Whether on the race track, on the web or in the boardroom, data leaks are invariably bad news. Just ask Ferrari and McLaren, the F1 giants embroiled in controversy over allegedly stolen technical documents. Or Facebook, who mistakenly exposed a slice of their own source code recently, and thereby possibly their own users. Or Monster.com, who made the monster mistake of losing over a million customer records to expert “phishers.”

Companies are facing spiralling pressures to protect all types of business data. Almost all businesses fall under a regulatory mandate to protect private or personal information, and all worry about internal, confidential information falling into the wrong hands. It has become a race to secure data against increasingly sophisticated hackers. In your organization, who will cross the finish line first?

A moving target

There’s a real urgency to find solutions to this problem. The situation is further complicated by the need to protect sensitive data whether it’s parked at rest – i.e. stored within the enterprise, or on enterprise devices – or in motion, either on the corporate network or on external links. However, the main part of the task is controlling access to and use of sensitive data by insiders: employees and trusted third parties.


This task has been compounded by the influx of consumer-based technology into the workplace, such as digital media players, cameras, IM and social networking sites, and USB devices, which are all potential sources of leaks. Hence the growing interest in data leak protection (DLP), as companies searching for the policies, processes and tools to help protect their intellectual property and stop leaks. So what’s the right formula for DLP? What should organizations protect, and how should they manage that protection?

A 2007 Gartner report identified consumer products in the enterprise as one of the biggest threats to corporate security. The security holes these products and applications create need to be closed, and business’ acceptable use policies extended to cover these areas. The report named four key technologies as presenting the biggest risks. Let’s deal with each of these in turn, and evaluate the solutions and policies that can deliver management of each risk type.

Stopping the bus

USB devices (cameras, MP3 players, portable drives etc) represent a key risk, according to the Gartner report. The starting point for protection is to include them in the business acceptable usage policy (AUP), to educate users on the importance of following policy, and the business risks if they do not. But policies alone aren’t enough, so they must be backed up and enforced.