ILPA

Information Leakage Prevention & Accountability

 

Main Elements of ILPA - Cryptography
Cryptography features are to ensure Confidentially, Integrity, Authentication and Non-Repudiation, however benefits are endless. A Chinese Wall model ( an ILP and Information Isolation model) is best implemented using a hybrid of Symmetric & Asymmetric encryption, the same applies to a Unified Secured Single Logon Token. Most Business owners & Security administrators take the Features as the Benefits. Features are more of a goal of Cryptography, where Benefits are every possible way of applying Cryptography to solve a business dilemma.

Technical Fallacies - Data Owners vs. Custodians
Most CIO & CEO think of encryption as a luxurious security need, however and by IT infrastructure definition, there is no proper IT implementation without Encryption.
The definition of Access Rights in a business model is “The owner may be liable for negligence if they fail to perform due diligence in establishing and enforcing security policies to protect and sustain sensitive data. A custodian is a subject who has been assigned or delegated the day-to-day responsibility of proper storage and protection of objects.
The owner is typically the CEO, president, or department head. The custodian is typically the IT staff or the system security administrator.”
On today’s implementation Custodians (IT Staff and Security administrator) have more Access Rights than Data Owners (CEO, president, or department head). Custodians have access to read, write, modify and even retransmit data.

Obstacles
There are technical obstacles that hindered the spread of Cryptography to Business and various commercial activities.

  • Vendors Implementation
    Though different crypto algorithm are publicly available, most vendors find it hard to code it to an application. There are several known implementation flaws on today’s market.

  • IT Department Implementation
    IT Department/Administrators mostly will see it as an overhead on the IT infrastructure, beside the fact that Cryptography will require its own infrastructure, key management system and Applications.

  • User Acceptance.
    In most cases users are required to change the way they are doing business to include more steps in order to implement encryption, nothing is fully automated or offers ease of use to the that user. In short it did not simplify business, rather than complicating it.

  • Confidentiality
    One of Cryptography features is to ensure confidentiality, however how can you trust a closed source ( a compile application) that is hooked online like a sitting duck for 24/7, how do you ensure your own provider does not have access to a mean to decrypt your data and transmission!, how good it is, if you can’t trust the very purpose you are implementing for.

Supplementary Elements of ILPA
  • Information Flow and Design
  • Application User Interface Control
  • Policies supporting Information Leakage Prevention.
  • Technical Controls enforcing the Policies.
  • User-Land control to prevent malicious Trojans, Sniffers, Key Loggers, Screen Spy.


Roadmap Luckily enough there is a solution that fulfils all the above required criteria and is targeting a

The roadmap starts with essential needs, such as
  • Encrypting your own data before storing it locally or to a Network File Server, Controlling the logon to your workstation and Email encryption.
  • Apply User-Land controls to prevent malicious activities targeting end user.
  • Review policies and controls in place.
  • Review Technical Controls to prevent Information Leakage.
  • Review Accountability Controls in Place.
  • With infrastructure in place,
    PKI can be integrated into DMS (Document Management Systems) to ensure encrypting files before saving it on the DMS server. Encrypting can be for yourself or another colleague on the same enterprise or a client.
  • PKI can be integrated into other Financial Applications e.g. SAP, Oracle financial to ensure Accountability, 2 factor Authentication and network communication encryption.
  • Digitally Signing invoice, workflows or any other documents or process
  • Services can be extended to provide clients access to critical applications such as access to their online banking, or sending Batch Processed Transfers
  • Moreover, Cryptography can be applied to encrypt network communication of any application without the need to reprogram the application.


Strategy implementation depends on the size and number of users concerned>
The priority of the next steps depends on the business needs of the organization and it’s day to day operation.

Stay one step ahead - request more information