Of those organizations trying to facilitate bring-your-own-device (BYOD) in their workplace, many are turning to network access control (NAC) to handle guest access from controlled devices, which can be set up in locations identified for personal use. Like the protected internal network, the guest network can be monitored for data flows indicative of IP or personal data moving onto devices or out of the organization.
Enhanced NAC tools can also be used to scan the security state of the device attempting access: Is it configured properly? Does it contain a beaconing application, such as malware or file sharing?
“Monitor for data leakage at the network egress (outbound) point using any combination of network and agent technologies,” says RSA's Williams.
By logging in, employees are also registering their feeds through the organization, which then provides critical records for follow-up on policy, says Thomas Logan (left), CTO of HiSoftware, which provides software and services around collaborative data environments.
Logan also recommends using web crawlers and keywords to search for abuses of policy across web mediums. Brand recognition software can do some of this, but much of the search involves good, old fashioned keyword searches on behalf of the organization, according to experts.
“Sensitive data should not be put into unmonitored, collaborative Web 2.0 environments in the first place,” Logan says. Access should be based on need to know, and sensitive data should be encrypted, he adds.
“Once data is published somewhere on the web, it's hard to redact,” AIIM's Miles says.