SlideShare a Scribd company logo

Top learnings from evaluating and implementing a DLP Solution

Priyanka Aash
Priyanka Aash

Presented by Vipin Kumar, Group CIO, Escorts Ltd, at CISO Platform Annual Summit, 2013.

EducationTechnologyBusiness
1 of 13
Escorts IT – DLP Project Review Executive Summary
Escorts – Brief Background  More than 65 years old premier engineering company of India.  Escorts has four major divisions & Corporate Office • Escorts Agri Machinery . • Escorts Construction Equipment. • Escorts Railway Product. • Escorts Automotive Product.  Major products • Tractors , Implements, Gensets, • Crains, Compactors, Backhoe loaders, • Shockers, Brakes, Auto Components , • Components for Railways like couplers, shockersss etc.  Combined turnover of around Rs.5000 crores.
Data Loss Prevention Three Key Organization Challenges  Where is my confidential data stored? • Data at Rest  Where is my confidential data going? • Data in Motion  How do I fix my data loss problems? • Data Policy Enforcement
DLP- Key Expectations  To address the challenges of securing data in use, data in motion and data at rest.  To protect proprietary and sensitive information against security threats caused by enhanced employee mobility and new communication channels.  To proactively prevent the misuse of data at endpoints (Laptops/Desktops) for unauthorized circulation, both on and off the Escorts network.  E-Mail access control from devices (without DLP Endpoint) outside of the Escorts Network.  Protect data at Email gateway in the cloud.
Data Loss Prevention - a Priority  Compliance  Secured working environment  IPR & Critical information protection  Brand and Reputation Protection  Remediation Cost
Evaluation Process Salient Features  Involved industry leading DLP vendors  15 days of POC at our site for each solution  Evaluation of DLP against defined requirements  Integration feasibility with IRM  Successful Case studies  Strong Product Roadmap  Cost
DLP- SCOPE  Propose to cover the entire user base across all divisions of Escorts including  All end points desktops & laptops  Servers  Gateways  Email solution on the cloud  Integration with Active Directory
Key Implementation Highlights  Presented the project objectives to GMC (Group Management Committee) consisting of CEO’s, CFO’s, Material Heads, R&D heads of all divisions and chaired by Managing Director.  Phased the implementation track wise , across divisions, covering the most critical departments like R&D and Materials first.  Created core user groups, across divisions, for each vertical such that all interrelated core users were part of one track. Eg Procurement and R&D core users were part of one track.  Established a project governance structure to monitor the project progress.
Key Implementation Highlights  Extensive trainings to core users to equip them to rightly classify the data getting generated in their respective departments.  Training to end users on the project objectives, data classification and its impact on their working.  Managing the fears, assumptions of users.  Involved the internal auditors in the project from the very beginning.
Data Classification  Data Classification is the heart of the DLP project.  What is Data Classification ? • It is a scheme by which the organization assigns a level of sensitivity and an owner to each piece of information that it generates , owns and maintains e.g. – Confidential, Internal, Public  Not all information requires same protection  Classification helps in establishing the value of information  Also helps in determining the level of protection required and in selection of appropriate controls
Data Classification  Information Owner: • Individual that has responsibility for making classification and access control decisions for information  Information Custodian: • Individual, organizational unit, or entity acting as caretaker of information on behalf of its owner  Information Security Officer (ISO): • A designated officer responsible for information security management
Key Learning  Never try to implement DLP as a IT project. It will fail miserably. Let Business spearhead the project and do most of the talking.  Availability of dedicated core team.  Involve all stakeholders from end users to senior leadership at every stage of the project.  Handle change management issues of people and processes very intelligently involving stakeholders and dispel all wrong notions and fears of business community.  Set the right expectations among business teams.
Top learnings from evaluating and implementing a DLP Solution

Recommended

The Changing Role of IT Staff
The Changing Role of IT StaffThe Changing Role of IT Staff
The Changing Role of IT Staff
BVU
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit Budget
BVU
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job Description
Danai Thongsin
 
Presentation1HTGUK
Presentation1HTGUKPresentation1HTGUK
Presentation1HTGUK
Howell Technology Group
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentation
Vincent Kwon
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Vincent Kwon
 
Services, Compliance and Innovation
Services, Compliance and InnovationServices, Compliance and Innovation
Services, Compliance and Innovation
Jose Ivan Delgado, Ph.D.
 
