Data: You can’t get it back once it’s gone

You’d have to be on another planet to miss the stories of data loss by major companies. It seems amazing that this could happen in an age of encryption, fire walls, and hyper-high tech security. Yet it does.

As a consumer and technology professional, I’ve witnessed first hand that Data Loss Prevention (DLP) software, designed to prevent inadvertent or accidental loss or exposure of sensitive information, doesn’t always work. Many organizations never realize the power of their DLP solutions because of a lack of user education and weak support for comprehensive strategies.

Strategy

You must have a solid DLP strategy to satisfy the regulations most organizations face today.  A good DLP strategy consists of three key elements.

  • Monitoring software
  • Employee Education
  • Tools to Secure Data While in Transit

Monitoring

Monitoring software is the forte of packaged DLP solutions and allow monitoring multiple network protocols like IM, FTP, HTTP and generic TCP/IP to identify sensitive data that may be at risk.  Scans allow you to identify broken business process that may be exposing confidential data, like an FTP server sending unencrypted customer information to a trusted third-party or an employee sending out customer data or intellectual property that violates data security policy.  While these tools are extremely helpful, they typically just allow you to identify the issues and not create the action to be taken. The rest of your DLP strategy needs to focus on your response.

Security education

Education is a very key step.  It is essential to conduct employee training and make sure everyone involved can identify sensitive data and know what to do to ensure data isn’t at risk.  This includes teaching people not to send certain information via unsecure channels such as email, or FTP.  Employees need to be trained on tools that will allow them to ensure they comply with security policies but can still effectively conduct business.  An effective education program is not a onetime event, either, but is something that must be done on a regular basis and must be built into the culture of the organization.

Security tools

But education alone doesn’t address the problem. There is legitimate business need to move information that is sensitive in nature and therefore use tools that allow employees to maintain the security of data while in transit.  The problem…most organizations never establish a corporate standard for how employees do this.  End users end up leveraging consumer-focused web solutions that don’t have an level of security and control. At least not the level corporations require to ensure the security and integrity of sensitive information.  A corporate standard must be established, and depending on your industry an on premises solution may make the most sense.

In today’s environment, with regulatory requirements and heightened sensitivity of investors and customers, this is a topic to take very seriously.  While DLP software is a critical part of the overall strategy, both education and the right tool set complete the story.

Advertisements

Tags: , , ,

Categories: Compliance, Security, SOA / B2B, Tech Strategy

Author:Kevin Bohan

A career spent on the cutting edge of technology and its integration business process. Love American's pastimes (baseball and football, of course). Lover of adventure and my family.

Subscribe to the blog

Subscribe and receive an email when new articles are published

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: