Sister CISA CISSP

Jul 14 2010   12:58PM GMT

The Advanced Data Threat of Persistent Leakage

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Back from a lovely vacation on a lake (where there are no computers or TVs allowed) I am struck once again by a terrible case of whimsy. Thus the title of this entry, which I truly could not resist.

There is an odd marketing marriage of some “security” terms. I put security in quotes because it’s so hard to identify the real security issues from the marketing of the latest security product. How often have security software vendors come up with a new “issue” or “risk” only to follow that up with the product that will address it?

“Data Leakage.”

This problem has been around for a long time. It could be called “industrial espionage,” “data theft,” or “poor data management,” or even a lack of data classification. “Leakage” just sounds newer, and, well, more catchy. It all comes down to good security practices, which are less catchy, but just as effective.

If you know what your confidential data is, where your confidential data is, who has access to it, and when they accessed it, you are halfway to your own “data leakage prevention system.” Then, implement hardware policy controls (i.e., external drives, CDs/DVDs) and Internet access. Not to mention that a good Information Security Policy that is reviewed and signed off by your employees annually emphasizes your corporate due diligence. The Policy needs to be very clear about confidential data and what employees can do with it.

Still, people will send out data in email, won’t they? (I’m thinking of doctors, lawyers and professors) Good email filtering with appropriate filter keywords can capture a great deal. But ultimately, it also includes education.( It’s still absolutely amazing what gets put on corporate web servers.)

All these activities are a LOT more work, but much more valuable than putting in a system that is fundamentally a detective control. rather than a preventive set of practices.

I do, however, prefer “data leakage prevention” to “extrusion prevention system.” What an expression!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: