Securing Corporate Email & Documents

Richard ElphickTitus Labs

Titus Labs OverviewEast Midlands WARP

Titus Labs OverviewTitus Labs OverviewHeadquartered in Ottawa, CanadaEstablished in the UK since 2005

Microsoft platform Solution Provider

• Email Classification• Document Classification • Sharepoint Solutions

Data Classification Market Leader

- Local Authorities, Criminal Justice, Central Government, Defence, Commercial

1.5 million+ seats world wide150,000+ seats in UK

3

Top Reasons for Protective Marking

• Awareness

• Accountability

• Compliance

• Efficiency

• Enforcement

• Automation

4

RESTRICTED

PROTECT

NOT PROTECTIVELY

MARKED

UK Government Compliance

HMG Security Policy Framework

Security Policy No. 2: Protective Marking and Asset Control

GCSX Code of Connection (CoCo) v4.1

Government Protective Marking Scheme (GPMS)

5WWW.TITUS-LABS.COM | © TITUS LABS. ALL RIGHTS RESERVED |

GCSX NETWORK CONTROL NUMBER 23 (MUST)

The mail client or user adds security labels to each email that carries a protective marking of PROTECT or higher

MANDATORY REQUIREMENT 11

Departments and Agencies must apply the Protective Marking System and the necessary controls and technical measures as outlined in this framework.

GPMS Classification Levels

Protective Marking Impact level

Top Secret 6

Secret 5

Confidential 4

Restricted 3

Protect 2, 1

Not Protectively Marked 0

6

Sensitive Data Breach:

• Fines

• Lawsuits

• Embarrassing headlines

• Loss of IP

• Possible risk to public safety

Communication and Security Communication and Security ChallengesChallenges

Information Security

High storage and eDiscovery costs with “archive everything”

Low adoption of security technologies e.g. Encryption Leveraging Data Loss Prevention and perimeter security

solutions

Inadvertent Data Loss

Unstructured information assets Sensitive emails forwarded to inappropriate recipients Confidential document leaks

Compliance with government classification schemes e.g. GPMS

Inconsistent enforcement of classification policies Lack of information handling awareness and

accountability

Policy Enforcement

8

WWW.TITUS-LABS.COM | © TITUS LABS. ALL RIGHTS RESERVED |

Start with Protective Markings

• Helps inform risk-management based decisions

• Promotes secure information sharing

• Forces users to stop and think about the value of dataRESTRICTED

PROTECT

NOT PROTECTIVELY MARKED

Message Message ClassificationClassification

Document Document ClassificationClassification

Titus Labs Protective Marking Solutions

10

SharePointSharePoint Server 2008 R2 FCIServer 2008 R2 FCI

Classification & policy enforcement at the desktop

Titus Labs Message Classification

Key Features Benefits

Classification Selector

Enforce classification at point of creation

Label Marker Raise security awareness through visual markings

Metadata Generator Enhance archiving, DLP, perimeter security solutions

Policy Verifier Educate users and stop email slips

Security Enabler Transparently encrypt and protect emails

11

Classification and policy enforcement at the desktop for emails, meeting requests, and tasks

Classification Selector – Simple for Users

12

Compose email

Click SendClassification pop-up

Guided classification

Help Tooltips in Select Dialog

Customizable Online Help

14

Customizable help

page ... ...reinforces

classification training

Visual Labels for Awareness

15

Header

FooterDisclaimer

Subject Marking

Titus Labs Task Pane & Ribbon

(Office 2007)

Reduce Inadvertent Disclosure

16

Policy Verifier:Before Send Trusted Domains Safe Recipients Content Validation No Change/Downgrade Maximum Recipients Warn on Send

All messages are customizable

Message Classification Web Access

Key Features Benefits

Classification Selector

Enforce classification at point of creation

Label Marker Raise security awareness through visual markings

Metadata Generator Interoperate with TMC for Outlook, and enhance archiving, DLP, perimeter security solutions

Policy Verifier Educate users and stop email slips

OWA Prevent Prevent viewing of confidential information when using OWA

17

Classification and policy enforcement for OWA emails, meeting requests, and tasks

TMC & TDC 3.3 Platform Support

Microsoft Office2003, 2007, 2010

Microsoft WindowsXP, Vista, 7

Microsoft Exchange2003, 2007, 2010

Key Takeaways

19

Useable High user acceptance/adoption with minimal disruption

Deployable Deploys fast and easily; SMS and Group Policy

1 MB footprint per application

Affordable Low cost per user; leverages existing infrastructure

High Impact Immediate compliance and information protection

Conference Round-up

John DoyleLeicester City Council,EMGWARP Vice Chair

EMGWARP Conference

Thank you