Prevent data loss with HP Data Loss Prevention Service brochure

Brochure

Prevent data loss HP Data Loss Prevention Service

Brochure | HP Data Loss Prevention Service

Protecting against data loss from the mobile device to the cloud. Data security is a top priority for Chief Information Security Officers (CISO), especially when it comes to protection of financial information, non-public personal information, protected health information (PHI), or intellectual property. The impact to the enterprise could be huge: the average cost of a data breach is estimated to cost $5.4 million USD per incident. Where do you leak data? The risks are real. Figure 1. Data loss incidents1 Lost or stolen media

Hacker exfiltration

Stolen computer Disposal error Web leakage

12% 4%

• More and more companies are turning to data loss prevention (DLP) solutions to protect their data from leaks. Gartner estimates that the content-aware DLP market revenue has reached between $680 million USD and $710 million USD in 2013, and is estimated to grow an additional 22 percent to 25 percent by the end of 2014, to reach approximately $830 million USD.

30%

6% 9% 11%

11% Stolen laptop

Fraud

• According to a Symantec white paper (“What’s yours is mine: how employees are putting your intellectual property at risk,” published in 2013), 41 percent of employees email company IP to their personal email accounts. 37 percent use file-sharing apps (such as Dropbox or Google™ docs) without permission from their employer. 40 percent plan to use the data they took at another job. These statistics show how vulnerable many organizations are to data loss.

• Increasingly, organizations are looking to DLP to protect their highest value data. Forrester Research predicts that over two-thirds of the value of an organization exists in the form of secrets, including valuable intellectual property like product plans and source code, M&A strategy documents, as well as unreleased financial results and projections.

Why do you need data loss protection? • Management of data in accordance with business policy to prevent loss, misuse, or compromise of organizational data.

Figure 2. IT pro’s greatest fear2 100% 75%

• Visibility on who is using critical data in a way not aligned with policy.

92% 77% 68%

64%

62%

50%

• Ability to achieve compliance through control of data policies with internal policies and industry regulations (PCI DSS, HIPAA, etc.). • Policy enforcement over employee actions as it relates to protecting critical data from misuse and improper handling.

25% 0%

• Education of employees on how sensitive data should be copied, stored, and handled.

Make Rising data-related tide decisions of data with business

Fear of data loss

Data stored in the cloud

Limited data protection funding

• Policy enforcement over critical data that leaves the company. • Policy enforcement over how sensitive data is stored in company storage areas, for example, on SharePoint sites. • Prevention of critical data leaks through policy and correctional actions. • Prevention of employees from improperly copying, sending, and storing data in a way that put critical data at risk of misuse or loss. • Blocking data from leaving the company in an unsecure manner. • Identification and remediation of data that is improperly stored.

Datalossdb.org, 2014

1

IT Pros’ Biggest 2014 Fear: Data Loss, CIO Insight, 2014

2

2

Brochure | HP Data Loss Prevention Service

HP Data Loss Prevention Service protects client enterprise data and information. From design to deployment, this service enables clients to protect their most valuable assets. The service follows a specific strategy including management, control, and business processes. It specifically covers three stages for data loss protection:

Full data lifecycle protection Data-in-motion It monitors network activity to prevent confidential data from being sent to unauthorized personnel, inside or outside of the organization. The service monitors email, Web traffic, FTP, instant messaging, and other network protocols to enforce compliance with data security and privacy policies. Data-in-use The service discovers and protects confidential data already stored on desktops and laptops, and manages data movement to removable devices (CDs, DVDs, or USB drives) including printing, copying, and pasting.

Data leakage is happening all around the client’s enterprise. Finding where data is leaking and knowing how to stop it is a daunting task.

Data-at-rest The service locates confidential data on file servers, SAN, NAS, databases, and document management systems, and initiates policy compliance measures (such as encrypting or moving data).

