A look at dy­namic data pro­tec­tion

The Mercury - - OPINION & ANALYSIS -

de­tails from that talk in my thoughts be­low.

When we looked at the in­ter­nal pro­grammes we were run­ning, we saw a syn­ergy be­tween Dy­namic Data Pro­tec­tion and our ex­ist­ing pri­vacy ini­tia­tives. To suc­cess­fully roll out this type of pro­gramme, we had to look beyond just the tech­nol­ogy – in fact, we had to look beyond IT. Our first step was to es­tab­lish our pri­vacy pol­icy with the help of our col­leagues in Hu­man Re­sources and Le­gal.

The part­ner­ship be­tween CIO, Ciso, Gen­eral Coun­sel and chief hu­man re­sources of­fi­cer is para­mount and be­came the foun­da­tion for this pro­gramme. Once we had or­gan­i­sa­tional buy-in, we made sure to openly com­mu­ni­cate the changes to our user would help in­form de­ci­sion mak­ing.

For ex­am­ple, for our re­mov­able me­dia pol­icy, we can lever­age risk-adap­tive ac­tion plans based on the user risk score, with en­force­ment op­tions rang­ing from Au­dit, to Au­dit/En­crypt to En­crypt/No­tify to Block.

At this point we will have es­tab­lished our pro­gramme and start to cre­ate poli­cies we want to en­force. The next step is to es­tab­lish the base­line – to en­sure that the sys­tem best un­der­stands the users’ “nor­mal” be­hav­iour, so it can ap­pro­pri­ately iden­tify the anom­alies. To do this, we are run­ning the sys­tem in au­dit mode, al­low­ing the an­a­lyt­ics en­gine to learn for 30 days to en­sure we min­imise false pos­i­tives and that ap­pro­pri­ate cal­i­bra­tion is per­formed.

Then we will in­crease the no­ti­fi­ca­tion for when any of these new risk poli­cies get in­voked. We want to do a deeper in­spec­tion to ver­ify the trig­gers were be­hav­ing the way we in­tended. We know we will need to end up tweak­ing a few of the thresh­olds to get the re­sults we are ex­pect­ing. In some cases, this will in­volve in­creas­ing or de­creas­ing the strict­ness of en­force­ment.

Of­ten, the role of the se­cu­rity team deal­ing with alerts is to find the nee­dle in the haystack. What we learnt is that there are two ways to achieve this goal. The first is to build a bet­ter nee­dle-find­ing al­go­rithm, while the sec­ond is to just get rid of the hay. Af­ter im­ple­ment­ing Dy­namic Data Pro­tec­tion, we can do both.

The ag­gre­gate num­ber of alerts that hit my an­a­lysts have gone down, be­cause of the flex­i­bil­ity af­forded with the au­to­mated pol­icy en­force­ment.

My user com­mu­nity is now more pro­duc­tive, be­cause I’ve re­laxed some of the more rigid data loss preven­tion poli­cies that were im­pact­ing the ease of do­ing busi­ness. We’re still pretty early on in our de­ploy­ment, but in­di­ca­tors show that we’re scratch­ing the sur­face of un­lock­ing the po­ten­tial of this ca­pa­bil­ity.

Our plan is to stay in lock-step with our HR and le­gal teams and roll out Dy­namic Data Pro­tec­tion on a coun­try-by-coun­try ba­sis fol­low­ing the pri­vacy re­stric­tions im­posed by each of the coun­tries in which we do busi­ness. Our goal with this pro­gramme is to re­move the se­cu­rity fric­tion with­out los­ing se­cu­rity con­trol, to stop the bad and free the good.

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.