CRN
  • Home
  • Features
  • Security

The problem of data loss

By Staff Writers on Apr 30, 2008 11:28AM

This article appeared in the 28 April, 2008 issue of CRN magazine.

Subscribe now

The problem of data loss

In The Spotlight

Meet the Business Transformation finalists in the 2022 CRN Impact Awards

Meet the Workforce Empowerment finalists in the 2022 CRN Impact Awards

Meet the Network Evolution finalists in the 2022 CRN Impact Awards

Who was spotted at CRN Channel Meets (Cybersecurity) in Sydney?
Page 1 of 2  |  Single page
Phil Vasic, ANZ Country Manager, Websense

Today’s security professionals in regulated industries face a daunting challenge in protecting the organisation’s most valuable asset: its information. Over the past few years IT departments have invested heavily to protect against breaches that compromise IT and information assets, however, their efforts have been focused on preventing outsiders from hacking into the organisation, not securing the company and information from insider threats.

Insider threats are not always malicious events or done with malicious intent. In fact, according to most industry analysts today, the majority of all leaks are the result of unintentional data loss from employees and partners.

Perhaps unwittingly by using Web-based email or instant messaging services, employees are circumventing the security precautions put in place by their companies. A recent independent survey of European small and medium sized businesses commissioned by Websense found that 63 percent of employees in the UK had sent work documents to their personal email accounts to work on them from home. This is a classic example of where honest employees could unintentionally leak sensitive information completely by accident, simply by sending an attachment containing confidential data and risking it falling into the wrong hands.


The high cost of a breach

The high cost of a breach can have a profound effect on organisation’s P&L, market presence, and competitive advantage as a result of damage to brand and reputation, and loss of customers and intellectual property (IP). The average information leak costs organisations around US$182 per record, according to the Ponemon Institute, averaging roughly US$4,800,000 per breach. That number doesn’t take into account the longer term affects of breach to an organisation that come from other cost factors including litigation or the loss of customer and investor confidence.

Organisations in industries such as financial services, healthcare, and government face additional challenges beyond the high cost of a breach. They must adhere to stringent industry and government regulations, which mandate the security of private or confidential information.

Information leaks don’t encompass only the loss of personally identifiable information. Financial services, healthcare, and government organisations must also consider the security of confidential information, such as IP, merger and acquisition plans, and other critical assets that are strategic to the competitive advantage of the organisation.


Addressing the problem with Data Loss Prevention solutions
To address the growing problem of data breaches and loss of information, many organisations are turning to their solution providers to help them implement a data loss prevention (DLP) solution, which is designed to discover, monitor, and protect information.

Unlike traditional threat based blocking solutions that restrict access to resources or control applications or communication channels, DLP solutions are designed to understand and enable policies for the information and the data itself. This allows the organisation to focus on protecting its unique sensitive information from unintentional or malicious leaks.

DLP solutions discover data throughout the network – on servers and endpoints – to provide organisations with the intelligence necessary to effectively design and implement content enforcement policies. They also monitor data at rest, in use, or in motion, providing complete coverage of business communications, both external and internal.

With a DLP solution, an organisation can monitor email, printers, http/s, instant messaging, and a variety of other commonly used protocols to discover where information is transmitted and by whom, and audit business processes to increase efficiencies, redefine policies and workflows, and reduce the risk of a leak.

DLP solutions use policy-based enforcement to protect data in use and in motion with pre-defined automated enforcement capabilities. Organisations can leverage policy design wizards to block, encrypt, quarantine, notify, and/or remediate an infraction. This flexibility allows administrators to create more efficient information workflows that map to internal business processes (e.g. a manager and/or content owner can approve/deny a subordinate request to send data, and/or receive a notification following a breach).

Work with a solution provider to implement the right technology

Implementing a DLP solution requires an investment in time, money, and training. To ensure the success of the project, organisations should solicit the advice and support of certified solution providers, which are trained and experienced in recommending and deploying leak prevention solutions.

Successful deployments require the integration of the technology with business processes – a feat which requires time and expertise to avoid disrupting the core business. Solution providers can help overcome these and other obstacles by providing valuable services, including risk assessment, policy and compliance management and auditing, deployment, and employee training. The following chart provides a checklist of the features a DLP solution should include:

-Vendor Evaluation Chart

-Feature and functionality

-Content aware technology

-Accurate identification and classification

-Multiple detection methods

-Low number of false positives

-Comprehensive coverage

-Discovery, monitoring, and prevention for data in motion, at rest, and in use

-Protection against accidental, intentional, and malicious leaks

-Data and meta data protection for documents and databases

-Simplicity and management

-Integrated solution (reporting, discovery, monitoring, and enforcement)

-Deployment time and required administration

-Integration with complementary technologies and infrastructure

-Pre-built policy templates (including regulations)

-Scalable solution with both user and data policy management

-Vendor viability

-Established, recognised leader in content security industry

-Global support and continued investment in R&D



For value-added partners, ultimately, when deploying a DLP solution at a customer’s site, it’s important to consider the requirements of the organisation, taking into account such variables as the type of information being protected, communication technologies in use. Data loss is a problem that affects the entire organisation and not just IT.

Human resources, legal, accounting, finance, and other business units are often involved in the purchase, if not the implementation of a loss prevention solution. When evaluating solutions it is important to consider requirements specific to the customer and their existing architecture.
Next Page
1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
data loss of problem security the

Partner Content

Why rock-solid MSPs services require unified infrastructure monitoring
Promoted Content
Why rock-solid MSPs services require unified infrastructure monitoring
Is business nbn Enterprise Ethernet the future of business connectivity for MSPs?
Promoted Content
Is business nbn Enterprise Ethernet the future of business connectivity for MSPs?
How to prepare for the increasing demand for cloud-ready partners
Promoted Content
How to prepare for the increasing demand for cloud-ready partners
In the low-latency cloud era, connectivity makes all the difference
Promoted Content
In the low-latency cloud era, connectivity makes all the difference
Microsoft, Yealink and Alloy’s roadshows fire up the Australian channel
Promoted Content
Microsoft, Yealink and Alloy’s roadshows fire up the Australian channel

Sponsored Whitepapers

How vulnerability scans identify & protect against cyberthreats before criminals locate them
How vulnerability scans identify & protect against cyberthreats before criminals locate them
Monitoring & automation: A primer for MSPs
Monitoring & automation: A primer for MSPs
Endpoint Detection and Response
Endpoint Detection and Response
How to put your infrastructure into overdrive
How to put your infrastructure into overdrive
MSPs: Stack your solutions
MSPs: Stack your solutions
By Staff Writers
This article appeared in the 28 April, 2008 issue of CRN magazine. Subscribe now
0 Comments

Related Articles

  • Nextgen Group launches new Security Foundations program for AWS Partner Academy
  • Vault Cloud hunts new CISO as Rupert Taylor-Price joins CSIRO's new AI Think Tank
  • Weekly Gov Wrap Up: the latest channel tenders, NBN news and more
  • ESET Australia head of sales Luke Holland departs
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Bidding war for MOQ Limited heats up

Bidding war for MOQ Limited heats up
Microsoft ISV LiveTiles to delist from ASX

Microsoft ISV LiveTiles to delist from ASX
Uniti Group to delist from the ASX this week

Uniti Group to delist from the ASX this week
MSPs, vendors among Australia's best places to work

MSPs, vendors among Australia's best places to work
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.