|
Everyone is familiar with the concept of a data breach — confidential information, usually personally identifying information, falls into the wrong hands, and then suddenly, the data handler becomes reviled as the next TJ Maxx. Data protection programs at most organizations are concerned with protecting sensitive data from external malicious attacks, relying on technical controls that include perimeter security, network/wireless surveillance and monitoring, application and point security management, and user awareness and education.
But what about inadvertent data leaks that aren’t so sensational, for example unencrypted information on a lost or stolen laptop/ USB or other device? Like the steady drip from a leaking faucet, everyday data leaks are making headlines more often than the nefarious attack scenarios around which organizations plan most, if not all, of their data leakage prevention methods. However, to truly protect their critical data, organizations also need to plan a more data-centric approach to their security programs to protect against leaks that occur everywhere sensitive data lives, rests or is used.
What type of protections would be required for, say, a training site for hospital call center employees, where actual lab reports and other real patient data are posted in the online training forms? How do you implement the same controls around data being cut/copy/pasted and e-mailed or sent out of the organization by other means?
Indeed, there are so many places data can easily leak out of an organization it would be difficult to note them, let alone classify and manage them, without some type of map or landscape that lays them all out. Broadly, these data leak points include:
- Sensitive data inappropriately removed, transferred, or sent out via postal mail, e-mail, Web mail, file transfers or instant messaging
- Lax, improper or missing access controls to systems containing sensitive data, from back-end databases and servers to mobile computers
- Lost or stolen computers, laptops and mobile devices with sensitive data that is unencrypted; hard disks and portable storage (CDs, USB drives) or backup devices; and paper files
- Insecure transmission of personal identifiable and other restricted data
- Authorized insider abuse of databases and other back-end systems
- Insecure or improper destruction of information, encompassing both physical locations (dumpsters) and electronic media (laptops and backups)
- Re-use of electronic resources (laptops and backup devices)
- Lack of separation of duties and access controls on databases and other shared systems
In this paper, we map these leakage points with regulations and best practices. Protection mechanisms can be simplified by breaking them into five major categories: classic malware protections to prevent system infections, enforceable access controls, encryption, filtering for data sensitive data types being sent out of the organization, and education.
In addition to traditional malware defenses, encryption and access controls play a huge role in protecting sensitive data from insiders no matter where the data rests or how it being acted upon. Equally important is the ability to filter, log, and take action on outbound traffic and downloads, which is commonly referred to as Data Leakage Protection (DLP). The last piece, education, can be enforced by the actions of the control systems themselves. For example, automatic encryption policies on some types of program actions (e-mailing, Instant Messaging, FTP usage) are already taken for granted by employees in many enterprises. And DLP control tools are well-positioned to send out educational pop-ups to users when their actions are actual violations.
Wrapping all this up with centrally-managed end-point security makes the neatest package for tackling the end-point related leakage problems, which is where much of the leakage occurs as a result of end user behaviors. Already, we’re seeing convergence of some or all of these technologies from end-point protection vendors. However, it will be a while before organizations are willing to turn over their best of breed point solutions for a single product. Not to mention there are other considerations that these technologies can’t manage, such as physical security issues related to lost disks and backups. But even under these circumstances, data can at least be rendered unreadable through encryption policies that are enforced by DLP at time sensitive data is downloaded onto the device in the first place.
|
