Post on 15-Jan-2016
Securing Corporate Email & Documents
Richard ElphickTitus Labs
Titus Labs OverviewEast Midlands WARP
Titus Labs OverviewTitus Labs OverviewHeadquartered in Ottawa, CanadaEstablished in the UK since 2005
Microsoft platform Solution Provider
• Email Classification• Document Classification • Sharepoint Solutions
Data Classification Market Leader
- Local Authorities, Criminal Justice, Central Government, Defence, Commercial
1.5 million+ seats world wide150,000+ seats in UK
3
Top Reasons for Protective Marking
• Awareness
• Accountability
• Compliance
• Efficiency
• Enforcement
• Automation
4
RESTRICTED
PROTECT
NOT PROTECTIVELY
MARKED
UK Government Compliance
HMG Security Policy Framework
Security Policy No. 2: Protective Marking and Asset Control
GCSX Code of Connection (CoCo) v4.1
Government Protective Marking Scheme (GPMS)
5WWW.TITUS-LABS.COM | © TITUS LABS. ALL RIGHTS RESERVED |
GCSX NETWORK CONTROL NUMBER 23 (MUST)
The mail client or user adds security labels to each email that carries a protective marking of PROTECT or higher
MANDATORY REQUIREMENT 11
Departments and Agencies must apply the Protective Marking System and the necessary controls and technical measures as outlined in this framework.
GPMS Classification Levels
Protective Marking Impact level
Top Secret 6
Secret 5
Confidential 4
Restricted 3
Protect 2, 1
Not Protectively Marked 0
6
Sensitive Data Breach:
• Fines
• Lawsuits
• Embarrassing headlines
• Loss of IP
• Possible risk to public safety
Communication and Security Communication and Security ChallengesChallenges
Information Security
High storage and eDiscovery costs with “archive everything”
Low adoption of security technologies e.g. Encryption Leveraging Data Loss Prevention and perimeter security
solutions
Inadvertent Data Loss
Unstructured information assets Sensitive emails forwarded to inappropriate recipients Confidential document leaks
Compliance with government classification schemes e.g. GPMS
Inconsistent enforcement of classification policies Lack of information handling awareness and
accountability
Policy Enforcement
8
WWW.TITUS-LABS.COM | © TITUS LABS. ALL RIGHTS RESERVED |
Start with Protective Markings
• Helps inform risk-management based decisions
• Promotes secure information sharing
• Forces users to stop and think about the value of dataRESTRICTED
PROTECT
NOT PROTECTIVELY MARKED
Message Message ClassificationClassification
Document Document ClassificationClassification
Titus Labs Protective Marking Solutions
10
SharePointSharePoint Server 2008 R2 FCIServer 2008 R2 FCI
Classification & policy enforcement at the desktop
Titus Labs Message Classification
Key Features Benefits
Classification Selector
Enforce classification at point of creation
Label Marker Raise security awareness through visual markings
Metadata Generator Enhance archiving, DLP, perimeter security solutions
Policy Verifier Educate users and stop email slips
Security Enabler Transparently encrypt and protect emails
11
Classification and policy enforcement at the desktop for emails, meeting requests, and tasks
Classification Selector – Simple for Users
12
Compose email
Click SendClassification pop-up
Guided classification
Help Tooltips in Select Dialog
Customizable Online Help
14
Customizable help
page ... ...reinforces
classification training
Visual Labels for Awareness
15
Header
FooterDisclaimer
Subject Marking
Titus Labs Task Pane & Ribbon
(Office 2007)
Reduce Inadvertent Disclosure
16
Policy Verifier:Before Send Trusted Domains Safe Recipients Content Validation No Change/Downgrade Maximum Recipients Warn on Send
All messages are customizable
Message Classification Web Access
Key Features Benefits
Classification Selector
Enforce classification at point of creation
Label Marker Raise security awareness through visual markings
Metadata Generator Interoperate with TMC for Outlook, and enhance archiving, DLP, perimeter security solutions
Policy Verifier Educate users and stop email slips
OWA Prevent Prevent viewing of confidential information when using OWA
17
Classification and policy enforcement for OWA emails, meeting requests, and tasks
TMC & TDC 3.3 Platform Support
Microsoft Office2003, 2007, 2010
Microsoft WindowsXP, Vista, 7
Microsoft Exchange2003, 2007, 2010
Key Takeaways
19
Useable High user acceptance/adoption with minimal disruption
Deployable Deploys fast and easily; SMS and Group Policy
1 MB footprint per application
Affordable Low cost per user; leverages existing infrastructure
High Impact Immediate compliance and information protection
Conference Round-up
John DoyleLeicester City Council,EMGWARP Vice Chair
EMGWARP Conference
Thank you