Data Leakage Prevention – Protecting Sensitive Information

When DuPont lost $400 million in intellectual property, it wasn’t because a hacker from the other side of the world infiltrated their system. The information was simply stolen by a former employee. Alarmingly, data loss incidents are not always caused by deliberate actions.

A file containing personal information accidentally attached to an email and sent to multiple recipients; financial data stored in a USB pen drive, accidentally left in a restaurant; or bank account data of colleagues, inadvertently posted on a company website – these are also some of the everyday causes of data loss.

A report done by research company Infowatch regarding global data leaks in 2010 showed that there were actually more accidental data leaks in that year compared to intentional ones. Accidental leaks comprised 53%, while intentional leaks comprised 42% (the rest were unidentified).

But even if they ?only? happened accidentally, breach incidents like these can still be very costly. The tens of thousands of dollars that you could sometimes end up paying in civil penalties (as in the case when you lose other people?s personal information) can just be the beginning. More costly than this is the loss of customer and investor confidence. Once you lose those, you could consequently lose a considerable portion of your business.

Confidential information that may already be leaking out right under your nose

With all the data you collect, process, exchange, and store electronically every day, your IT system has surely now become a storehouse of sensitive information. Some of them, you may be even taking for granted.

But imagine what would happen if any of the following trade secrets fell into the wrong hands: marketing plans, confidential customer information, pricing data, product development strategies, business plans, supplier information, source codes, and employee salaries.

These are not the only kind of data that you should be worried about. You could also get into trouble if your sloppy IT security fails to protect employee or client personal information such as their names; social security numbers; drivers license numbers; or bank account numbers and credit/debit card numbers along with their corresponding PINs.

In some countries, you could face onerous data breach notification requirements and heavy fines when these kind of data are involved.

There are now more holes to plug

It’s not just the different varieties of sensitive electronic information that you have to worry about. Because these data can take on different forms, i.e. data-at-rest, data-in-motion, and data-at-the-endpoints, you also need to take aim at different areas in your IT system.

Sensitive information can be found ?at rest? in each of your employees? hard disks, in your servers, storage disks, and in off-site backup disks. They can also be found ?in motion? in email, instant messaging, social networking messaging, P2P file sharing, ftp, http, and so on.

That’s not all. Your highly mobile workforce may have already introduced yet another high-risk area into your system: data-at-the-endpoints. This includes USB flash-disks, laptops, portable hard disks, CDs, and even smartphones.

The main challenge of data leak prevention

Having been made aware of the various aspects of data leakage, have you already come to grips with the extent of the task at hand?

There are two major things you need to do here to prevent data leakage.

One, you need to identify what data you have that can be considered as sensitive/confidential information. Of course you have financial information and employee salaries in your files. But do you also store personally identifiable information? Do you have trade secrets that are stored in electronic form?

Two, you need to pinpoint their locations. Are they only on your hard disks and laptops? Or have they made their way to flash drives, CDs/DVDs, or portable HDDs? Are they being transmitted through email or any other file transfer media?

The reason why you need to know what your sensitive data are as well as where they are is because you would like all efforts of securing them to be as efficient and unobtrusive as possible.

Let’s say, as a way of protecting your data, you decide to implement encryption. Since encryption can consume a lot of storage space and significantly reduce performance, it may be impractical to encrypt your entire database or all your files. For the same reason, you wouldn’t want to encrypt every single email that you send.

Thus, the best way would be to encrypt only the data that really need encryption. But again, you need to know what data needs to be encrypted and where those data can be found. That alone is no simple task.

Not only will you need to deal with the data you already have, you will also have to worry about the data that will go through your systems during the course of your day-to-day transactions.

Identifying sensitive data as it enters or leaves your system, goes through your network, or gets stored in your file system or database, and then applying the necessary security actions should be done automatically and intelligently. Otherwise, you could end up spending on a lot of man-hours or, worse, wasting them on a lot of false positives and negatives.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

How to Improve Corporate Efficiency through IT

When revenues are low, what do you do to improve your profit? Obviously, those same revenues should at least remain the same. So, the objective would be to deliver the same products and services for less cost. More for less. Such is the essence of corporate efficiency.