Omzig
OmzigOmzig
Omzig
Francisco Diaz III
 

Recommended

The Changing Role of IT Staff
The Changing Role of IT StaffThe Changing Role of IT Staff
The Changing Role of IT Staff
BVU
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit Budget
BVU
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job Description
Danai Thongsin
 
Presentation1HTGUK
Presentation1HTGUKPresentation1HTGUK
Presentation1HTGUK
Howell Technology Group
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentation
Vincent Kwon
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Vincent Kwon
 
Services, Compliance and Innovation
Services, Compliance and InnovationServices, Compliance and Innovation
Services, Compliance and Innovation
Jose Ivan Delgado, Ph.D.
 
Omzig
OmzigOmzig
Omzig
Francisco Diaz III
 
Matrix Vision Deck
Matrix Vision DeckMatrix Vision Deck
Matrix Vision Deck
Abu Turay
 
Bab 6 (understanding it infrastructure)
Bab 6 (understanding it infrastructure)Bab 6 (understanding it infrastructure)
Bab 6 (understanding it infrastructure)
Siti Mustiani
 
Panel Discussion: Why IT Service and IT Asset Management are Better Together
Panel Discussion: Why IT Service and IT Asset Management are Better TogetherPanel Discussion: Why IT Service and IT Asset Management are Better Together
Panel Discussion: Why IT Service and IT Asset Management are Better Together
Ivanti
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
Brenda Majewski
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Danny Miller
 
Resume-Mandar
Resume-MandarResume-Mandar
Resume-Mandar
Mandar Vaidya
 
AlterTech Company Profile
AlterTech Company ProfileAlterTech Company Profile
AlterTech Company Profile
Faisal Ahmed
 
Benefits of insourcing it services
Benefits of insourcing it servicesBenefits of insourcing it services
Benefits of insourcing it services
masonlord
 
ISEDMAM - star schema
ISEDMAM - star schemaISEDMAM - star schema
ISEDMAM - star schema
Axel Vanhooren
 
On demand cloud
On demand cloudOn demand cloud
On demand cloud
Ninefold
 
Infrastructure management
Infrastructure managementInfrastructure management
Infrastructure management
IT-BY-DESIGN
 
V3 Service Operation - ITSM Academy Webinar
V3 Service Operation - ITSM Academy WebinarV3 Service Operation - ITSM Academy Webinar
V3 Service Operation - ITSM Academy Webinar
ITSM Academy, Inc.
 
Leveraging Hospital Network Analytics
Leveraging Hospital Network AnalyticsLeveraging Hospital Network Analytics
Leveraging Hospital Network Analytics
Extreme Networks
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized Desktops
Ivanti
 
THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...
THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...
THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...
nwilson76
 
LuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxLuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptx
Timothy Krupinski
 
Intel it
Intel itIntel it
Intel it
Skynat
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architecture
UNSW Canberra
 
How to Better Manage Your IT Infrastructure
How to Better Manage Your IT InfrastructureHow to Better Manage Your IT Infrastructure
How to Better Manage Your IT Infrastructure
Edarat Group
 
Ditch the Surplus Software and Hardware Spend that's Weighing you Down
Ditch the Surplus Software and Hardware Spend that's Weighing you DownDitch the Surplus Software and Hardware Spend that's Weighing you Down
Ditch the Surplus Software and Hardware Spend that's Weighing you Down
Ivanti
 
Key learnings including SWOT analysis and draft plans for the next action res...
Key learnings including SWOT analysis and draft plans for the next action res...Key learnings including SWOT analysis and draft plans for the next action res...
Key learnings including SWOT analysis and draft plans for the next action res...
Sri Lmb
 
Thai rice project philippines
Thai rice project philippinesThai rice project philippines
Thai rice project philippines
Star Star's
 

More Related Content

What's hot

Matrix Vision Deck
Matrix Vision DeckMatrix Vision Deck
Matrix Vision Deck
Abu Turay
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
Brenda Majewski
 
AlterTech Company Profile
AlterTech Company ProfileAlterTech Company Profile
AlterTech Company Profile
Faisal Ahmed
 
Benefits of insourcing it services
Benefits of insourcing it servicesBenefits of insourcing it services
Benefits of insourcing it services
masonlord
 
Infrastructure management
Infrastructure managementInfrastructure management
Infrastructure management
IT-BY-DESIGN
 
LuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxLuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptx
Timothy Krupinski
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architecture
UNSW Canberra
 

What's hot (20)

Matrix Vision Deck
Matrix Vision DeckMatrix Vision Deck
Matrix Vision Deck
 
Bab 6 (understanding it infrastructure)
Bab 6 (understanding it infrastructure)Bab 6 (understanding it infrastructure)
Bab 6 (understanding it infrastructure)
 
Panel Discussion: Why IT Service and IT Asset Management are Better Together
Panel Discussion: Why IT Service and IT Asset Management are Better TogetherPanel Discussion: Why IT Service and IT Asset Management are Better Together
Panel Discussion: Why IT Service and IT Asset Management are Better Together
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
Resume-Mandar
Resume-MandarResume-Mandar
Resume-Mandar
 
