|
The Problem of Information Leaks
Sensitive data slips through the cracks, but only occasionally with the help of hackers, malicious employees and other computer users who intend to use company data for personal gain or to cause harm. The economic damage from data leakage incidents is not limited to problem remediation and the consumption of internal resources. While almost half of respondents indicated changes to security and audit processes as a “major cost category,”1 according to a Forrester Research survey of 28 companies that had experienced breaches, 43% cited “customer notification, market and security response, and loss of business as significant concerns.”2 Additionally, 39% worried about the extended impact of a breach that would result in bad press and damage to the brand. Only 25% indicated concern about a legal response.
The impact of a security breach can cascade through the entire organization. But most leaks are preventable, caused by internal lapses rather than impropriety. By tightening security controls and educating the workforce, organizations can reduce the likelihood of negligence or employee error. ILP monitoring tools can serve as a check on procedural controls and education. Further, an internal monitoring program can prevent intentional data leakage while identifying acts of employee impropriety.
Information leaks can be prevented through the development of a control system that consists of processes, education, and technology. Processes provide a leak prevention framework that governs the data environment and constitutes a platform for employee education (and consequently employee behavior). The staff’s understanding of data leakage and prevention measures is enhanced through the use of technological tools that catch intentional leaks and address leakage due to negligence. ILP solutions are the anti-leak control engine, providing the necessary automation and support to keep the leak control process accurate and employees informed.
Processes and education cannot entirely eliminate human error, however; they only can reduce it. In a high-transaction environment, process owners may find it impossible to monitor comprehensively. Thus, ILP solutions power the process, facilitating monitoring efforts and enabling timely enforcement. To integrate into anti-leak control processes, ILP solutions must discover information automatically and draw immediate relationships through the use of metadata, database schema, and other contextual indicators that convey the meaning of enterprise data.
Monitoring follows discovery, providing a framework for catching potential leaks, notifying business unit leaders of risks, and generating reports for use in trend analysis and problem remediation. Ultimately, ILP solutions should be a tool for prevention. However, in an information-centric organization one needs to ensure accuracy and integration into the business processes when evaluating a leak prevention solution; such accuracy is achievable only with a combined content- and context-aware solution.
The Importance of Deep Content Control: Content-Context Relationships
Preventing information leaks should be a top priority for any information-centric business, particularly since even routine operations could expose sensitive data risk. The prevailing approach has been to scan data transmission and communication (e.g., via e-mail) for key terms through regular expression analysis, but this method tends to be inaccurate and unwieldy. It is too simplistic an approach to a very complex problem. Moreover, remedial (often emailbased) ILP solutions flood IT leaders and business managers with event notifications that require a response, even if that response is to resume business as usual. Deep Content Control, conversely, provides an alternative to regular expression analysis. Instead of narrowly looking at the words themselves, Deep Content Control restricts the use or communication of data based on its meaning – content and context rather than content alone.
Deep Content Control represents a combination of content awareness combined with context awareness – specifically, a solution’s ability to interpret what information is and where it is located, who is using it, how they are using it, and where they are sending it. This involves analyzing the data itself as well as the database field in which it is stored (fully qualified to include the table or view and full database name), the data to which it relates, and the systems that use the data. For content to have meaning, a user or system has to be aware of the data as well as how it is being used and stored.
|
