Consultor
Páginas: 9 (2004 palabras)
Publicado: 26 de enero de 2013
Microsoft IT Strengthens Security with Data Loss Prevention
Published: November 2009; Updated March 2011
With information residing in a multitude of places, enterprises face growing risks of inadvertent or malicious leaks. The integration of Active Directory Rights Management Services into RSA Data Loss Prevention products provides a very effective solution for Microsoft IT to locate andprotect sensitive data.
Introduction
Over the years, the Microsoft IT Security team has implemented various technologies to safeguard data stored in hundreds of thousands of personal computers, servers, files shares, Storage Area Networks (SANs), and Microsoft® Office SharePoint® Server sites. This article discusses how the Security team moved from a solution that used the Active Directory®service with early versions of RSA® Data Loss Prevention (DLP) products to a solution
that takes advantage of the integration of Active Directory Rights Management Services
(AD RMS) into RSA DLP Datacenter. The original solution required IT staff to create and maintain custom classification systems, and then manually notify content owners to update their file-access and classification rules.With the current solution, Microsoft IT can automatically apply targeted and persistent protection according to industry best practices. This improves regulatory compliance as well as freeing up IT time and lowering the risk of a security breach.
Situation
The Microsoft IT Security team is part of the greater Information Security organization at Microsoft Corporation. This group is responsiblefor testing and deploying security solutions to protect data throughout the company. This data includes sensitive and regulated information such as financial, personnel, and marketing information, and is stored on and transferred between a variety of locations including personal computers, cell phones, portable-storage devices, servers, file shares, SANs, and Microsoft Office SharePoint Serversites.
The Data-Protection Challenge
Loss of sensitive data is an operational risk for Microsoft. Today, information resides in more places than ever before, including mobile and personal-storage devices. With employees, partners, customers, and vendors working from home, the office, and the field, enterprises face growing risks of inadvertent or malicious data leaks. For example, an employeemight send sensitive information as an attachment to an e-mail message or transmit sensitive information outside the firewall via File Transfer Protocol, possibly allowing the information to be intercepted or to fall into the wrong hands. Furthermore, simply transmitting sensitive data outside the organization can breach regulatory compliance guidelines.
Due to a range of legislative,corporate, and industry regulations that govern the protection of sensitive data, the classification of that data can be a complex process. When defining sensitive data classifications and policies, Microsoft takes these regulations, internal corporate policies, and legal requirements into account. Once the policies and data classifications have been defined, the data must be physically located, placedinto the proper classification levels (low, medium, or high business impact), and have the appropriate security settings applied to the data.
For example, data classified as Low Business Impact (LBI) may only require limiting user access permissions, while High Business Impact (HBI) data frequently requires encryption in order to meet regulatory standards. One challenge facing securitydepartments is how to apply encryption efficiently to selected content, taking into consideration how the data will be accessed and by whom. Applying encryption too broadly can be prohibitively expensive in terms of dollars, IT time, and lost productivity due to access issues as well as identity and key management requirements.
The Original Solution
For the original solution, the Security team...
Published: November 2009; Updated March 2011
With information residing in a multitude of places, enterprises face growing risks of inadvertent or malicious leaks. The integration of Active Directory Rights Management Services into RSA Data Loss Prevention products provides a very effective solution for Microsoft IT to locate andprotect sensitive data.
Introduction
Over the years, the Microsoft IT Security team has implemented various technologies to safeguard data stored in hundreds of thousands of personal computers, servers, files shares, Storage Area Networks (SANs), and Microsoft® Office SharePoint® Server sites. This article discusses how the Security team moved from a solution that used the Active Directory®service with early versions of RSA® Data Loss Prevention (DLP) products to a solution
that takes advantage of the integration of Active Directory Rights Management Services
(AD RMS) into RSA DLP Datacenter. The original solution required IT staff to create and maintain custom classification systems, and then manually notify content owners to update their file-access and classification rules.With the current solution, Microsoft IT can automatically apply targeted and persistent protection according to industry best practices. This improves regulatory compliance as well as freeing up IT time and lowering the risk of a security breach.
Situation
The Microsoft IT Security team is part of the greater Information Security organization at Microsoft Corporation. This group is responsiblefor testing and deploying security solutions to protect data throughout the company. This data includes sensitive and regulated information such as financial, personnel, and marketing information, and is stored on and transferred between a variety of locations including personal computers, cell phones, portable-storage devices, servers, file shares, SANs, and Microsoft Office SharePoint Serversites.
The Data-Protection Challenge
Loss of sensitive data is an operational risk for Microsoft. Today, information resides in more places than ever before, including mobile and personal-storage devices. With employees, partners, customers, and vendors working from home, the office, and the field, enterprises face growing risks of inadvertent or malicious data leaks. For example, an employeemight send sensitive information as an attachment to an e-mail message or transmit sensitive information outside the firewall via File Transfer Protocol, possibly allowing the information to be intercepted or to fall into the wrong hands. Furthermore, simply transmitting sensitive data outside the organization can breach regulatory compliance guidelines.
Due to a range of legislative,corporate, and industry regulations that govern the protection of sensitive data, the classification of that data can be a complex process. When defining sensitive data classifications and policies, Microsoft takes these regulations, internal corporate policies, and legal requirements into account. Once the policies and data classifications have been defined, the data must be physically located, placedinto the proper classification levels (low, medium, or high business impact), and have the appropriate security settings applied to the data.
For example, data classified as Low Business Impact (LBI) may only require limiting user access permissions, while High Business Impact (HBI) data frequently requires encryption in order to meet regulatory standards. One challenge facing securitydepartments is how to apply encryption efficiently to selected content, taking into consideration how the data will be accessed and by whom. Applying encryption too broadly can be prohibitively expensive in terms of dollars, IT time, and lost productivity due to access issues as well as identity and key management requirements.
The Original Solution
For the original solution, the Security team...
Leer documento completo
Regístrate para leer el documento completo.