Data Loss Prevention
Mobile Data Security
Cloud Data Security
Encryption & ERM
Governance, Risk & Compliance
SAP Data Loss Prevention (DPL)
SAP Data Protection
SAP Governance, Risk & Compliance
Sensitive Data Discovery and Security
Who is Ground Labs
Titus Classification Suit
Titus Illumınate (Data Discovery)
Titus Mobile Security
Halocore SAP Security
Halocore SAP Auditing
Halocore SAP Classification
Halocore SAP Data Loss Prevention (DPL)
Halocore SAP Data Protection
Halocore SAP Governance, Risk & Compliance
Ground Labs Secure Sensitive Data
PERSONAL DATAS ARE PROTECTED BY LAWS IN TURKEY TOO! The Law on the Protection of Personal Data (KVKK) was published in the Official Gazette No. 29677 dated April 7, 2016 and entered into force on 7 October 2016. On 1 January 2017, the Protection Committee for Personal Data, working under the responsibility of the Prime Ministry to create and enforce the secondary legislation under the Law, began to swear by the Supreme Court. What is KVK Law No. 6698? A law enacted to regulate the procedures and principles in the processing of personal data, in particular the confidentiality of private life, in order to protect the fundamental rights and freedoms of persons and to comply with the obligations of real and legal persons who process personal data. How ready are corporations for compliance with the law? Within the context of compliance with Law No. 6698, institutions must analyze the life cycle of the domain very well and establish and operate technological infrastructures that can manage it in a process. Compliance with Laws and Regulations with TITUS Classification Family The data that must be kept within the framework of the time limits laid down by the Act; • recording, • storage, • protection, • replacement, • disclosure, • transfer, • takeover, • Classification • Prevention of use When the deadlines set by the law are over, • where to scan • found • deletion • Destruction • anonymization In any transaction carried out on such data, it is fully integrated into the life cycle of the data to comply with the law. Example Scenario: Titus Illuminate Module With a new technology, TITUS Illuminate, it scans documents in shared environments and takes the necessary actions in the context of compliance with legislation while creating an inventory. Labeling of documents and emails in personal data and ensuring proper password protection or network protection, Archiving encrypted in a secure environment, Deleting and expiration of stored personal data in a secure manner and automatic application are ensured Within the scope of KVK Law No. 6698, It is entitled to demand that the person concerned be treated in accordance with his / her personal data, demand information about them, question whether he / she is used appropriately for his / her purpose, know the persons to whom the personal data are transferred, request correction of wrongs. Persons and institutions having the title of “Data Officer” are obliged to fulfill these responsibilities against the related persons. • To take necessary technical and administrative measures related to the protection of personal data, • To prevent unauthorized and unlawful processing of personal data, • To prevent unauthorized and unlawful access to personal data, • For whom and for what purpose personal data can be transferred, • The deletion and destruction of personal data, • Informing and informing the person about personal data, • Make and take necessary inspections in order to protect personal data in their own environment. Under the TITUS Classification and Personal Data Protection Act, It guarantees that personal data will be identified in e-mail and documents in the first phase they are created, and that e-mail and documents will be labeled and protected in accordance with the law. With a new technology, TITUS Illuminate, it scans documents in shared environments and takes the necessary actions in the context of compliance with legislation while creating an inventory. Labeling of documents and emails in personal data and ensuring proper password protection or network protection, Archiving encrypted in a secure environment, Deleting and expiration of stored personal data in a secure manner and automatic application are ensured ...
