Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• June 2011
• May 2011
• April 2011
• March 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Data loss prevention starting from the inside out - February 22, 2008

Lake Mary Florida The traditional business-centric view of computer security has focused on the external threat landscape, often overlooking internal vulnerabilities. Subsequently, recent studies from Gartner, Magic Quadrant and Vontu have revealed that a majority of corporate data loss, often termed data leakage, is caused unintentionally by an organization's own actions.

The potential legal liability and brand-reputation damage from corporate data loss has spurred growing demand for data leakage prevention (DLP) technologies. These technologies have largely focused on the need for automated data management. This "inside-out" security paradigm has resulted in corporations striving to achieve rapid data governance via products that emphasize outbound content compliance (OCC) policies, insider threat management, and extrusion prevention systems (EPS).

However, before considering a comprehensive enterprise data management product or platform, information security departments must understand their organizations' business workflow and how it relates to the protection of existing IT assets. This process should include investigating and targeting key aspects of the network infrastructure that may be a source of data loss. Here are some important issues to consider when identifying potential areas of data leakage:
"As the complexity of an IT infrastructure increases, so does the difficulty of knowing where all the data resides, how it's accessed and by whom", say Brian McCarthy President of Sencilo Solutions in Tampa Florida.

As the roles of data managers and storage managers blur, assigning the responsibility for creating a data ranking system becomes harder to define this is were turning to a Security Expert and Trusted advisor really is money well spent, says McCarthy. 

The business must strive to assess the criticality of corporate. Once content discovery of all data is completed, a classification scheme must be implemented to categorize data sensitivity. .

Those with access to the data are the ones usually responsible for its loss. Identify users with overly permissive access controls, including senior managers, who often request high privilege levels without possessing the proper training in data security.

While inbound email is analyzed to protect against internet threats, outbound email is often overlooked as a major source of data loss. The accidental loss of confidential and proprietary information from insider email is one of the largest areas of data loss. The risks associated from activities such as personal web based account use and inappropriate message auto forwarding, can have serious legal, financial and regulatory consequences. .

• Unauthorized use of Internet protocols and services -- such as IM, peer-to-peer file sharing, blogging, social networking sites and unauthorized uploading (FTP) of data to Web sites -- is a major contributor to data security incidents and should be controlled via a detailed policy.


• The use of contractors and outside consultants usually requires the creation of new user credentials. However, knowledge and accountability of these user accounts is essential, as they are often lost.


• Removable storage media, such as flash drives, optical media, external hard drives and personal media devices, create a portable medium for the loss of data.


• Mobile computing platforms (i.e. laptops, PDAs) allow data to be physically removed from the corporate environment where all monitoring and control is lost and where encryption is important. 

Strategic planning for prevention
Enterprise storage has evolved far beyond direct-attached storage (DAS), basic networked file shares and simple database storage. Today's company's like Sencilo Solutions will architect storage area networks (SANs) using iSCSI and Fibre Channel, tiered and hierarchical storage models like Compellent Technologies, virtual storage systems like Overland Storage, high-end storage arrays from HDS and clustered storage. Due to the wide variety of hardware and software and their numerous configurations, the remediation strategies for data leakage are ultimately company specific.

Nevertheless, the commonality of all DLP planning should involve consideration of the following:

• Implementing basic company-wide standards and procedures for all employee data usage and information ownership;


• Assessing and ranking corporate data based on the business risks associated with its loss or exposure;


• Ensuring detection and classification software uses effective identification algorithms with lexical examination of data content;


• Performing frequent inventory reviews of business critical data, ensuring proper safeguards are in place and making sure security protocols are up to date;


• Using an effective data security model that simplifies role based access control (RBAC) and granular control of individual users;


• Enforcing employee training of corporate email acceptable use policies. Consider messaging protection platforms for automated corporate compliance and policy management of outbound email;


• Ensuring that employees are aware of computer usage monitoring as a deterrent to attempts at policy circumvention;


• Administering frequent reviews of user-privilege levels to assess and confirm that the appropriate settings are configured for each user;


• Embedding access controls directly into sensitive data through use of digital rights management (DRM) technologies like Q1 Labs or Barracuda Networks;


• Maintaining data security when dealing with business partners through the use of federated identity management; and


• Generating routine audit and data-flow assessment reports to monitor data leakage threats using QRadar and track data locations with respect to time and user request.

Data loss prevention has become a relevant compliance issue and is critical in protecting confidential company data and preserving customer data privacy. Data growth rates today are such that it is a challenge to efficiently manage new and existing data. Corporate security policies that address data proliferation issues must also sustain data availability, business productivity, operational continuity and data restoration. Most importantly, to avoid end-user misperception that your DLP strategy is set of IT laws, thorough communication and education is essential in facilitating acceptance of the organization's DLP program as an important parallel business strategy.

Sencilo offers a comprehensive suite of Security products and services that help you assess, design, and execute your network and applications in the most secure and cost-effective way. From security audits and virtual private networks to enterprise firewall implementations.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-threat-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection