Enterprise Data Leakage or loss is increasingly becoming a big problem for organizations to manage, as enterprises deploy more systems to promote information sharing, the more information leaks. We have seen technology advances, such as the Internet and intranet, remote access services and a whole range of removable devices like iPods and digital cameras that are getting smaller in size and larger in storage capacity, all these have eased the way we communicate and do business and led to easy and instant access and transport of information, where gigabytes of data can be stored on devices the size of a thumb. But also increased the problem of Data leakage and security.
Data leakage can not only cause financial loss, but also lead to loss of reputation, loss of clients, cause embarrassment to the Organization and could lead to legal liability.
ENTERPRISE
The commonest routes through which data leaks can happen include the following:
- Unauthorized network/facility access: Unauthorized access to resources or to the facility by unauthorized personnel could cause data loss or/and theft.
- Sharing sensitive corporate information: this is a problem where the organization has not taken steps to classify which information is sensitive or not, which information is public or not and who is supposed to have access to what, basically who has the "need to know".
- Removable media and devices: Not only could un controlled removable media and portable devices use lead to theft and loss of company data, but could as well lead to introduction of all sorts of malware on the network by people who are already on the inside of the Organization - the insider threat.
- Losing portable devices containing sensitive data: - so often we have heard in the media, stories of sensitive information lost due to a stolen laptop or lost flash disk.
Typical data / documents that Enterprises could loose, include but are not limited to the following:
Management/Marketing/Business Development Plans, Operational guides and manuals, Personnel forms and employee performance reviews, Business proposals, contracts and agreements, Tax/Accounting/Audit reports, CAD drawings and graphical designs, Customer/Partner/Patient information.
So how do we manage this problem?
Enterprises need to look at proactively protecting corporate Data and Intellectual property (IP), by use of technology and best management practices, like awareness training for the employees and putting in place policies to manage issues of data leakage for example having a removable media usage policy. Etc...
The solution against data leaks looks at two aspects: Data Leak Prevention (DLP) and Database Activity Monitoring (DAM). Enterprises need to combine DAM and DLP technologies, to plug data leakage holes.
Data Leak Prevention -DLP is an edge technology that monitors and prevents "known content" from leaving the enterprise via email, Web, or IM-type applications like Skype and yahoo messenger. DLP encompasses tools and technology that assist with Content Monitoring & Filtering, and looks at and monitors when content leaves the enterprise, for example when an employee sends content from his Computer by email. DLP involves as well monitoring desktops and laptops to determine the type of data stored and track data movement to the edge.
Database Activity Monitoring - DAM, on the other hand, is a data center technology that monitors how data stored in core databases and file servers is being accessed; it can analyze access behavior to detect data breaches; and takes action to mitigate them, DAM knows when a user accesses and retrieves sensitive content from a database.
Other steps we could take to stop Data leaks include: Document Encryption, Access Control Management, Auditing and Tracing etc....
At BitWork Technologies Ltd, we have a whole range of security products that enable Enterprises to deploy a hybrid DLP and DAM solution to stop data leakages.
The Problem of Enterprise Data Leakage - What Data Are You Leaking and How Do You Stop the Leakage
About the Author
Mr. Thomas Bbosa - CISSP, is an Information Systems security Consultant and Managing Partner with BitWork Technologies Ltd - ( www.bitworktech.com ), an IT firm based in Kampala, Uganda. He is a certified Information Systems Security Professional (CISSP), with over 10 years Experience in the IT industry. He has been involved in various roles of IT infrastructure management and support, Information systems Security management & solutions deployment.
ENTERPRISE
0 comments:
Post a Comment