Turkcell Case Study
TURKCELL BUILDS COMPLETE APPROACH to Data Loss Prevention with TITUS Global telecommunications operators require the highest levels of security as they deal with large volumes of personal information, trade secrets and other sensitive data. In an extremely competitive market, locking down data is critical, and high levels of data security help drive market advantage. Company Profile Turkcell is the leading communications and technology company in Turkey with 33.1 million subscribers and a market share of approximately 54% as of March 31, 2011. Turkcell covers approximately 83% of the Turkish population through its 3G and 99% through its 2G technology supported network. It has become one of the first among the global operators to have implemented HSDPA+ and achieved a 42.2 Mbps speed using the HSPA multi carrier solution. Business Situation As a leading mobile operator, Turkcell is committed to the development and implementation of best data security practices. Ensuring the security of both customer data and sensitive corporate information is critical to the company’s ongoing success, and is a driving force for the company’s focus on best practices. Challenge As a large mobile operator, thousands of employees are handling sensitive information housed in Microsoft Office® files on a daily basis. While security is a priority, it can be a challenge to ensure each individual employee is handling information appropriately, and accidental data leakage can occur. Turkcell has been using a server-based Data Loss Prevention (DLP) solution for several years which enables them to stop the flow of sensitive information outside the organization. However, these technologies only offer a partial solution, and can result in false positives, or documents being delayed or not sent at all. Solution The Turkcell security team began to look for a solution to enable them to extend the value of their existing Microsoft infrastructure and DLP solution. The company carefully assessed a number of approaches and solutions for classifying documents and selected TITUS Classification™ for Microsoft Office “TITUS was our clear choice for our document classification needs as it would enable us to not only extend our existing investments, but empower our users to make the best decisions about how data should be used.” Gurkan Papila Enterprise Infrastructure & Security Manager, Turkcell With TITUS Classification for Microsoft Office, end users are able to quickly and easily classify documents within the Microsoft application they are using. Additionally, they can apply visual markings such as headers, footers and watermarks to ensure proper information handling. “The solution is literally as easy to use as spell check. Employees are able to classify documents in an extremely simple, non-intrusive way. Ultimately this helps us ensure that our data is handled correctly and users are much more aware of how to handle information.” Gurkan Papila Enterprise Infrastructure & Security Manager, Turkcell The metadata generated as part of the classification process is then used by the existing DLP solution, creating a complete approach to information security. “TITUS’ ability to generate the metadata was critical. With that, our DLP solution has the information needed to ensure that sensitive data does not leave the organization, and protects us against accidental leakage of our most valuable asset – our information.” Benefits Since deploying TITUS Classification for Microsoft Office, Turkcell has realized a number of benefits across the organization and has been able to drive a substantial return on their initial investment. The solution has been deployed enterprise-wide to more than 3000 employees who are actively classifying documents from their desktop. “Not only are our employees actively participating in ensuring the security of information, they are much more aware of how to handle information. The solution’s ease of use has ensured user acceptance and adoption which ultimately helps us strengthen our security posture.” The initial investment in TITUS Classification for Microsoft Office has quickly been recouped by Turkcell as they have been able to extend the security of the organization, and avoid issues of delayed or unsent documents resulting from the server-based DLP solution. “The investment in TITUS Classification for Microsoft Office was extremely affordable, especially as we were able to seamlessly integrate it into our existing infrastructure. Furthermore, the solution’s total cost of ownership is minimal when you compare the potential costs resulting from data leakage to our organization,” outlined Papila. Turkcell is actively involved in the development of standards and best practices for data security in Eastern Europe, and the TITUS offering is able to grow with them over time as new standards may emerge. “TITUS Classification for Microsoft Office can easily be configured to meet emerging standards or regulations, and we have the flexibility to extend our classification to Outlook moving ahead,” said Papila. Our experience with TITUS has been outstanding, and we are looking forward to continuing to work with them for years to come.” About TITUS TITUS is the leading provider of security and compliance software that helps organizations share information securely while meeting policy and compliance requirements. Our solutions enable military, government, and large enterprises to raise awareness and meet regulatory compliance by visually alerting end users to the sensitivity of information. Products include TITUS Classification, the leading message, document and file classification and labeling solutions; TITUS Aware, products that enhance Data Loss Prevention by detecting sensitive information at the desktop; and the TITUS family of classification and security solutions for Microsoft SharePoint. TITUS solutions are deployed to over 1.5 million users within our over 300 military, government and enterprise customers worldwide, including Dow Corning, United States Air Force, NATO, G4S, Paternoster, Pratt and Whitney, Australian Department of Defence, and the U.S. Department of Veterans Affairs. For more information, visit www.titus.com....
For Case Study...
