Strategies for policy driven information classification

Strategies for policy-driven information classification

www.watchfulsoftware.com May, 18th 2016

Monday, May 1, 2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2

Agenda

1 Introductions & “House Rules”

2 Business Context & Challenges

3 Policy-driven Classification

4 Data Classification Methods

5 Types of Policy-driven Rules

6 Content, Context and Metadata aware Policy-driven Rules

7 Role-based Policy-driven Rules

8 Use Cases on Policy-driven Rules

9 Q&A and Wrap-up


Introductions

Cátia Franco House RulesYou are muted centrally. You don’t need to mute/unmute yourself

This webinar is being recorded. You’ll have access to it On-demand at www.watchfulsoftware.com/en/resources

The Q&A session will be at the end. You are welcomed to enter questions anytime, using the Questions feature in the GoToWebinar control panel

Cátia serves as Product Marketing Manager for Watchful Software, and is responsible for product strategy, positioning and messaging.

http://www.watchfulsoftware.com/en/resources


1 Organizations of all sizes are challenged to protect a growing quantity of valuable information

2 Inexistent Information Classification Policy (ICP)

3 Growing list of legislative and regulatory requirements

4 Intricate and unclear data classification strategies, or even inexistent

Business Context & Challenges


Policy-driven Classification

data is truly sensitive?

should have access to it?

is the data to be handled?

should the classification change?

What

Who

How

When

should the data be protected?

Where


Data Classification Methods

User-drivenThe user is able to make data classification decisions or override automatic classification if corporate policy allows it.

Policy-drivenRightsWATCH’s corporate policy enforcement engine is able to classify legacy files, current files and e-mails automatically.


1 Default classifications of e-mails and files

2 Suggested classification of e-mails and files

3 Enforced classification of e-mails and files

4 Presenting disclaimers that need to be signed, for the user to acknowledge the policy being applied

5 Warnings that are presented to users

6 Blocking users from performing actions (ex: sending an email, saving a file)

Types of Policy-driven Rules


Content Keywords, phrases, regular expressions (PII, PHI, PCI,…), data formats, partial document matching, …

Context Location (ex: file path), e-mail headers (ex: sender, recipients, e-mail domain addresses, …)

MetadataCurrent classification and file properties (ex: size, type, date, status, category, author, manager, hostname, owner, user, …)

Content, Context and Metadata aware Policy-driven Rules


Intelligent Time Access (ITA) for automatic filere-classification

Data Classification & Re-classification


Warning RuleTrigger a “warning” to the user performing an action

Blocking RuleTrigger a “blocking” action and prevent the user from doing what he/she was hoping to accomplish

Warn / Block Rules


Legacy Data ClassificationRightsWATCH Global Protector ClientThe user right clicks the file/folder and selects the classification to be applied to the file(s). Corporately defined policy rules can overwrite user decisions and choicesRightsWATCH Global Protector ServerAutomatic classification of files. Corporately defined policy rules are applied on every file type the Global Protector finds in the process of scanning corporate repositoriesRightsWATCH Global Protector WebSoftware component installed on an IIS web server. MS Office files are classified when exported/downloaded from the web server, being the process completely “transparent” to the end user.


Role-based policy rules allows a corporation to “escape” the limitations of a “one-type-fits-all” approach

Set up different policy rules to be applied only to designated users or groups of users

Role-based policy rules are dynamic

Role-based Policy-driven Rules


Policy-driven Rules in RightsWATCH

RightsWATCH Administration Console – Rules definition tab

RightsWATCH Administration Console – User Roles definition tab

05/01/2023 © Copyright www.watchfulsoftware.com. 2013 All Rights Reserved. 14

Use Cases on Policy-driven Rules

1. An email is automatically classified based on:

1) to whom is the email being sent

2) which content is written in the email

3) which files are attached to it

Content, Context and Metadata aware

Policy-driven Rules



2. An enterprise leverages RightsWATCH’s Global Protector to dynamically scan its entire legacy data file share and automatically classifies ALL files in that repository, enforcing the policy rules.

Global Protector Server



3. A user is prevented from saving a document to an unauthorized location and/or with unauthorized content. RightsWATCH blocks the file from being saved and shows the user the reason why.

Warn/BlockRules


Check out the “Resources” area on www.watchfulsoftware.com and watch short product walkthrough demonstrations of how RightsWATCH address a comprehensive set of use cases

E-mail [email protected] to request a demo of RightsWATCH

This webinar is being recorded. You’ll have access to it On-demand at www.watchfulsoftware.com

Q&A and Wrap-up

Strategies for policy-driven information classification

www.watchfulsoftware.com May, 18th 2016

Strategies for policy driven information classification

Software

Transcript of Strategies for policy driven information classification