Secure Content Management (SCM)
Organizations are increasingly moving toward collaboration — encouraging usage of the Internet for knowledge access and productivity enhancement, advocating widespread adoption of email as a communication means and promoting instant messaging for better coordination. The global nature of business transactions — involving service providers and third party solutions — relies on communication protocols such as SMTP, HTTP, HTTPS, FTP, IPSec VPN, etc. for exchange of information and execution of a transaction. This has been contributing to increased dependencies of an organization on the inbound and outbound traffic flowing across its boundaries. Internet technology, with its open architecture, inherently provides access to all resources that are connected to the World Wide Web. Hence, users can connect themselves to all legitimate and illegitimate web sources. This may expose organizations to serious security threats. The outward and inward connections, thus, have a potential to jeopardize the security posture of an organization. These connections also create possibilities of data leakage from an organization to the outside world. Security threats have been increasingly exploiting these connections, channels, protocols and traffic to perpetrate attacks. Advent of Web 2.0 technologies and proliferation of file sharing protocols, data sharing portals, media streaming, etc. by the users expand the attack surface of an organization. They create enormous opportunities for external threats to exploit weaknesses. Allowing the inbound and outbound connections — as access given to the employees to initiate or receive traffic — creates issues of employee productivity. It also contributes to bandwidth issue as connection to public or media streaming sites consumes an organization’s network bandwidth.
While allowing legitimate traffic, organizations may not like their employee to indulge in different forms of entertainment and attractions available online, which can lead to security threats, data leakage and productivity issues. Security has been evolving to address these challenges through a set of practices and technical solutions under a category which can broadly be classified as ‘Secure Content Management’ (SCM).
DSCI believes that SCM is an important discipline of security. It deserves a close attention as it promises defence against the threats that are increasingly concentrating their acts to exploit weakness in the content management. It also offers effective instruments to curb the data leakages, hence, is regarded as an important element of data security strategies.
- Create an inventory of business requirements that require the organization to provide access to its employees to: Internet, Email, Instant messaging, Social media sites, File types (allowed), Protocols such as FTP, Peer to Peer (P2P), VOIP, IPSec VPN, etc., Data sharing portals, multiplayer games, web conferencing, remote pc access, media streaming, etc.
- Map these requirements to organization’s units and roles to identify unit or role specific access requirements to the Internet, Email, Instant Messaging, etc.
- Evaluate the incoming and outgoing traffic to understand how much bandwidth is consumed by business transaction versus non business usage
- Evaluate how the content classification is done
- Record all the compliance requirements that can be attributed to content security and map each of the requirements with associated systems and countermeasures
- Create an inventory of compliance requirements that imposes restrictions on employee access provided to the Internet, Email, Instant Messaging, Social Media, etc. Map these requirements to an organization’s units, roles and user groups
- Evaluate the possible security threats that an organization may be exposed to for each type of access (Internet, Email, Instant Messaging (IM), Social Media, etc.)
- Identify and create an inventory of possible data leakage scenarios associated with these accesses provided to the employees
- Identify the objectives of an organization for deploying the measures for content security.
- Evaluate the security requirements of an organization mapping all possible threats that arise from access to the Internet, Email, IM, Social Networking, etc. In addition, the business and compliance requirements should be taken into consideration to derive the requirements
- Evaluate the characteristics of the IT infrastructure to find the maturity of infrastructure elements to protect themselves from threats coming from inbound and outbound traffic over the Internet, Email, Instant Messaging, Social Media, etc. Endpoints with protection such as HIPS, Execution Prevention can withstand the malware threats that may enter through web, email, or IM
- Identify the solutions and countermeasures deployed or available for content monitoring and filtering. Map the solution capabilities with the security requirements
- Evaluate the policy requirements for content security. The policy requirements can be classified under Content classification and filtering policies, Protocol-agnostic policies, Attachment policies, Web/URL filtering, Group policies
- Evaluate the architectural positioning of solutions and countermeasures deployed for content security.
