The Right Formula for Data Leak Protection
by Nick Lowe - Check Point - Tuesday, 18 September 2007.
Whether on the race track, on the web or in the boardroom, data leaks are invariably bad news. Just ask Ferrari and McLaren, the F1 giants embroiled in controversy over allegedly stolen technical documents. Or Facebook, who mistakenly exposed a slice of their own source code recently, and thereby possibly their own users. Or, who made the monster mistake of losing over a million customer records to expert “phishers.”

Companies are facing spiralling pressures to protect all types of business data. Almost all businesses fall under a regulatory mandate to protect private or personal information, and all worry about internal, confidential information falling into the wrong hands. It has become a race to secure data against increasingly sophisticated hackers. In your organization, who will cross the finish line first?

A moving target

There’s a real urgency to find solutions to this problem. The situation is further complicated by the need to protect sensitive data whether it’s parked at rest – i.e. stored within the enterprise, or on enterprise devices – or in motion, either on the corporate network or on external links. However, the main part of the task is controlling access to and use of sensitive data by insiders: employees and trusted third parties.

This task has been compounded by the influx of consumer-based technology into the workplace, such as digital media players, cameras, IM and social networking sites, and USB devices, which are all potential sources of leaks. Hence the growing interest in data leak protection (DLP), as companies searching for the policies, processes and tools to help protect their intellectual property and stop leaks. So what’s the right formula for DLP? What should organizations protect, and how should they manage that protection?

A 2007 Gartner report identified consumer products in the enterprise as one of the biggest threats to corporate security. The security holes these products and applications create need to be closed, and business’ acceptable use policies extended to cover these areas. The report named four key technologies as presenting the biggest risks. Let’s deal with each of these in turn, and evaluate the solutions and policies that can deliver management of each risk type.

Stopping the bus

USB devices (cameras, MP3 players, portable drives etc) represent a key risk, according to the Gartner report. The starting point for protection is to include them in the business acceptable usage policy (AUP), to educate users on the importance of following policy, and the business risks if they do not. But policies alone aren’t enough, so they must be backed up and enforced.

Some companies have taken the empirical approach of blocking USB ports with epoxy glue, but a more manageable method is investing in a port control product, which can automatically block USB devices from being connected to PCs without authorisation. More advanced products also include transparent encryption, so that information copied to USB devices is automatically rendered inaccessible to thieves.

Curbing the office social

Blogging, and use of social networking websites should also be added to the AUP. With blogging, you’ll need to specify what the business is comfortable allowing employees to discuss. Company intellectual property and confidential information should obviously be restricted from blogs, and the same with social networking sites. As with USB devices, policies should be enforced by products, to truly limit risk.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th