Data Theft

The ability to steal company data is no more real today than it was five years ago, but the volume of data that can be stolen is.This Labor Day weekend I was strolling through the local discount computer store and was reminded of one of the biggest concerns I have been hearing from CIO's lately -- data theft. There are 1-TB USB external hard drives floating around $300 and small, pocket 250-GB drives at around $150.

The real issue is would you rather block or tackle? In yesterday's entry I discussed file auditing and one of its capabilities to know who copied a file and to where. If someone were to copy company-sensitive data you could be alerted to that and stop them before they got out the door ... tackling. You would be better served had that copy never happened in the first place ... blocking. The ultimate would be to have both auditing and blocking integrated so the two applications could work together, sharing policies and metadata... data supervision. One of the challenges is most people don't see this as stealing, they see it as more the data equivalent of taking home a box of pens from the supply closet. Actually, the office supplies are held in higher regard, probably because they are tangible. People just don't hold digital content in as high regard as cash. A person that would never take a $100 bill off your desk might very well rip a copy of the latest CD or DVD, or might also take home a customer list, a prospect database, Excel, or Word templates. The attitude is that this is not "really stealing." It falls on the shoulders of the IT professional to lock this data down, while not making the environment too cumbersome to work with. This makes the more draconian approaches, like disabling all USB devices, impractical, and it is the void that data blocking tools could fill. These products allow you to set policies that only allow certain types of users to copy certain types of files to certain types of devices. They can have full access to the files as long as they stay on the network, but allow you to restrict their movement beyond that. I think they are becoming a key requirement in the enterprise. Data supervision integrates auditing with blocking (among other capabilities) to allow shared policy and common metadata databases. Doing so simplifies the process and allows further examination of what is happening in your enterprise. Say, for example, an executive in your organization has full access and can copy virtually anything to USB devices. You can still have an alert that warns if anyone in the organization is copying a large amount of data to a device in a short period of time -- blocking could then step in and stop the transfer.

For example, if you are in the oil and gas market and suddenly 500 GB of SEG-Y data is being copied to a local USB drive, that could be legitimate, but it also could be theft. With data supervision you will be able to suspend the transfer, investigate who is making the transfer, and why. Then you can make an informed decision as to if that transfer should be allowed to continue. There is a significant amount of corporate assets that only see life in digital form. Don't let that data walk out the door on a pocket hard drive.

Track us on Twitter: http://twitter.com/storageswiss.

Subscribe to our RSS feed.

George Crump is founder of Storage Switzerland, an analyst firm focused on the virtualization and storage marketplaces. It provides strategic consulting and analysis to storage users, suppliers, and integrators. An industry veteran of more than 25 years, Crump has held engineering and sales positions at various IT industry manufacturers and integrators. Prior to Storage Switzerland, he was CTO at one of the nation's largest integrators.