IT security has fast become a data-centric issue. Data is the most valuable asset in an organisation and the IT department must protect it or find itself in the headlines like HMRC and the Ministry of Defence. But as companies adjust their data protection strategies, many fall prey to a number of misconceptions and a key one is that the outside threat is greater than the threat from inside, writes Andrew Clarke, vice-president international sales at Lumension Security.
Data leakage risks can be broken down into two major categories: data loss and data theft. We have seen an increase in reports of missing data through lost laptops, back-up tapes and devices. While the loss of a laptop with thousands of personal records is certainly cause for concern, the likelihood that it will fall into the hands of someone who knows what to do with that data is relatively low. The motive behind laptop theft is generally the value of the hardware rather than the data residing on it. However, an opportunistic thief can take advantage of valuable data contained on the hardware. As such, encryption is essential as it diminishes the risk of abuse of the data.
The second type of data leakage, data theft, is far more dangerous to an enterprise. Here, the malicious party understands the value of the data and seeks ways to access it and use it to their advantage. Attacks from the outside are typically achieved through malicious programs designed to install backdoors into the network. However, these days most enterprises have full protection from outside assaults. It is the threat from the inside that leaves them truly vulnerable.
Most organisations have no methods in place to prevent trusted insiders from loading data onto external devices and walking away. And yet this method of data theft is perhaps the most dangerous risk among all types of data leakages. Not only does the trusted insider have access to the data, but they - more than most - know the value of the data and what to do with it. If organisations are serious about prioritising security based on the severity of risk, they must put insider threat protection on top of their list.
Organisations also need to be able to automatically audit this protection process. Without the visibility of auditing, businesses will be unable to quantify the risks posed by data leaks. They won't know whether data has moved between endpoints, what data it was or how much of it was potentially leaked.
Encryption and traditional data protection technologies can only serve to protect data up to a point, as their heavy dependence on content filtering technology is limiting. In order to achieve truly balanced protection, organisations must supplement encryption and content filtering with a sound endpoint solution that can monitor users and enforce policies on the endpoint.