SeenaTech's preferred method of client engagement is based on our Secure Infrastructure Framework and a lifecycle approach, from assessment, through planning, architecture and integration of solutions to ongoing management. This engagement method is the result of both extensive experience and established best practices.
In order to illustrate how this model is applied in a real case scenario, the following Data Leakage Prevention (DLP) engagement example is given:
SeenaTech' s DLP assessment is a consultative led service that provides organizations with visibility into how their sensitive data enters traverses and leaves the corporate network. The assessment methodology includes various phases that quickly identify where information is stored and how it is being used.
The assessment may include the following phases based on individual needs:
- Policy review: understanding current organizational policies including data classification and data retention.
- Information profiling: understanding what information is important to the business and where it resides.
- Create search perimeters: establish search expressions to capture information based on the profiling exercise.
- Initiate discovery: search for information across networks, file repositories and systems based on the parameters set within the search boundaries.
The results of the assessment are analyzed and a report produced that identifies instances of potential information leakage. This report will enable us to build a roadmap detailing how to deal with the challenges in DLP across the organization - when data is in motion on the network or across the perimeter, stored on devices or in use in applications.
Now we know all the instances of potential information leakage, based on the report, we will be able to see what, if any, network redesign needs to be carried out in order to optimally support the organization's objectives.
Solution - Implementation and Integration
Based on the assessment findings, the security requirements and the maturity level of the organization's security posture we suggest implementation of a solution that ticks all the boxes and supports the individual business requirements.
- Maturity level 1 - Tactical control Suggested solutions: Device Encryption, Secure File Transfer
- Maturity level 2 - - Perimeter protection Suggested solutions: policy adjustments of existing content security solutions (Web Proxy, Firewall, etc.), User Education
- Maturity level 3- - Internal information flow management Suggested solutions: visibility of information flows within the organization through device management (USB storage devices, wireless Internet, CD/DVD-Rs etc.). Security Incident and Event Management System (SIEM)
- Maturity level 4- - External information flow management
Suggested solutions: Digital Rights Management technology for information flow management for sensitive information that does need to leave the organization,
SeenaTech' s data leakage solution set:
- Supports security policy and compliance strategies
- Is modular and scalable
- Protects all electronic leakage points
- Uses best-of-breed solutions Utilizess a centralized user database
- Provides end-to-end visibility
- Fulfills the primary objectives of the data leakage strategy
Having implemented and integrated a DLP solution, SeenaTech can provide a number of Managed Services as part of our Operations Management offering that cover Maintenance/Support, Monitoring, Managed Security and Tuning.
Clients can outsource some of the ongoing management of their security infrastructure, or ask for resources / people onsite - or alternatively we can provide consolidated support (contracts) for different vendor technologies in a DLP environment, which is likely to be complex and include multiple vendor solutions.