Companies are facing spiralling pressures to protect all types of business data due to the fact that today's network is extremely porous especially the influx of consumer-based technology into the workplace, such as digital media players, cameras, IM and social networking sites, and USB devices.
Almost all businesses fall under a regulatory mandate to protect private or personal information, and all worry about internal, confidential information falling into the wrong hands.
The recent data leaks from Monster.com is a serious alarming event to all.
Hence, there is an ongong acqusitions and the big companies are snapping up the DLP players.
--Symantec Corp of $350 million acquisition of Vontu
--Websense acquired Port Authority about 10 months ago for $90 million
--EMC's RSA Security unit acquired Tablus just two months ago for an undisclosed sum.
--McAfee early last fall acquired a slice of DLP technology (the end point/desktop) in its $20 million deal for Israel’s Onigma. It also acquired SafeBoot mobile data encryption deal ($350 million)
-- TrendMicro acquire Provilla
-- Check Point Technologies expects its recent acquisition of encryption vendor Pointsec
Again, the traditional 3 major AV players coupled with RSA (focus on data integrity), Websense (web-security) and Checkpoint. Looking into the competition, there is a good reason why the traditional AV players, if do it right, will be a prevalent players than others due to the broad-based of markets and offerings.
Of course, technology can only do so much. Enterprise will require People & Process to get the puzzle fix up as well.
A 2007 Gartner report identified consumer products in the enterprise as one of the biggest threats to corporate security. The security holes these products and applications create need to be closed, and business’ acceptable use policies extended to cover these areas.
The report named four key technologies as presenting the biggest risks. Let’s deal with each of these in turn, and evaluate the solutions and policies that can deliver management of each risk type.
1. Stopping the bus
USB devices (cameras, MP3 players, portable drives etc) represent a key risk, according to the Gartner report. The starting point for protection is to include them in the business acceptable usage policy (AUP), to educate users on the importance of following policy, and the business risks if they do not. But policies alone aren’t enough, so they must be backed up and enforced. Some companies have taken the empirical approach of blocking USB ports with epoxy glue, but a more manageable method is investing in a port control product, which can automatically block USB devices from being connected to PCs without authorisation. More advanced products also include transparent encryption, so that information copied to USB devices is automatically rendered inaccessible to thieves.
-- Technology: Needs Device Control mechanisms
2. Curbing the office social
Blogging, and use of social networking websites should also be added to the AUP. With blogging, you’ll need to specify what the business is comfortable allowing employees to discuss. Company intellectual property and confidential information should obviously be restricted from blogs, and the same with social networking sites. As with USB devices, policies should be enforced by products, to truly limit risk.
-- Technology: Need restrictions IM/P2P and blogging activities
3. Mobile matters
Mobile devices run increasingly robust applications, carry a great deal of business data and increasingly are a target for malicious code. Enterprises can take precautions to limit the risks of these devices without resorting to an unenforceable outright ban – an example being deployment of encryption for all approved mobile devices that have access to sensitive data. Ensure that the encryption product you choose is proven, transparent and automatic, eliminating user interaction and creating a fully enforceable solution that holds up to stringent compliance requirements.
-- Technology: Mobility Security Solution
Going remote
Employees connect to enterprise resources through both unmanaged networks and unmanaged remote devices, reported Gartner. This can increase productivity, but it can also punch holes in the company's network security. Companies should deploy VPNs to restrict access based on checks of the security of the user’s endpoint. The VPN can be SSL or IPSec, according to the company’s needs. IPSec clients enable increased control and management of the remote access point, which in turn increases protection of corporate assets.
-- Technology: Needs SSL VPN Solution
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment