Changes

Jump to navigation Jump to search
no edit summary
Line 91: Line 91:  
   </ul>
 
   </ul>
 
    
 
    
   <p>Network DLP: “Data in Motion” is data that is actively traveling across a network such as email or a file transferred over File Transfer Protocol (FTP) or Secure Socket Shell (SSH). A Network DLP focuses on analyzing network traffic to detect sensitive data transfer in violation of security policies and providing tools to ensure the safety of data transfer. Examples of this include:</p>
+
   <p><b>Network DLP:</b> “Data in Motion” is data that is actively traveling across a network such as email or a file transferred over File Transfer Protocol (FTP) or Secure Socket Shell (SSH). A Network DLP focuses on analyzing network traffic to detect sensitive data transfer in violation of security policies and providing tools to ensure the safety of data transfer. Examples of this include:</p>
    
   <ul>
 
   <ul>
Line 99: Line 99:  
   </ul>
 
   </ul>
 
    
 
    
   <p>Endpoint DLP: “Data in Use” is the data currently being processed by an application. Data of this nature is in the process of being generated, updated, viewed, and erased on a local machine. Protecting this type of data is a challenging task because of the large number of systems and devices but it is usually done through an Endpoint DLP agent installed on the local machine. Some characteristics are:</p>
+
   <p><b>Endpoint DLP:</b> “Data in Use” is the data currently being processed by an application. Data of this nature is in the process of being generated, updated, viewed, and erased on a local machine. Protecting this type of data is a challenging task because of the large number of systems and devices but it is usually done through an Endpoint DLP agent installed on the local machine. Some characteristics are:</p>
    
   <ul>
 
   <ul>
Line 110: Line 110:  
   <h2>Industry Usage</h2>
 
   <h2>Industry Usage</h2>
   −
   <p>The most well-known use of blockchain is in support of cryptocurrencies, such as Bitcoin. A digital currency launched in 2009, Bitcoin does not rely on a monetary authority to monitor verify or approve transactions, but rather relies on a peer-to-peer computer network made up of its users’ machines to do that. Blockchain can be used for all sorts of inter-organizational cooperation. In 2017, Harvard Business Review estimated that approximately 15% of banks are expected to be using blockchain.<ref>Gupta, V. (28 February 2017). <i>[https://hbr.org/2017/02/a-brief-history-of-blockchain A Brief History of Blockchain].</i> Retrieved on 23 May 2019</ref></p>
+
   <p class="expand mw-collapsible-content">Implementing data breach and data leak countermeasures is a major concern for the industry. Over the years, a wide range of high-profile companies have been subjected to these incidents. The biggest security breach of all time happened to Yahoo in a series of breaches in 2013 and 2014, which resulted in all 3 billion user accounts being hacked and personal information being leaked. The company only first disclosed these events in 2016. At the time, the company was in the process of being sold to Verizon but these events had lowered the selling price of $350 million and it received 43 class action lawsuits as a result.</p>
   −
   <p>Although Bitcoin is the first and most well-known use of the blockchain technology, it is only one of about seven hundred applications that use the blockchain distributed ledger system. Blockchain is a digital ledger on top of which organizations can build trusted applications, via a secure chain of custody for digital records.</p>
+
   <p>Due to the constant risk of possible breaches, such as in the example above, Data Loss Prevention technology is widely adopted amongst the tech industry to protect their data. When it comes to enterprise solutions, Gartner identifies four leading DLP vendors: Digital Guardian, Forcepoint, McAfee, and Symantec. Market worth around DLP is growing: in 2015, its estimated worth was around $0.96 million and is expected to grow to around $2.64 billion by next year at a Compound Annual Growth Rate (CAGR) of 22.3%. While data breaches and cyber-attacks have historically been the driver for demand, the growth of cloud storage will increase demand into the future. Furthermore, as things such as the use of digital services, social media, the Internet of Things (IoT) and e-commerce expand, the production of data, even big data, will grow with it as will the need for storage, whether on cloud or through other means. Thus, the desire and regulatory obligations to protect data, such as through DLP, will expand as well.</p>
 +
 
 +
  <p>The DLP market used to have the same approach with respect to monitoring and protecting an organization’s data, but modern solutions differ significantly and have become more individualised. The traditional approach, sometimes called a project approach or a suite, involves a network gateway acting as a man-in-the-middle to monitor the traffic. It requires that the source, destination and type of sensitive information is known and well-defined. The newer method, sometimes referred to as the data visibility or individual approach, uses an agent installed locally on each system to monitor all user and system activity. This approach works well an organization is still in an age of discovery regarding its transmittal and sharing of data and most networks users would potentially have access to sensitive forms of data. The majority of organizations employ both DLP approaches to varying degrees.</p>
    
