Prevent Data Slurping Part 5: Crimping the flow

For someone looking for something really special, check out Tenix Datagate's Interactive Link Data Diode (IL-DD) product which provides a "provides a one way connection between two networks, with hardware-enforced prevention of reverse data flow".

By doing some very clever things with thin client and a one-way network link, the data diode allows network managers to separate secure and non-secure environments, while allowing users to access both through a thin-client terminal. In essence, once something winds up on the high-side, secure network, it can't escape. "Tenix has got a solution for a very high security environment, without a doubt," says Montgomery.

Tenix is a military contractor; the IL-DD was no doubt engineered to meet the requirements of high security environments. As for whether it's finding commercial success, we don't know -- Tenix representatives did not respond to a request for comment.

So there you have it. Preventing your users from deliberately siphoning data away from your organisation is hard work -- there's no easy solution. Perhaps the important thing is we try; that we make it hard for those who want to break the rules. That way they can't argue later they didn't think what they were doing was wrong.

Restricted USB functionality in Windows Vista should make life a little more bearable, but we know too well that if a user has access to sensitive data in the first place then the battle is lost.

Least privileged access, combined with sensible auditing and some reasonable technical countermeasures are a start, and screening employees is vital.

What do you think? E-mail [email protected]

< Back to Part 4

Read more on Data breach incident management and recovery