Aeroflot will toughen confidential data protection from leaks

By December, 2014 Aeroflot is going to complete development of technology of protection against leaks of confidential information and to select the DLP solution based on which then it is going to create in the company an end-to-end system of protection. It follows from the project documentation published in April.

A self-written personnel system,SAP ERP,EDMS based on Lotus,the Sabre booking system, a number of production systems, providing business processes of the company, EPR – single payment solution, the gateway on payment processing for tickets, the system of sales of transportations, removable devices of processing and information storage, the mail server and some other will become main systems to which protection against leakages of confidential data will extend.

Within the project Aeroflot expects to receive independent assessment of the current situation in the field of confidential information protection, quality standard of risks of leaks, to define required measures for increase in the cybersecurity level, to test technical solutions, to create the strategy of development for an end-to-end system of protection against leaks and also to create terms of reference on its creation.

In Aeroflot the end-to-end system of protection against leaks of confidential information will appear

In technical requirements to the project it is specified that at the time of its start in the company the DLP solution Websense Data Security is used. During development of technology of an end-to-end system of protection against leaks Aeroflot expects to hold independent step-by-step testing of six different DLP systems. Solutions of Infowatch,Zecurion, Jet Info,Falcongaze and SearchInform which have "essential different functionality from the system used at present", said in terms of reference on execution of works should be presented at least.

In addition to directly DLP system the end-to-end system of data protection from leaks will include such components as a corporate system of investigation of incidents of cybersecurity, a corporate system of data protection from unauthorized access, including application of means of data encryption, an analysis system and correlations of events of cybersecurity, a control system of actions of privileged users.

In addition, she will turn on the system of protection of databases, control of printing of documents, the system of differentiation of access rights to documents, differentiations of access rights to information systems and a management system for mobile devices.