   <h2>Canadian Government Use</h2>
 
   <h2>Canadian Government Use</h2>
  <p class="expand mw-collapsible-content">Canada does not currently have a federal policy on blockchain. While blockchain is an important emerging technology, how it could be used by the Government remains to be seen. At this point, the ideal GC use case for blockchain would be a system of public record to register secure transactions from multiple contributors toward distributing a single source of truth in a non-refutable fashion.</p>
     −
   <p>According to Gartner, there is no Government around the world that is operating a true blockchain initiative , although some (State of Georgia, Hong Kong, United Arab Emirate) are operating pseudo-initiatives and starting to experiment with the technology.<ref>Gartner conference call.</ref> Treasury Board of Canada notes highlights a few specific initiatives: Estonia uses an eHealth Foundation partnership to accelerate blockchain-based systems to ensure security, transparency, and auditability of patient healthcare records. Singapore employs the use of blockchain to prevent traders from defrauding banks through a unique distributed ledger-based system focused on preventing invoice fraud.<ref>Treasury Board of Canada</ref></p>
+
   <p>The Government of Canada (GC) has a responsibility to protect not only its data and IT assets but also that of its citizens and the data collected on or about them. Despite this, the GC itself is not free from experiencing data leaks. For example, the Canadian Revenue Agency (CRA) reported 3,763 data breaches in 2013, including incidents where taxpayer’s information were lost, compromised, or accidentally released. In order to prevent such occurrences, as well as those on both smaller and larger scales, there are various DLP protocols in place throughout the GC. Currently, DLP operations are run independently in each department. However, this is in concurrence with federal supporting policies and procedures, some of which also extend to industry.</p>
 +
 
 +
  <p>As of November 1, 2018, private Canadian  businesses and industries, along with the health sector, which are subjected to [https://laws-lois.justice.gc.ca/eng/acts/P-8.6/index.html The Personal Information Protection and Electronic Documents Act] (PIPEDA), are required to report all data breaches involving personal information that may harm an individual, hold a record of all data breaches, and notify the affected individuals. The goal of this act is to assure citizens have their personal information protected by appropriate safeguards in accordance to their right to access their personal information. Similarly, the federal Privacy Act stipulates how GC departments can share and provide access to personal information on or about individual Canadian citizens and also mandates reporting of security breaches involving this data.</p>  
 +
 
 +
  <p>Since the GC relies extensively on IT to provide its services, the Operational Security Standard from Management of Information Technology Security (MITS)  as well as the Operational Security Standard – Business Continuity (BCP) Program defines a baseline of security requirements which federal departments and agencies must fulfill to ensure the security of information are under their control. Those prevention safeguards include incorporating identification and authentication in all networks and systems, authorization and access control to restrict accessibility on a “need to know” basis, proper cryptographic and encryption protocols, and emanations security methods such as TEMPEST. In the event of a data breach, the Policy on Government Security (PGS) establishes a mechanism to coordinate the response and recovery. Since the data breaches are primarily caused by people, the Canadian Centre for Cyber Security offers up-to-date publications as part of an awareness campaign.</p>
   −
   <p>In 2017, “The Blockchain Corridor: Building an Innovation Economy in the 2nd Era of the Internet” was developed, discussing ways to turn Canada into a global hub for the “Blockchain revolution.” Written by a high-tech think tank and prepared for / partially funded by the federal Department of Innovation, Science and Economic Development (ISED), the report lays out a few proposals regarding how to cement Canada’s role as a world leader in blockchain technology. The Canadian Government announced in July 2017 the intention to run at least 6 select pilot projects on the use of blockchain.<ref>Secretariat, T. B. (29 March 2019). <i>[https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022].</i> Retrieved on 23 May 2019</ref></p>
+
   <p class="expand mw-collapsible-content">The Government of Canada’s Cloud Adoption Strategy, as well as the Strategic Plan for Information Management and Information Technology 2017 to 2021 outlines a move towards increasing the use of cloud services for data storage and processing. Outsourcing to private clouds presents a certain level of risk if vendors are not vigilant against cyberattacks or if malicious themselves. The GC has developed various strategies, guidelines and best practices in order to mitigate the risks around cloud and Cloud Service Providers (CSPs). For example, the Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice outlines measures such as third-party independent assurances, encryption and cryptographic algorithm, and vulnerability alerts, amongst others, as part of its attempt to minimize risk and heighten data loss prevention.</p>
   −
   <p class="expand mw-collapsible-content">This included establishing a digital economy commission, which will be tasked with developing solid recommendations regarding how Canada can become a leader in developing technologies such as blockchain, quantum computing, artificial intelligence and self-driving vehicles. It also recommended getting governments currently using blockchain to transform their own operations and provide examples of how the technology can benefit public sectors in Canada and abroad.  Governments could use blockchain to verify the payment of taxes and manage public services more efficiently.</p>
+
   <p class="expand mw-collapsible-content">As with other nations, creating an open, collaborative, and accessible government is of prime importance to the Government of Canada. As described in the Digital Operations and Strategic Plan (DOSP), it holds that sharing data and information with Canadians and businesses with help to grow the economy and allow for more active participation in public life. Open portals and open information can present a more open possibility of breaches and attacks, however. Therefore, moves towards open government must involve DLP controls. Making data and information more open has inherent risks – it exposes networks, systems, devices and data, including personal information, to accidental or malicious breaches. As such, robust IT security protocols in the GC are of paramount importance. A layered security approach, such as the use of trusted access, protected assets, secure protocols by default and continuous monitoring are already in effect and will continue to be implemented in the GC.</p>
    
   <h2>Implications for Government Agencies</h2>
 
   <h2>Implications for Government Agencies</h2>

Navigation menu

GCwiki