AlterTech Company Profile
AlterTech Company ProfileAlterTech Company Profile
AlterTech Company Profile
 
Benefits of insourcing it services
Benefits of insourcing it servicesBenefits of insourcing it services
Benefits of insourcing it services
 
ISEDMAM - star schema
ISEDMAM - star schemaISEDMAM - star schema
ISEDMAM - star schema
 
On demand cloud
On demand cloudOn demand cloud
On demand cloud
 
Infrastructure management
Infrastructure managementInfrastructure management
Infrastructure management
 
V3 Service Operation - ITSM Academy Webinar
V3 Service Operation - ITSM Academy WebinarV3 Service Operation - ITSM Academy Webinar
V3 Service Operation - ITSM Academy Webinar
 
Leveraging Hospital Network Analytics
Leveraging Hospital Network AnalyticsLeveraging Hospital Network Analytics
Leveraging Hospital Network Analytics
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized Desktops
 
THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...
THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...
THE IMPACT OF INFORMATION TECHNOLOGY BEST PRACTICES ON PROJECT SUCCESS RATES ...
 
LuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxLuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptx
 
Intel it
Intel itIntel it
Intel it
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architecture
 
How to Better Manage Your IT Infrastructure
How to Better Manage Your IT InfrastructureHow to Better Manage Your IT Infrastructure
How to Better Manage Your IT Infrastructure
 
Ditch the Surplus Software and Hardware Spend that's Weighing you Down
Ditch the Surplus Software and Hardware Spend that's Weighing you DownDitch the Surplus Software and Hardware Spend that's Weighing you Down
Ditch the Surplus Software and Hardware Spend that's Weighing you Down
 

Viewers also liked

Thai rice project philippines
Thai rice project philippinesThai rice project philippines
Thai rice project philippines
Star Star's
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 

Viewers also liked (12)

Key learnings including SWOT analysis and draft plans for the next action res...
Key learnings including SWOT analysis and draft plans for the next action res...Key learnings including SWOT analysis and draft plans for the next action res...
Key learnings including SWOT analysis and draft plans for the next action res...
 
Thai rice project philippines
Thai rice project philippinesThai rice project philippines
Thai rice project philippines
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Developing Big Data Strategy
Developing Big Data StrategyDeveloping Big Data Strategy
Developing Big Data Strategy
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Big Data in Retail - Examples in Action
Big Data in Retail - Examples in ActionBig Data in Retail - Examples in Action
Big Data in Retail - Examples in Action
 
Big Data Analytics in Energy & Utilities
Big Data Analytics in Energy & UtilitiesBig Data Analytics in Energy & Utilities
Big Data Analytics in Energy & Utilities
 

Similar to Top learnings from evaluating and implementing a DLP Solution

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
Moving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingMoving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial Manufacturing
Zero Wait-State
 
Thomas R Graham bio
Thomas R Graham bioThomas R Graham bio
Thomas R Graham bio
Tom Graham
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Stratio
 
Pega_Profile_Having 5 years Expirence_Updated
Pega_Profile_Having 5 years Expirence_UpdatedPega_Profile_Having 5 years Expirence_Updated
Pega_Profile_Having 5 years Expirence_Updated
Srikrisna Chaitna
 
Saurav Resume_V1.2
Saurav Resume_V1.2Saurav Resume_V1.2
Saurav Resume_V1.2
Kumar Saurav
 
Resume _571966_Hrushikesh Deshpande
Resume _571966_Hrushikesh DeshpandeResume _571966_Hrushikesh Deshpande
Resume _571966_Hrushikesh Deshpande
hrushikesh deshpande
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
Hao Tran
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
Inside Analysis
 

Similar to Top learnings from evaluating and implementing a DLP Solution (20)

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Moving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingMoving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial Manufacturing
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
Valuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureValuing Information Management and IT Architecture
Valuing Information Management and IT Architecture
 
Thomas R Graham bio
Thomas R Graham bioThomas R Graham bio
Thomas R Graham bio
 
Information resources, mis, csvtu
Information resources, mis, csvtuInformation resources, mis, csvtu
Information resources, mis, csvtu
 
Info-Tech Research Group & Boardroom Events Value Prop Presentation
Info-Tech Research Group & Boardroom Events Value Prop PresentationInfo-Tech Research Group & Boardroom Events Value Prop Presentation
Info-Tech Research Group & Boardroom Events Value Prop Presentation
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
 
Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction
 
Pega_Profile_Having 5 years Expirence_Updated
Pega_Profile_Having 5 years Expirence_UpdatedPega_Profile_Having 5 years Expirence_Updated
Pega_Profile_Having 5 years Expirence_Updated
 
