IT security has fast become a data-centric issue. Data
is the most valuable asset in an organisation andthe IT department must protect itor
find itself in the headlines likeHMRCand theMinistry of Defence. But as companies
adjust their data protection strategies, many fall prey to a number
of misconceptions and a key one is thatthe outside threat is greater than the threat from
inside, writes Andrew Clarke,
vice-president international sales at Lumension
Security.
Data leakage risks can be broken down into two major
categories: data loss and data theft. We have seen an increase in
reports of missing data through lost laptops, back-up tapes and
devices. While the loss of a laptop with thousands of personal
records is certainly cause for concern, the likelihood that it will
fall into the hands of someone who knows what to do with that data
is relatively low. The motive behind laptop theft is generally the
value of the hardware rather than the data residing on it. However,
an opportunistic thief can take advantage of valuable data
contained on the hardware. As such, encryption is essential as it
diminishes the risk of abuse of the data.
The second type of data leakage, data theft, is far more
dangerous to an enterprise. Here, the malicious party understands
the value of the data and seeks ways to access it and use it to
their advantage. Attacks from the outside are typically achieved
through malicious programs designed to install backdoors into the
network. However, these days most enterprises have full protection
from outside assaults. It is the threat from the inside that leaves
them truly vulnerable.
Most organisations have no methods in place to prevent trusted
insiders from loading data onto external devices and walking away.
And yet this method of data theft is perhaps the most dangerous
risk among all types of data leakages. Not only does the trusted
insider have access to the data, but they - more than most - know
the value of the data and what to do with it.
If organisations are serious about prioritising security based
on the severity of risk,
they must put insider threat protection on top of their
list.
Organisations also need to be able to automatically audit this
protection process. Without the visibility of auditing, businesses
will be unable to quantify the risks posed by data leaks. They
won't know whether data has moved between endpoints, what data it
was or how much of it was potentially leaked.
Encryption and traditional data protection technologies can only
serve to protect data up to a point, as their heavy dependence on
content filtering technology is limiting. In order to achieve truly
balanced protection, organisations must supplement encryption and
content filtering with
a sound endpoint solution that can monitor users and enforce
policies on the endpoint.
>> Andrew Clarke will be speaking at Infosecurity Europe
2008
>>
Assess your understanding of endpoint
security
>>
Computer Weekly Infosec 2008 show guide and
preview