- Identify how the scope of content security measures is extended to the mobile, remote and partner assets of an organization
- A strategic roadmap for ‘secure content management’ can be built considering the requirements such as for mobile computers, home or public network connectivity, Cloud based (Security as a Service), etc.
- Establish a complete and continuous visibility over all inbound and outbound traffic channels, ways or connections that can introduce security threats or provide a means for data leakage.
- Ensure that adequate technology measures are deployed that address the trade-off between the protection requirements of an organization and flexibility and productivity offered by these accesses
- Ensure that a set of policies is defined for content security, that comprehend an organization’s requirements and articulate them in a format that can be used to configure technical solutions deployed
- Create and manage an inventory of content security policy items, including Content classification policies, File type restriction policies, URL/Web filtering, Protocol specific policies, User/user group specific policies
- Ensure that there exists significant instruments for enforcing the policies such as Technical solutions, devices and tools, Processes, standards and guidelines, User education and awareness, Monitoring Traffic
- Ensure that all technical solutions, tools and countermeasures deployed for the content security are derived out of a well devised architectural plan. The architectural treatment for content security is specifically important as it provides dynamic protection against evolving security threats, that use innovative ways to penetrate an organization
- Ensure that the technical design for content security is complemented with an effective process design
- Ensure that the coverage of content security countermeasures is extended to all channels that can introduce security threats or lead to the leakage of data. Ensure that the countermeasures are equipped to address cross channel threats
- Ensure that the scope of the content security is extended to mobile computing devices that include laptops and handheld devices. Ensure that the same level of protection is available even when these devices connect through a public or home network
- Ensure that the content security measures provide effective and integrated management facilities. Content Security measures should have Granularity of policy management, Flexibility and swiftness of policy configuration, Breadth of coverage, Scalability for expanding content security capability and increasing traffic Requirements, Intelligence for content classification, Capability for advising the user to take trusted decision, Integrated management capabilities that help manage different functionalities, Categories of measures that address all requirements, Centralization of reporting
- Ensure that the trust decisions taken for the content security are based on current knowledge of the security attacks and threats. Integrate the content security mechanisms with threat intelligence
- Ensure that the Secure Content Management (SCM) is closely integrated with the Threat and Vulnerability Management (TVM) function of an organization
- Ensure that the content security mechanism collaborates with external information sources as well as organization’s internal dynamics (characteristics of IT Infrastructure) to build the context for policy configuration and real time trust decision making
- Ensure that adequate skills and efforts are deployed at operational, tactical and strategic levels that are required for content security
- Ensure that a mechanism is deployed to vigilantly monitor protection and performance offered by technical measures
- Ensure that there exists a reporting mechanism that informs all stakeholders about content security threats, state of protection and performance of content security measures
- Ensure that employees are aware of content security policies of an organization. They are aware of the context and reason behind a particular restriction and are apprised of legal liabilities arising out of irresponsible Internet behaviour
- Ensure that there exists a mechanism to address non-compliance to content security policies
- Continuous visibility over the inbound and outbound traffic reflects the dynamic understanding of an organization about inbound and outbound linkages as they may potentially introduce a security issue or lead to data leakage
- Business alignment of content security measures reflects the ability of content security measures to address flexibility of the access required by the business while managing threats from these accesses
- Coverage and extent of content security program reflects whether the scope of the program is extended to all assets, protocols and services including mobile computing devices and vendor owned and managed systems
- Granularity of content policy management reflects its ability to address diverse content access requirements
- Maturity of content security processes reflects how processes around content security mechanism have been defined and managed
- Architectural treatment to content security solutions reflects how structured the content security elements are placed in the IT ecosystem
- Capability to advise or execute trust decisions reflects the ability of content security solutions to advise users in making trust decisions in operational cycle or act on the basis of configuration of business rules
- Manageability of content security solutions reflects the easiness of managing devices and solutions
- Intelligence of content security solutions reflects capability of the solutions to collaborate with external and internal knowledge sources for security threats
- Throughput, scalability and reliability of solutions reflect their capability to address complex, dynamic, diverse requirement with necessary productivity and reliability
Please allow pop-up in your internet browser to download DSF
DSCI Security Framework