There are many things that can make a company inefficient. There are outdated procedures, poor coordination between departments, managers? lack of business visibility, and prolonged down times, to mention a few. As a company grows, these issues get more severe.

You can overcome all these by deploying the right IT solutions. But don’t IT solutions increase spending instead? Au contraire. The last couple of decades have seen the rise of IT solutions that help companies’realise obvious cost savings in no time.

Streamline processes and keep departments in-sync

Company inefficiencies are largely due to outdated systems and procedures. These systems and procedures were not built for the dynamic and complex business environments of today that are being shaped by increasingly onerous regulations, fierce and growing competition, significant economic upswings and downturns, new battlefronts (like the Web) and logistical strategies (like outsourcing), and IT-savvy crooks.

So when your employees force outdated systems to meet today?s business demands, they’re just not able to deliver. At least not efficiently.

Another major cause of inefficiency is the discordance among departments, business units, and even individual staff members themselves. There are those who still use highly personalised spreadsheets and other disparate applications, which make data consolidation take forever and the financial close a perennial headache.

Costly devices like mobile phones, netbooks, and tablet PCs, which are supposedly designed to provide better communication, are not fully maximised. If these are subsidised by the company, then they also contribute to company inefficiency.

One way to deal with these issues is to deploy server based solutions. By centralising your IT system, you can easily implement various improvements that can pave the way for better communication and collaboration, stronger security, faster processes and transactions, and shorter down times for troubleshooting and maintenance. All these clearly translate to cost savings.

Gain better visibility

Corporate efficiency can be improved if your decision makers can make wise and well-informed decisions, faster. But they can only do this if reports they receive from people down the line are timely, accurate, and reliable. Basically, data should be presented in a way for managers to gain quick insights from.

If your people take too much time scrutinising, interpreting, and reconciling data, you can’t hope to gain a significant competitive advantage. Equally important to managing an ongoing project is the speed at which you make a go/no go decision to start or stop a project. A wise, quick decision will help you avoid wastage.

The same holds true when making purchases and investment decisions. It’s all about quickly eliminating waste and investing only on those that will give you fast, positive returns.

Clear business visibility will allow managers to allocate resources where they are most effective, to pinpoint what products and services being offered are more profitable, and to identify which customers are giving better business from an overall perspective.

These are all possible with business intelligence. We know, we know. You’ll say BI solutions will force you to break the bank. Not anymore. At least, not all. There are already two main types of BI solutions: on-premise and SaaS. The latter will generally cost you less.

Of course, each type has its own advantages, and you’ll really have to look into the size of your organisation, the number of source systems your decision-making platform is connected to, integration requirements, budget, etc. to make sure you get the most out of your investment.

But IT solutions cost an arm and a leg

Again, not anymore. These days, you can find IT products that are faster, more functional, and more powerful than their predecessors at a fraction of the cost. When it comes to getting more affordable IT products and services, you now have many options.

For example, you can turn to open source solutions to save on license costs. These solutions are typically backed by vibrant and helpful communities where you can find an extensive source of technical support – many of which are for free. With popular open source products, you can easily tap from a large pool of developers with affordable rates any time you want to make system enhancements or customisation.

On another front, virtualization solutions allow you to save on CAPEX and OPEX by eliminating certain expenses normally used for setting up infrastructure or buying hardware and maintaining them. Server virtualisation, for instance, will allow you to consolidate servers and put them together into just one machine, while desktop virtualisation will enable you to eliminate unproductive hours associated with desktop down times by allowing you to redeploy a malfunctioning desktop very quickly.

Closely related to those are cloud-based solutions like SaaS (Software as a Service), IaaS (Infrastructure as a Service), and DCoD (Data Center on Demand). SaaS and IaaS will help you realize savings in acquisition and maintenance costs for software and hardware, while DCoD?s scalable services allow you to request for additional capacity, power and storage only as you need them, thus making you spend only according to your current infrastructure requirements.