DLP value proposition Safe business operations HP DLP Service helps clients establish safer business operations, reduced risks, and lower incident costs achieved through seamless compliance, policy enforcement, and data control. We help clients drive their end-to-end DLP program by providing consulting services to define business processes, policies, design, and implement solutions that fit specific needs. Comprehensive solution We ensure clients receive a comprehensive solution that enables control over all aspects of critical data management, by using a market-leading DLP solution spanning across network, endpoint, and storage, and offering comprehensive sensitive data identification methods.

Figure 3. Symantec DLP Framework

USB/CD/DVD

Email Webmail

Stored data

File servers

t DLP policy

rk two Ne

Untrusted networks

Endpo in

Print/Fax

Monitoring, prevention, discovery, and protection

St o ra g e SharePoint/ Lotus Notes/ Exchange

Instant message

FTP

Reduce costs We help clients reduce costs and risks by deploying DLP solutions rapidly and efficiently providing rapid time-to-market DLP implementations. Our proven DLP and consulting practices can jump-start any DLP project. Strategic partnership HP and Symantec’s partnership has existed for over 20 years offering a global scale and proven experience that ensures we can address multinational deployments, as well as address specific local data privacy requirements.

Web servers

Databases

Table 1. Service configuration options HP DLP Service is available in two configurations: DLP risk assessment

Provides a quick hit assessment and strategy service to perform a proof of concept (POC) to expose a client’s data loss issues. Showcases Symantec’s DLP products for larger up sell opportunities. This option can be offer with or without DLP monitoring.

DLP implementation

Bundled software and implementation service to install and tune the Symantec DPL solution addressing one of the client’s most significant risk areas. The service is a custom priced, custom scoped service based on the assessment plan activities included in the agreed upon statement of work. This option can be bundled with the DLP risk assessment as well as sold with or without the Symantec product.

Note: Symantec DLP model

Each service configuration option must be proposed with a standard statement of work (SOW) so that each client receives the exact level of service required.

3

Brochure | HP Data Loss Prevention Service

HP DLP Service specifications

Data center Data loss prevention lifecycle protection for every place information resides in the enterprise.

Network and mobility Data loss prevention for information traveling on the network, email, Web, or iOS devices.

Big Data and storage Data loss prevention for file shares, SharePoint sites, USBs, databases, and SANs.

Cloud Data loss prevention for information traveling in and out of public, private, or hybrid clouds.

Data leakage risk assessment

Uncover data leakage anywhere within the data center enterprise.

Uncover data leakage occurring within the network and mobile devices.

Uncover data leakage occurring Uncover data leakage when within Big Data platforms and transferring information in and data storage locations. out of cloud environments.

Key Symantec DLP products

Symantec Data Loss Prevention Enforce Platform

Symantec Data Loss Prevention Enforce Platform

Symantec Data Loss Prevention Enforce Platform

Symantec Data Loss Prevention Enforce Platform

Symantec Data Loss Prevention Network Discover

Symantec Data Loss Prevention for Mobile

Symantec Data Loss Prevention for Storage

Symantec Data Loss Prevention for Endpoint

Symantec Data Loss Prevention Data Insight Enterprise

Symantec Data Loss Prevention Network Discover

Symantec admin course

Yes

Yes

Yes

Yes

Data leakage awareness survey

Yes

Yes

Yes

Yes

Gap assessment report

Yes

Yes

Yes

Yes

Risk assessment report

Yes

Yes

Yes

Yes

Roadmap

Yes

No

No

No

Roles and responsibilities matrix (RACI-V)

Yes

Yes

Yes

Yes

Revise policies and procedures

Yes

Yes

Yes

Yes

Data loss incident simulation

Yes

Yes

Yes

Yes

Compliance reporting configuration

Yes

Yes

Yes

Yes

DLP configuration tuning

Yes

Yes

Yes

Yes

Post installation health check

Yes

Optional

Optional

Optional

Developing solutions for major social and environmental challenges hp.com/hpinfo/globalcitizenship

Learn more at hp.com/services

Sign up for updates hp.com/go/getupdated

Share with colleagues

Rate this document

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Google is a registered trademark of Google Inc. 4AA5-5913ENW, November 2014