Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/25/2006
08:45 AM
50%
50%

Practicing Safe Data

Worried about data protection? You should be

Are you starting to get dragged into discussion about which data leakage product is the best? Are you forming an incident response team to address a recent report of a lost or stolen laptop? Have you just banned iPods from the workplace? You're not alone.

Data protection is worth worrying about. It's not an easily addressable problem, like spam or spyware. Countering those threats usually involves evaluating a few products and making a purchasing decision.

Data protection is much harder. The threats come from both the outside and the inside. On the outside, you have overzealous teenagers in Canada, competitors, and crime syndicates based in Russia. On the inside, you have engineers packing up to join a competitor, sales people squirreling away customer lists, and fraudsters mining for gold – not to mention the oft-cited disgruntled employee.

Think Ignacio Lopez, the infamous purchasing czar at General Motors who quit one evening and took dozens of boxes of strategic documents with him as he set up shop at Volkswagen. Or the Indian Security Agency flunky who delivered a USB thumb drive, purportedly loaded with information on India’s nuclear program, to a U.S. embassy operative.

There are three facets to data protection: encryption, device control, and leak prevention. Some types of information have to be encrypted while they are at rest, such as credit card information. You would not want to suffer the fate of CardSystems Solutions Inc. that went out of business last fall due to the loss of a huge number of records to a hacker. Besides, the credit card associations stop just short of requiring encryption if you want to handle their cards.

But do you want encryption everywhere else? Do you want the headaches of handling keys for all those files, users, servers, and backup devices? I don’t think so. Look for tactical opportunities to exploit the power of encryption. Cyber-Ark Software and Ingrian Networks, for example, have created manageable tools for encrypting valuable information.

Device management – the ability to set and enforce policies on the types of devices that can be attached to the network – is something most organizations have not even begun to look at. Centennial Software, Safend, and SecureWave provide centrally managed solutions that can see every USB device that is attached to the network. Policies can be created by device and user, allowing or disallowing the use of a particular device. So, no more worries about 30 gigs of data being downloaded to an iPod on an employee’s last day.

Leak prevention is all about monitoring the network for suspect activity that indicates someone is misappropriating or misusing data. It can be deployed in existing network attached devices, such as an email gateway like Proofpoint's or an IPS device like Force10’s P series. But several emerging companies also are addressing the leakage issue: PortAuthority, Reconnex, Tablus, Vericept, and Vontu among them.

At this early stage, the keys to choosing a leak prevention solution are:

  • Ease of deployment. A solution that requires you to set granular policies and manually identify critical information will be too cumbersome and expensive to deploy. The ideal solution should be capable of operation on the first day, and should start generating useful results immediately. Spiders that crawl the network, indexing and fingerprinting data, can ease the data discovery phase. Default policies based on activity monitoring will get a solution up and running quickly.
  • Accuracy. The underlying algorithms that decide when data is being leaked should minimize false positives. Every alert sets off a forensic response. False positives waste time and lead to embarrassing investigations. Too many false positives and the tool will no longer be used.
  • Reporting. Yawn. Gotta have it.

I believe that the ability to actively block is not critical at this early stage. Making insiders aware of your ability to monitor their activity will curtail over 90 percent of the data leakage you are probably experiencing today. Blocking real traffic could cause more problems than it solves, especially if a network device is configured to fail in that situation. Finding and disciplining the people who are abusing your data is the most important step to take in data protection.

Encryption, device management, and leak prevention work together to diminish the risk of data loss. Encrypting data at rest protects it from outsiders and unauthorized insiders, as well as inadvertent loss off the back of a delivery truck. Quickly deployed and well managed leak prevention can help to control insiders’ behavior. Device management blocks the insider who is determined to steal data via a thumb drive or iPod.

Of course, none of this can stop the determined industrial spy – just use your cellphone's camera to take a picture of the unencrypted data on the computer screen, and you've foiled all of these defenses. But the combination of these three technologies will reduce your exposure and put you in compliance with the industry's best practices.

— Richard Stiennon is founder of IT-Harvest Inc. Special to Dark Reading

  • Centennial Software Ltd.
  • Cyber-Ark Software Ltd.
  • Force10 Networks Inc.
  • Ingrian Networks Inc.
  • PortAuthority Technologies Inc.
  • Proofpoint Inc.
  • Reconnex Corp.
  • Safend Inc.
  • SecureWave S.A.
  • Tablus Inc.
  • Vericept Corp.
  • Vontu Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/27/2020
    How an Industry Consortium Can Reinvent Security Solution Testing
    Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
    10 iOS Security Tips to Lock Down Your iPhone
    Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13386
    PUBLISHED: 2020-05-27
    In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled...
    CVE-2019-20806
    PUBLISHED: 2020-05-27
    An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
    CVE-2020-10737
    PUBLISHED: 2020-05-27
    A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
    CVE-2020-13622
    PUBLISHED: 2020-05-27
    JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
    CVE-2020-13623
    PUBLISHED: 2020-05-27
    JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.