#symvisionemea - voxvox.veritas.com/legacyfs/online/veritasdata/...strategy-aligned solution, drives...

#SymVisionEmea

#SymVisionEmea

The Future of Data Loss Prevention: 5 Trends Shaping Symantec's Vision and Roadmap

Stephane Laguerre Jean-Christophe Ribola Symantec Security presales engineer Accenture Security Director

SYMANTEC VISION SYMPOSIUM 2014 The Future of DLP 3

Breaches increased by 62% in 2013.

SYMANTEC VISION SYMPOSIUM 2014

Méga-brèches

• 8 parmi le Top 10 des brèches représentent plus de 10 millions d’identités

• Moyenne du nombre d’identités exposées : + 400% par rapport à 2012

The Future of DLP 4


Mega-breach

• Healthcare, Education and Government summarize 58% of all breaches

• But Retail, Computer Software and Financial represent 77% of all data breaches in 2013

The Future of DLP 5


Bring Your Own Cloud


You Can’t Secure What You Don’t Know About

Source: Netskope

The Future of DLP 7


From what you manage

The Future of DLP 8

Symantec O3


To what employees use

The Future of DLP 9


40% of employees download business data to mobile devices.


72% 78%

48% 33%

HAVE AT LEAST AN ANTIVIRUS

STORE SENSITIVE DATA ON FREE CLOUD SERVICES

Mobility and cloud

11

Source: 2013 Norton Report

The Future of DLP


Malicious Insiders


Trends, News & What’s at Stake

88% experienced data loss

59% of employees leave with data

$5.5million average cost of a breach

Legal & compliance penalties

A corporate black eye

13 The Future of DLP


Data breach actors

The Future of DLP 14


Possibly use visuals from keynote here (Information Governance)

Information Protection


Protect what’s Important

16

Customer Information

Company Information

Credit Card Info

Medical Records

SSNs and Government IDs

Financials HR Records

Intellectual Property

Internal Auditing

M&A and Strategy

The Future of DLP

#SymVisionEmea

Symantec Technology



You need more than a technology solution

The Dynamics of DLP

18

Where is your confidential data?

DISCOVER

How is it being used?

MONITOR

How best to prevent its loss?

PROTECT

The Future of DLP


Our Vision


Content

Access

Context

Identity



Information Protection: Beyond Preventing Data Loss



Data Loss Prevention

•Context-aware

•User risk analytics

• Information governance

•Access and entitlements management

•Continuous monitoring

• Identity & content-aware

•Cloud & mobile

•Ready for next-gen. datacenter

Same job

new IT landscape

New, bigger jobs


Data Loss Prevention Threat Coverage

21

USB/CD/DVD

Stored data

Email

Instant Message

FTP

SharePoint / Lotus Notes /

DMS

Databases

File Servers

Print/Fax

DLP Policy Monitoring & Prevention Discovery & Protection

Webmail

Web servers

Untrusted networks

Browser sessions

iPad / iPhone

The Future of DLP


Symantec Mobile + DLP Integration: Use-Cases


1. Control whether sensitive email attachments can be downloaded on trusted/untrusted email clients

2. Ensure sensitive documents can only be shared among trusted apps on device

3. Prevent sensitive documents from being shared in the cloud


1000

800

600

400

200

0

Continuous Risk Reduction

23

Competitive Trap

Risk Reduction Over Time

Inci

den

ts P

er W

eek

Visibility

Remediation

Notification

Prevention

The Future of DLP


Intelligent Data Security



Companies using security intelligence technologies were more efficient in detecting and

containing cyber attacks. As a result, these companies enjoyed an average cost savings of $4

million when compared to companies not deploying security intelligence technologies.

Ponemon Institute

Protecting the digital enterprise requires addressing a complex, evolving set of potentially unknown challenges and threats

Implications of Inaction

• Loss Unknown value of intellectual property to growth opportunities

• Increasing costs of compliance and regulatory fees

• Degradation of brand reputation

• Customer attrition due to lack of trust and satisfaction

• Damage to competitive positioning in the marketplace due to exposure

Security

Organization’s

Information

Protection

Strategy

Dig

ita

l C

om

pli

ca

tio

ns

Co

mb

attin

g

Un

kn

ow

n

Th

rea

ts

Protecting Intellectual

Property

Maintaining External

Compliance



Business and Technology Challenges Protecting the enterprise information requires addressing a complex, evolving set of business and technology challenges

26

Business

Challenges Technology Challenges

Maintain competitive position and brand

reputation to avoid potentially lost business

and/or customer attrition

Handle higher volumes of personally identifiable

customer information at the same risk level while

transforming business models

Protecting corporate restricted non-public

information as companies pursue M&A for global

expansion opportunities

Shift focus of dedicated resources towards

growth opportunities and away from maintenance

and systems upkeep

Awareness of cross-border exchanges of critical

Intellectual Property (e.g. source code, product

design) as operations scale globally

Adopting emerging technologies (i.e. Social,

Mobile, Analytics, Cloud) with confidence to

enhance enterprise productivity

Knowledge of inventory and utilization of the

company’s most valuable and sensitive

information

Automating responses to “zero-day” attacks by

aligning policies/processes with business

objectives

The Future of DLP


Accenture Intelligent Security Transformation: Business Benefits Drive The Choices

Business Value Driven Security: Better business results, reduced risk


Enable an organization to set a business value driven security

strategy to transform their approach to security to meet the needs

of the business

Value Proposition

Protect an organization’s core IT infrastructure through preventative,

due diligence activities that every organization needs to run a secure

infrastructure within their four walls

Maintain a proactive approach to preparing, detecting, and

responding to security threats. Multiply the effectiveness of the

security operations team with enabling technologies and process

capabilities.

