Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index
Planning Data Security Deployment > Planning a phased approach

To assess how to protect your data from compromise, we recommend using Planning Data Security Deployment in a multi-phased approach. Listed below is just one approach of many.
Start by monitoring data (auditing without blocking). The following steps usually constitute this phase (you may skip some of the steps if they are not relevant):
*
Moving forward, you may identify that your enterprise has unique needs in terms of data identification that are not covered by predefined policies; for example, you may want to protect coupons that are issued or catalog numbers.
*
To request a policy, please apply to Websense technical support. We will escalate your request and engage the research team. The usual turnaround is approximately 3 weeks (the research team will generally provide an estimated time to completion within 3 days of reviewing the request).
*
PreciseID database fingerprinting allows accurate and efficient detection of fingerprinted records coming from various sources:
*
Content policies can be flexibly defined on top of data sources. Detection rules can be configured as combinations of columns and thresholds for a given number of matches.
*
Database fingerprinting can be used in conjunction with PreciseID patterns. While patterns identify a full range of data (for example, all credit cards), database fingerprinting can narrow down the detection only to credit cards of your enterprise customers. You may want to set higher severity on PreciseID database policies than on PreciseID patterns.
*
The data that we identify can already be in a different format (e.g., after PDF conversion), different context (excerpt of confidential document that was fingerprinted), and so on
At this stage, we recommend enabling email notifications to various people in the organization when a policy breach is discovered. The options are:
*
Senders (people that actually leak the information)—some enterprises prefer to use this option to educate users and watch the expected decrease in the amount of incidents over time in the Trends report.
(Phase 3 can be ongoing, in parallel to Phases 1 and 2.) Make sure that you keep the amount of incidents manageable and that all incidents are relevant. The options are:
*
Identify incidents that are authorized transactions and make appropriate changes in the authorization for specific policies (e.g., allowing sending specific information from certain sources to certain destinations)
Phase 3 is also good for making sure that you assign proper incident managers for various types of incidents, and that you create policy category groups in Data Security Manager and assign them to relevant incident managers.
This phase should begin after all the policies were successfully tuned and business owners, data owners and incident managers are trained and ready to handle the incidents:
*
You can start with the SMTP channel only and then gradually move to HTTP enforcement as well. Or you could enforce FTP through ICAP and/or Websense Content Gateway integrations.
*
Continue monitoring incidents and identify whether certain policies can be moved back to auditing only. (Consider this efficiency if you release the email regardless of incidents.)
*
Encryption: As part of SMTP enforcement, you may want to integrate with encryption gateways. Websense can automatically route certain email transactions to be encrypted based on email content and/or policy definitions (actions).
Establish discovery tasks on sensitive corporate servers, databases, Exchange servers, and SharePoint sites that are widely accessed to ensure you know what sensitive information is located where, and who is allowed to access it.
Make sure you are controlling data in use (removable media, clipboard operations, file access) by deploying Websense Data Endpoint in your enterprise:
Local discovery will assist you in getting to the files that network discovery wouldn't reach. (Essentially, local discovery is looking at the drives on a local machine, like a laptop, which can be disconnected from the network.)


Go to the table of contents Go to the previous page Go to the next page Go to the index
Planning Data Security Deployment > Planning a phased approach