry knowledge and insights
• Market leader in Security software with proven technologies
• Largest security research and development organization allows for comprehensive and “best of breed” product suite
+
Drives VALUE for Your Business
Integrated Solutions Integrated, end-to-end, security solutions addressing client’s
risk and compliance concerns
Accelerated Time to Value Ability to rapidly deploy security technologies and implement security processes through shared best practices, tools and methods
Reduced Delivery Risk Collaboration between market leaders resulting in deep
delivery, industry and subject-matter expertise
Proven Capability History of joint success, and joint investment in delivery
capability offer clients leading security solutions
Accenture and Symantec are collaborating in a Joint Initiative that highlights the strengths
of our two organizations, combining Accenture’s technology, business and industry
acumen, with Symantec’s information security and data center technologies
SYMANTEC VISION SYMPOSIUM 2014
Accenture’s Vision for Data Loss Prevention
Successful DLP programs take an integrated approach to sensitive data policy, technology, operations, and governance
The Future of DLP 30
Desired Outcomes
• Effective operations
• Consistent processes
• Reduced risk of data loss
• Supports identification of larger
security breaches
• Improved awareness of
sensitive data
• Effective governance
• Adaptability to new scenarios
• Alignment to data strategy
Policy
Technology
Governance
Operations
Sensitive
Data
Increased
Business Value
SYMANTEC VISION SYMPOSIUM 2014
The Accenture-Symantec Approach to DLP: Overview The Joint Initiative takes an industry-tested, three-phase approach to DLP which creates a
strategy-aligned solution, drives toward clear business value, and moves organizations along the DLP maturity curve
The Future of DLP 31
3. Operations and
Managed Services
2. Design and
Implementation 1. Strategy and Planning
Goals
Value
• Improve governance of an organization’s sensitive data
• Create a sensitive data strategy that is effective, business-aligned, realistic, and efficient
• Identify sensitive data repositories and classify existing sensitive data
• Aligns the sensitive data program to address critical business needs
• Establishes proper oversight to the DLP program and a clear plan for success
Goals
Value
• Architect a DLP solution that aligns with the sensitive data strategy
• Deploy DLP across the organization • Control sensitive data in accordance
with sensitive data policy
• Monitors, alerts, and prevents sensitive data policy violations
• Provides metrics and reports to improve sensitive data strategy, policies, and procedures
Goals
Value
• Establish operations to handle sensitive data incidents
• Expand operational service availability, responsiveness, effectiveness, and capability
• Reduces operation costs • Improves availability, reliability,
consistency, effectiveness, and quality
SYMANTEC VISION SYMPOSIUM 2014
Case Study: Communications Service Provider
32 32
• Ineffective visualization techniques, inability to
show real-time security metrics to key
stakeholders
Reasons for Investment
• 40-50 siloed enterprise security tools (including
DLP, CCS, CSP, and PGP Encryption SYMN
products) requiring manual resources to create
reports to show the security posture in real-time
Client Problem
• Tool centralization increased operational efficiency by reducing time to
report
• Ability to update stakeholders on security in real-time
• Alignment of security and business
Client Outcomes
• Enhance stakeholder understanding of security posture by delivering real-time, centralized metrics
Client Requirement
Current Tool
Optimization*
Tool
Integration
Analytic
Engine
Enablement
Automated
Remediation
Potential
Information
Protection
Strategy
Baseline
Tool-Set
Enhanced
Information
Protection
Integrated
Enterprise Agile Enterprise
Intelligent
Security
Manual
Information
Protection
Stag
es
De
plo
yme
nt
Ph
ase
s
*CSS, CSP, DLP, PGP Encryption
The Future of DLP 32
SYMANTEC VISION SYMPOSIUM 2014
Moving from data to intelligence to action : Our Approach
The Future of DLP 33
Intelligent Security Siloed Security Organization
Business-driven security accelerates an
enterprise towards realizing intelligent
security aspirations
Bu
sin
ess V
alu
e
Proactive Reactive
Se
rvic
es
• Data
classification
• Strategy and
roadmap
• Process
design
• Tool
Implement.
• Analytics
• Process
automation
• Active
defense
• Cyber
security
• Assessment
• Business
case with
quantified risk
• Tool
integration
• Reporting
Assessment
• Tool
assessment
• Tool
optimization
Information
Protection
Strategy
Baseline
Tool-Set
Enhanced
Information
Protection
Integrated
Enterprise
Agile
Enterprise
Intelligent
Security
Manual
Information
Protection
#SymVisionEmea
Roadmap
The Future of DLP 34
SYMANTEC VISION SYMPOSIUM 2014
Product Roadmap Disclaimer
35
“Any forward-looking indication of plans for products is
preliminary and all future release dates are tentative and are
subject to change. Any future release of the product or planned
modifications to product capability, functionality, or feature are
subject to ongoing evaluation by Symantec, and may or may not be
implemented and should not be considered firm commitments by
Symantec and should not be relied upon in making purchasing
decisions.”
The Future of DLP
SYMANTEC VISION SYMPOSIUM 2014
Roadmap: Focus in Key Areas
New Jobs
Customer Satisfaction
Platform Supportability
Efficiencies
The Future of DLP 36
DLP Roadmap
• Integrate DLP with Symantec offerings
• Support emerging trends
• Continuous focus on customer-requested enhancements
• Faster support of new platforms
• Prioritizing cloud, mobile, and SaaS
• Improved supportability
• Reduce platform footprint
• Improved detection performance
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
#SymVisionEmea
The Future of DLP 37