Kevin Rowney, who founded Symantec's recent DLP acquisition, Vontu, showed bar charts produced by Vontu that show the amount of data loss violations per department. In this case, the largest red-line on the chart led to HR, something Rowney says is quite common. The reports make an excellent education tool and could be used with incentives for departments competing to get the best score on their data practices (see image).
David Mortman, CSO in-residence for Echelon One, recalled how he'd developed his own program a few years back at another company that informed a user of a data gaffe. “It'd say, ‘You just copied confidential data. Did you mean to do that?'” Mortman said. “After that we had a huge drop in that behavior.”
Vontu and other loss prevention vendors have automated this with educational pop-ups telling users how they just violated data use policy. In particular, Trend's DLP product also includes links to additional education should it be required.
Symantec also laid out a Norton family service plan that would enable the technically inclined to remotely administer computer security for their family members and friends who inevitably call when something's wrong. This latter development project of Symantec's could also play to the SMB space, says Michael Santarcangelo, II, founder, Security Catalyst, a security incubation firm in East Greenbush, N.Y.
Mortman, Santarcangelo and other participants saw great value in the ability to assist mom from home or work instead of having to drive over to mom's house whenever she calls. However, they worry about exploitation of the peer-to-peer connection Symantec would be brokering between the family IT administrator and the computers being managed.
Also on the consumer side, Symantec demonstrated a family safety software service alpha, in which families form online safety rules and a simple dialog pops up to tell a young user why mom won't let her talk to SLEAZY_BOY on the web until mom knows more about him. It would also enforce curfew, enforce safe search (blocking certain terms), and let parents know if their 14-year-old is posing as a 19-year-old on MySpace.
Again, attendees of the small gathering saw value in the service, particularly in the case of absentee parents. But they worried about the program being abused by overbearing parents (or spying spouses) or as a replacement for real-world parental supervision.
They were also concerned about the fact that Symantec, by acting as service provider for the family safety program, would control the data and meta data of surf, chat and other sessions that the program stores at a Symantec site. These are records and data that normally don't all exist in one place. Chat would be at the ISP, for example, search at the search engines, and so on.
These are all issues Symantec will be mulling as it plans to release new products along these lines. Symantec wouldn't specify release dates of any of these alpha and beta projects, but expect to see some of these new features appearing in Norton 09 for Windows, with Mac versions lagging sometime behind.
For more coverage of the RSA Conference, visit our special RSA Conference 2008 microsite. It contains news and announcements from the show floor, as well as podcasts, video and opinion columns from keynote speakers and industry luminaries, like RSA Conference's Sandra Tom La Pedis and Tim Mather, Symantec's John Thompson and Kevin Haley, and IBM's Val Rahmani.