The number of incidents involving data intentionally or
unintentionally leaving corporate networks is on the rise, writes
Yuval Ben-Itzhak, chief technology officer atFinjan.
The
CSI Computer Crime & Security Survey 2008 showed that 44%
of the polled companies registered data leakage to be the second
biggest problem of their corporate IT security. In a survey
conducted among German companies, less than 25% said that they use
HTTP traffic monitoring systems for protection from confidential
data leakage. An older survey found that customer data represented
the vast majority of data leaked to unauthorised parties, followed
by confidential information and Protected Health Information
(PHI).
Governmental agencies are also at risk, as shown in an incident
from
May
2009 when some parties received electronic data consisting of
the latest unemployment and average earnings figures from the
Office for National Statistics (ONS) before their official
publication date. The ONS was forced to officially release these
figures ahead of time, resulting in the Pound Sterling bouncing
higher. This incident was part of a string of data breaches
suffered by the British government over the past two years. Data
leakage has grown into a global problem, as the following incidents
show.
• In April 2009, a
data leakage incident occurred in a Prague hotel (Czech
Republic). The flight details and passport numbers of around 200 EU
leaders were leaked by accident. The data was related to a EU-US
summit held in Prague and attended by U.S. President Obama.
• In April 2009, an employee of
Mitsubishi UFJ Securities sold personal data of more than
49,000 of its customers to three dealers who specialize in personal
data lists, which in turn sold them to more than 80 real estate
agents and other firms.
• In March 2009, a spreadsheet containing customer data of Kabel
Deutschland (a German provider of Internet, cable TV and telephony)
was leaked to questionable call centres
Organizations around the world have become aware of their need
to protect their outbound data in transit, which is complicated
when malware is involved as in the case of "Trojans phoning home".
The optimal answer is a gateway-based web security solution,
consisting of dedicated hardware/software platforms. Network
traffic is analysed to detect unauthorised information
transmissions, including HTTP, HTTPS and other protocols.
When selecting a DLP solution, an enterprise needs to focus on
the following elements:
• All outbound communication should be analysed in real time and
identified by their true content payload, not just by their file
extensions. True Content Type detection capabilities prevent
selected file types from leaking out or being downloaded by
users.
• Administrators should be able to set policies based on
dictionaries/lists containing words or formats (such as customer or
employee information with names, addresses, social security numbers
and other identity-related information) that should be protected.
The solution should also enable lexical analysis and
dictionaries/lists for words or formats relating to
company-specific sensitive information (eg, intellectual property
(IP), financial information).
• A policy-based management is needed to setup and enforce
granular rules per specific user or per user group (e.g. sales,
marketing, R&D, finance, legal).
• The ability to set up compliancy lists for PCI, HIPAA, GLBA,
SOX, CISP, FISMA, governmental regulations, etc. is needed,
especially for publicly-traded companies, financial institutions,
and healthcare providers.
DLP as an integral part of the enterprise web security solution
enables administrators to turn specific features on and off, deploy
security features in stages and even disable superfluous functions.
This type of integrated DLP solution prevents intentional (as a
result of malicious activity) and unintentional data leakage with
low cost of ownership.