Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

DLP as an option to securing the shortest path for data out of the company

InfoSecurity Europe : 22 January, 2010  (Technical Article)
Security Analyst Davin Fligel discusses methods for securing data from being inadvertently disclosed by well-meaning employees trying to find the best way to achieving a goal
See our events guide listing for more details

You are a CIO, you are responsible for managing the flow of information in your organisation. How do you handle information exchange processes?

With an ever increasing ability to exchange information the burden grows. This is largely due to increased demands to use consumer based technologies where security is often an afterthought. Why is this happening?

As an information worker processing hundreds of emails a day, sifting through requests, requirements and responses and moving documents around with a deftness usually reserved for ballet dancers, the paper pushers of the past have become the digital data processing machines of today. So where is the risk..? A quick scenario should illustrate:

An email has just arrived from the financial director, he needs an invoice sent off urgently, he has sent you the spreadsheet, and you make the necessary changes. You are about to send it off and realise that company policy dictates that all documents sent to clients must be in PDF format. IT has been swamped with firefighting, you have not got the necessary tools to export to PDF, the document is urgent. What to do?

Hop online, Google 'convert excel to PDF', I can do it online and not get IT involved, great, convert online, send PDF, job done, phew, that was easy.

You have just opened the shortest path to getting the job done, unfortunately you have inadvertently exposed the content to a third party in doing so. The shortest path is not always the safest. Cloud services, particularly consumer focused services are almost always a shorter path than through the IT department, with their call logging, and service level agreements.

Back in the CIOs shoes, did you know this even happened? Is the user to blame, has he actually violated the policy, did he know that he was leaking information?

To remain competitive the ability to collaborate, process and exchange data is paramount. As a CIO it is often impossible to resist board pressures to adopt "unsafe" technologies to keep up with the competition.

There appear to be only two options:

* Offer a similar quality of tools in the workplace, complete with the ability to work in the same fashion at home.
* Protect the critical information and sacrifice the operating field.

Option one is untenable. Keeping up with the Internet in offering services to your users is a losing battle. And limiting their access to these online resources is a delicate balance between losing efficient and improving security.

Option two can largely be achieved through Data Loss Prevention (DLP) systems which are now beginning to gain a foothold amongst CIOs burdened with compliance requirements that would otherwise require a restructuring of their information models. At worst DLP solutions serve to highlight the points where information is being exchanged and assisting CIOs in identifying weak points. Given them tools to develop metrics and apply changes where they are most needed.

Remember a user will open the shortest path first. Make the shortest path a secure one.

I leave you with this mantra, in the hope that all information processes are held up to this question: Is this the shortest path?

Caretower Limited is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo