Incident Response, Network Security, TDR

Data protection in the dark

In an age of rampant malware attacks, in an era when companies may soon be liable for ignoring their cyber risk, at a time when firms are talking about insider attacks, data breaches and cyber crime every day…most IT security departments are still flying blind. They have little or no data visibility or risk context. So they don't know what sensitive data exists or where it is located, what user is taking what action, where data is going or what controls they need to mitigate that risk. That is a lot of unknowns – and this is in companies that have data protection programs. In spite of the myriad solutions available to help enterprises protect their most valued data, most firms never face the most basic reality of data protection: If you can't see it, you can't protect it.

The ability to see across the dimensions of people, data, applications and systems so that one may act on what is seen has become the critical factor in ensuring the protection of a company's most valuable assets. Yet, traditional DLP vendors have focused on the network, with policy-driven approaches limited to keywords and number strings. This is flawed on many levels. 

A comprehensive solution must be able to work online as well as offline or in virtual environments, and support all platforms of Windows, Mac, Linux and servers. It must be able to track and see what happens at the endpoint as well as the network – at all points of risk. Failure to meet these requirements leaves you exposed.

Equally important is the ability to understand what is occurring. Knowing who the user is and their role and responsibility can be just as critical as the data they're accessing. Executives obviously have different responsibilities than a chief scientist or contractors/suppliers. Understanding of non-structured data, such as audio, CAD or PDFs is paramount in protecting any type of IP data. Having insight into the source or destination of a file or what applications are open is also essential. Also key is the ability to have permanent and inheritable tags that don't get washed away with a clip and paste, a renamed file or file type, or when pushed into a .zip file. Again, if you cannot see what is happening or understand all the context you cannot protect data properly. 

Many solutions take the approach of “policy/incident” match. This is problematic since such limited visibility (both where it is happening and the context of what is happening) makes it impossible to protect data. The inability to protect a CAD file, or understand the role of who is copying or moving information, or to see when a transaction is occurring offline is akin to trying to bake a cake without all the ingredients.

Flexibility is another essential element, enabling you to monitor trends and anomalies before putting in policies or to choose rules that makes sense for your business versus choosing from a prepackaged list. Flexibility also means having the ability to deploy by users, business unit, use case or as an on-premise solution or to have a managed service in order to meet the needs of your business and its resources as you see fit. Finally, flexibility is essential to integrate to your SIEM solution, existing network gear, encryption solutions and email products.

Organizations that are succeeding in protecting their IP and sensitive data understand that risk containment is required to secure enterprise information, regardless of where it resides, who is using it, where the data is going and what type of attack is underway. Threats are changing every day and the malicious insider or outsider does not stop on first attempt. If you can't see it, you can't protect it. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.