Like we said, there are many, many options out there just waiting to be tapped.

User-Friendly RASCI Accountability Matrices

Right now, you’re probably thinking that’s a statement of opposites. Something dreamed up by a consultant to impress, or just to fill a blog page. But wait. What if I taught you to create order in procedural chaos in five minutes flat? ?Would you be interested then?

The first step is to create a story line ?

Let’s imagine five friends decide to row a boat across a river to an island. Mary is in charge and responsible for steering in the right direction. John on the other hand is going to do the rowing, while Sue who once watched a rowing competition will be on hand to give advice. James will sit up front so he can tell Mary when they have arrived. Finally Kevin is going to have a snooze but wants James to wake him up just before they reach the island.

That’s kind of hard to follow, isn’t it ?

Let’s see if we can make some sense of it with a basic RASCI diagram ?

Responsibility Matrix: Rowing to the Island
Activity Responsible Accountable Supportive Consulted Informed
Person John Mary Sue James Kevin
Role Oarsman Captain Consultant Navigator Sleeper

?

Now let’s add a simple timeline ?

Responsibility Matrix: Rowing to the Island
? Sue John Mary James Kevin
Gives Direction ? ? A ? ?
Rows the Boat ? R ? ? ?
Provides Advice S ? ? ? ?
Announces Arrival ? ? A C ?
Surfaces From Sleep ? ? ? C I
Ties Boat to Tree ? ? A ? ?

?

Things are more complicated in reality ?

Quite correct. Although if I had jumped in at the detail end I might have lost you. Here?s a more serious example.

rasci

?

There?s absolutely no necessity for you so examine the diagram in any detail, other to note the method is even more valuable in large, corporate environments. This one is actually a RACI diagram because there are no supportive roles (which is the way the system was originally configured).

Other varieties you may come across include PACSI (perform, accountable, control, suggest, inform), and RACI-VS that adds verifier and signatory to the original mix. There are several more you can look at Wikipedia if you like.

New Focus on Monitoring Soil

There is nothing new about monitoring soil in arid conditions. South Africa and Israel have been doing it for decades. However climate change has increased its urgency as the world comes to terms with pressure on the food chain. Denizon decided to explore trends at the macro first world level and the micro third world one.

In America, the Coordinated National Soil Moisture Network is going ahead with plans to create a database of federal and state monitoring networks and numerical modelling techniques, with an eye on soil-moisture database integration. This is a component of the National Drought Resilience Partnership that slots into Barrack Obama?s Climate Action Plan.

This far-reaching program reaches into every corner of American life to address the twin scourges of droughts and inundation, and the agency director has called it ?probably ?… one of the most innovative inter-agency tools on the planet?. The pilot project involving remote moisture sensing and satellite observation targets Oklahoma, North Texas and surrounding areas.

Africa has similar needs but lacks America?s financial muscle. Princeton University ecohydrologist Kelly Caylor is bridging the gap in Kenya and Zambia by using cell phone technology to transmit ecodata collected by low-cost ?pulsepods?.

He deploys the pods about the size of smoke alarms to measure plants and their environment.?Aspects include soil moisture to estimate how much water they are using, and sunlight to approximate the rate of photosynthesis. Each pod holds seven to eight sensors, can operate on or above the ground, and transmits the data via sms.

While the system is working well at academic level, there is more to do before the information is useful to subsistence rural farmers living from hand to mouth. The raw data stream requires interpretation and the analysis must come through trusted channels most likely to be the government and tribal chiefs. Kelly Caylor cites the example of a sick child. The temperature reading has no use until a trusted source interprets it.

He has a vision of climate-smart agriculture where tradition gives way to global warming. He involves local farmers in his research by enrolling them when he places pods, and asking them to sms weekly weather reports to him that he correlates with the sensor data. As trust builds, he hopes to help them choose more climate-friendly crops and learn how to reallocate labour as seasons change.

Ready to work with Denizon?

Contact Us Today