The First Step Toward GDPR Compliance
Last week my colleague Mark Cassetta described how data categorization could be used as a means to simplify information classification and protection. This week I would like to expand on this concept to show how categorization can be put into practice. The European General Data Protection Regulation (GDPR) only 12 months away. Yet, only 10 percent of organizations impacted by the GDPR report that they are “completely ready” to comply with the regulation (Osterman Research), it seems like this would be a great example for highlighting the use of categorization. The key goal of the GDPR is to ensure that any organization that controls or processes sensitive personal information about EU residents also properly protects the data. In fact, organizations must show that data protection is a fundamental design aspect to their data workflow and processes. So, where does an organization start? The same place they should start for any data protection project; they need to find and clearly identify the sensitive data in question. Because the GDPR mandates that each individual can request to see, edit, transport, or have the data deleted, knowing the location of files that contain personal information is paramount. With very little time to get systems, policies, procedures, and people aligned, implementing a detailed data classification schema is not practical – which is fine! We like to take a “crawl, walk, run” approach with our customers anyway. First, we help them resolve their primary use case (the “crawl”) and when they are comfortable with that first step, we expand their use of classification to solve other workflow, security, and compliance hurdles. To set the stage for GDPR compliance (and where automated classification is not practical), simply ask your users if the data they are working with contains personally identifiable information (PII): Yes or No. That’s it. One question. A simple task for the user provides the essential ingredient to GDPR compliance. Once the data is identified, compliance policies to be built across the enterprise. TITUS policies help protect users from making mistakes, but the classification metadata can also empower your existing data security ecosystem, such as DLP, encryption, records management, reporting and insider threat detection, and more. For example, answering “Yes” could automatically limit how the information can be shared, or trigger encryption. By enabling your other data security systems to read and react appropriately when they see a user has answered “Yes”, you have designed personal information data protection into your organization workflow and data security processes. According to Osterman Research, only 27% of organizations have confidence that they can appropriately classify records or mark it to limit processing. If you are part of the remaining 73%, TITUS can help. Source: http://www.titus.com/titus-blog/2017/05/the-first-step-toward-gdpr-compliance/...
Netskope EMEA Cloud Report April 2017
Care about cloud security? The new Netskope EMEA Cloud Report delivers cloud service usage trends in a short, easy-to-read format. Here are a few highlights: 56.75 percent of Microsoft Office 365 usage occurs in services other than OneDrive for Business. Enterprises have an average of 903 cloud services in use, up from 845 last quarter. Backdoors make up the majority of cloud malware detections at 37.1 percent, while ransomware consists of 4.2 percent. Webmail pulls ahead of cloud storage for the first time with 39.9 percent of all data violations, as enterprises start to focus their DLP policies on categories other than cloud storage. For detailed report: Netskope EMEA Cloud Report April 2017...
Microsoft Recommends Secude!
In a world of rising cyberattacks, universal connectivity, and mobile and cloud dominance, the quest for comprehensive security has never been higher. In today’s age of borderless IT, complex environments cannot be secured like yesterday’s networks as enterprises lose control over the information traveling beyond their boundaries. Sensitive data is now shared more than ever, within the organization and with partners and suppliers. The explosion of mobile devices and cloud share services only creates another hole in the weakening security landscapes. In this webinar, join security experts from Microsoft and SECUDE, a well-established security provider specializing in SAP, to learn how enterprises can embrace cloud and mobility, while ensuring that corporate assets are well protected. Key takeaways Understand the current IT landscape and challenges that come with it Learn about Microsoft’s latest technologies and their Enterprise Mobility Suite (EMS) Identity and access management with Azure Active Directory Premium Mobile Device Management (MDM) with Windows Intune Data protection with Azure Rights Management (RMS) Discover how to find a balance between the need for security with the need for greater collaboration, mobility and productivity Apply all of the above to SAP data, while honoring roles and authorizations configured in SAP systems with Halocore for SAP NetWeaver Kaynak: https://blogs.sap.com/2014/08/27/webinar-solving-security-collaboration-and-mobility-challenges-in-sap-with-microsoft-technologies-sep-15/...
For News Room...