Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Vontu Data Loss Prevention 8 interview

04 October, 2007
This week, Vontu announced its latest product, Data Loss Prevention 8 (DLP 8) which provides an integrated approach to preventing loss of data throughout the enterprise.
The product comprises both network and endpoint data discovery tools so that companies have a constant view of where confidential data is being stored. Coupled with this are loss prevention tools which control what is done with confidential information, for example preventing it from being copied to removable media or routing transmissions to encryption servers. Finally, DLP 8 has a comprehensive set of reporting tools and compliance assurance features enabling policies to be set relating to different pieces of legislation.

ProsecurityZone took the opportunity to talk to Kit Robinson of Vontu about this release and our first question related to cost. Protecting data on this scale has cost associated with it which needs to be justified so we wanted to know how Vontu would approach a cost justification case.

The answer lies in the balance between the cost of protection and the risk of exposure which can be quantified in terms of the Ponemon Institute study of data breach costs for 2006 which indicated an average cost of 182 USD per compromised record with the recent TJX data breach having cost the company 256 million USD.

Vontu protection reduces cost impact in several areas including a reduction in remediation costs, protection against loss of business due to dissatisfied customers, maintenance of competitive advantage, litigation exposure avoidance and the protection of investor confidence.

One concern about increased security regimes is the balance between productivity and data security so we asked Vontu to elaborate on this trade off and explain whether there would be more difficulty in users accessing the data they need in order to be effective.

Kit Robinson explained that although in principal there could be some reduction in user productivity with increased security, there has to be a balance between protecting information and providing authorised users with access. The fact that DLP 8 is content-aware means that it only concentrates on sensitive information so whereas some security products block the use of CD writers and USB memory sticks completely, Vontu allows the use of these tools except for protected data, thus the impact on productivity is minimised. The extent to which data is deemed confidential or not comes down to a continuous process of risk analysis and assessment of the levels of controls required for confidential data.

Risk analysis and control assessments are about business processes rather than technology so ProsecurityZone was interested to know to what extent a data protection regime is reliant on business processes as well as the deployment of technology.

According to Vontu, the security adequacy levels of an organisation change with the risk environment and therefore require a process of review and adaptation which has to form part of the overall business process. Vontu assists in the identification and implementation of appropriate security policies and remediation processes to derive the most benefit from the technology. Solution packs based on the best business practices of the existing customer base are available from Vontu to assist with this.

We will look further into the technology of DLP 8 tomorrow.
Bookmark and Share