Security Strategy,

Transformation

& Risk

Enterprise

Security

Cyber Security

Define how organizations address security outside of the firewall to

the extended IT environment

Extended

Enterprise

Security

Provides clients with a standard operating model and an

industrialized approach to manage and support security

infrastructure and processes.

Managed Security

Operations


Our vision of Data Security



Accenture-Symantec Joint Initiative Value Proposition


• Market leader in Security and Risk Consulting

• Transformational capability and delivery know-how

• Deep industry knowledge and insights

• Market leader in Security software with proven technologies

• Largest security research and development organization allows for comprehensive and “best of breed” product suite

+

Drives VALUE for Your Business

Integrated Solutions Integrated, end-to-end, security solutions addressing client’s

risk and compliance concerns

Accelerated Time to Value Ability to rapidly deploy security technologies and implement security processes through shared best practices, tools and methods

Reduced Delivery Risk Collaboration between market leaders resulting in deep

delivery, industry and subject-matter expertise

Proven Capability History of joint success, and joint investment in delivery

capability offer clients leading security solutions

Accenture and Symantec are collaborating in a Joint Initiative that highlights the strengths

of our two organizations, combining Accenture’s technology, business and industry

acumen, with Symantec’s information security and data center technologies


Accenture’s Vision for Data Loss Prevention

Successful DLP programs take an integrated approach to sensitive data policy, technology, operations, and governance


Desired Outcomes

• Effective operations

• Consistent processes

• Reduced risk of data loss

• Supports identification of larger

security breaches

• Improved awareness of

sensitive data

• Effective governance

• Adaptability to new scenarios

• Alignment to data strategy

Policy

Technology

Governance

Operations

Sensitive

Data

Increased

Business Value


The Accenture-Symantec Approach to DLP: Overview The Joint Initiative takes an industry-tested, three-phase approach to DLP which creates a

strategy-aligned solution, drives toward clear business value, and moves organizations along the DLP maturity curve


3. Operations and

Managed Services

2. Design and

Implementation 1. Strategy and Planning

Goals

Value

• Improve governance of an organization’s sensitive data

• Create a sensitive data strategy that is effective, business-aligned, realistic, and efficient

• Identify sensitive data repositories and classify existing sensitive data

• Aligns the sensitive data program to address critical business needs

• Establishes proper oversight to the DLP program and a clear plan for success

Goals

Value

• Architect a DLP solution that aligns with the sensitive data strategy

• Deploy DLP across the organization • Control sensitive data in accordance

with sensitive data policy

• Monitors, alerts, and prevents sensitive data policy violations

• Provides metrics and reports to improve sensitive data strategy, policies, and procedures

Goals

Value

• Establish operations to handle sensitive data incidents

• Expand operational service availability, responsiveness, effectiveness, and capability

• Reduces operation costs • Improves availability, reliability,

consistency, effectiveness, and quality


Case Study: Communications Service Provider

32 32

• Ineffective visualization techniques, inability to

show real-time security metrics to key

stakeholders

Reasons for Investment

• 40-50 siloed enterprise security tools (including

DLP, CCS, CSP, and PGP Encryption SYMN

products) requiring manual resources to create

reports to show the security posture in real-time

Client Problem

• Tool centralization increased operational efficiency by reducing time to

report

• Ability to update stakeholders on security in real-time

• Alignment of security and business

Client Outcomes

• Enhance stakeholder understanding of security posture by delivering real-time, centralized metrics

Client Requirement

Current Tool

Optimization*

Tool

Integration

Analytic

Engine

Enablement

Automated

Remediation

Potential

Information

Protection

Strategy

Baseline

Tool-Set

Enhanced

Information

Protection

Integrated

Enterprise Agile Enterprise

Intelligent

Security

Manual

Information

Protection

Stag

es

De

plo

yme

nt

Ph

ase

s

*CSS, CSP, DLP, PGP Encryption



Moving from data to intelligence to action : Our Approach


Intelligent Security Siloed Security Organization

Business-driven security accelerates an

enterprise towards realizing intelligent

security aspirations

Bu

sin

ess V

alu

e

Proactive Reactive

Se

rvic

es

• Data

classification

• Strategy and

roadmap

• Process

design

• Tool

Implement.

• Analytics

• Process

automation

• Active

defense

• Cyber

security

• Assessment

• Business

case with

quantified risk

• Tool

integration

• Reporting

Assessment

• Tool

assessment

• Tool

optimization

Information

Protection

Strategy

Baseline

Tool-Set

Enhanced

Information

Protection

Integrated

Enterprise

Agile

Enterprise

Intelligent

Security

Manual

Information

Protection

#SymVisionEmea

Roadmap



Product Roadmap Disclaimer

35

“Any forward-looking indication of plans for products is

preliminary and all future release dates are tentative and are

subject to change. Any future release of the product or planned

modifications to product capability, functionality, or feature are

subject to ongoing evaluation by Symantec, and may or may not be

implemented and should not be considered firm commitments by

Symantec and should not be relied upon in making purchasing

decisions.”

The Future of DLP


Roadmap: Focus in Key Areas

New Jobs

Customer Satisfaction

Platform Supportability

Efficiencies


DLP Roadmap

• Integrate DLP with Symantec offerings

• Support emerging trends

• Continuous focus on customer-requested enhancements

• Faster support of new platforms

• Prioritizing cloud, mobile, and SaaS

• Improved supportability

• Reduce platform footprint

• Improved detection performance

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

#SymVisionEmea


#symvisionemea - voxvox.veritas.com/legacyfs/online/veritasdata/...strategy-aligned solution, drives...

Documents