Ahmed_Khiry_CV
Ahmed_Khiry_CVAhmed_Khiry_CV
Ahmed_Khiry_CV
 
Saurav Resume_V1.2
Saurav Resume_V1.2Saurav Resume_V1.2
Saurav Resume_V1.2
 
Resume _571966_Hrushikesh Deshpande
Resume _571966_Hrushikesh DeshpandeResume _571966_Hrushikesh Deshpande
Resume _571966_Hrushikesh Deshpande
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Pega profile having 5 years expirence_updated
Pega profile having 5 years expirence_updatedPega profile having 5 years expirence_updated
Pega profile having 5 years expirence_updated
 
Pega profile having 5 years expirence_updated
Pega profile having 5 years expirence_updatedPega profile having 5 years expirence_updated
Pega profile having 5 years expirence_updated
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
 
Director of it operations job description revised
Director of it operations job description revisedDirector of it operations job description revised
Director of it operations job description revised
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 

More from Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
fonyou31
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

Top learnings from evaluating and implementing a DLP Solution

  • 1. Escorts IT – DLP Project Review Executive Summary
  • 2. Escorts – Brief Background  More than 65 years old premier engineering company of India.  Escorts has four major divisions & Corporate Office • Escorts Agri Machinery . • Escorts Construction Equipment. • Escorts Railway Product. • Escorts Automotive Product.  Major products • Tractors , Implements, Gensets, • Crains, Compactors, Backhoe loaders, • Shockers, Brakes, Auto Components , • Components for Railways like couplers, shockersss etc.  Combined turnover of around Rs.5000 crores.
  • 3. Data Loss Prevention Three Key Organization Challenges  Where is my confidential data stored? • Data at Rest  Where is my confidential data going? • Data in Motion  How do I fix my data loss problems? • Data Policy Enforcement
  • 4. DLP- Key Expectations  To address the challenges of securing data in use, data in motion and data at rest.  To protect proprietary and sensitive information against security threats caused by enhanced employee mobility and new communication channels.  To proactively prevent the misuse of data at endpoints (Laptops/Desktops) for unauthorized circulation, both on and off the Escorts network.  E-Mail access control from devices (without DLP Endpoint) outside of the Escorts Network.  Protect data at Email gateway in the cloud.
  • 5. Data Loss Prevention - a Priority  Compliance  Secured working environment  IPR & Critical information protection  Brand and Reputation Protection  Remediation Cost
  • 6. Evaluation Process Salient Features  Involved industry leading DLP vendors  15 days of POC at our site for each solution  Evaluation of DLP against defined requirements  Integration feasibility with IRM  Successful Case studies  Strong Product Roadmap  Cost
  • 7. DLP- SCOPE  Propose to cover the entire user base across all divisions of Escorts including  All end points desktops & laptops  Servers  Gateways  Email solution on the cloud  Integration with Active Directory
  • 8. Key Implementation Highlights  Presented the project objectives to GMC (Group Management Committee) consisting of CEO’s, CFO’s, Material Heads, R&D heads of all divisions and chaired by Managing Director.  Phased the implementation track wise , across divisions, covering the most critical departments like R&D and Materials first.  Created core user groups, across divisions, for each vertical such that all interrelated core users were part of one track. Eg Procurement and R&D core users were part of one track.  Established a project governance structure to monitor the project progress.
  • 9. Key Implementation Highlights  Extensive trainings to core users to equip them to rightly classify the data getting generated in their respective departments.  Training to end users on the project objectives, data classification and its impact on their working.  Managing the fears, assumptions of users.  Involved the internal auditors in the project from the very beginning.
  • 10. Data Classification  Data Classification is the heart of the DLP project.  What is Data Classification ? • It is a scheme by which the organization assigns a level of sensitivity and an owner to each piece of information that it generates , owns and maintains e.g. – Confidential, Internal, Public  Not all information requires same protection  Classification helps in establishing the value of information  Also helps in determining the level of protection required and in selection of appropriate controls
  • 11. Data Classification  Information Owner: • Individual that has responsibility for making classification and access control decisions for information  Information Custodian: • Individual, organizational unit, or entity acting as caretaker of information on behalf of its owner  Information Security Officer (ISO): • A designated officer responsible for information security management
  • 12. Key Learning  Never try to implement DLP as a IT project. It will fail miserably. Let Business spearhead the project and do most of the talking.  Availability of dedicated core team.  Involve all stakeholders from end users to senior leadership at every stage of the project.  Handle change management issues of people and processes very intelligently involving stakeholders and dispel all wrong notions and fears of business community.  Set the right expectations among business teams.