Saturday | 30 August, 2008
Computerworld
Q&A: Data leak prevention pros and cons
Industry analyst says business processes, not products, stop data from leaking
Cara Garretson (Network World) 08/01/2008 10:45:44

Related Features
  • +

    Process Trip 04/02/2008 13:07:03

    Why Maritz Travel revamped key business processes — and how business and IT came together to make it work
    When Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture
  • +

    Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15

    Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
    Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
  • +

    How to Get Real About Strategic Planning 04/02/2008 12:50:59

    Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?
    Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Zones
Zone logoZones provide focussed content from Computerworld and leading technology partners.

Newsletter Subscription

Sign up for our Computerworld newsletters!
Computerworld's twice-daily news service keeps you in touch with the latest, most important headlines from Australia and around the world.
Keep up with the latest virtualisation technologies, products, news and features.
RSS Feeds

Anti-data leakage vendors make bold claims about how far their products can go to protect enterprises from unauthorized information sharing. This irks Nick Selby, head of enterprise security research at The 451 Group, who believes these tools are helpful with some tasks, but far from "the solution."

Selby declines to use the industry term "data-loss prevention" to describe these products because he believes such words instill a false sense of security. Network World Senior Editor Cara Garretson recently spoke to Selby to find out more about where these tools deliver, and where they fall short.

What are anti-data leakage products good for?

These products are very effective at giving enterprises a great amount of visibility into what's going out of the building. While that seems like a simple thing, it's in fact a sea change -- the idea that you can now quantify and see who is sending what where is a tremendous advance.

They can do a great deal with stopping stupidity [users sending out sensitive data without realizing it]. Most customers are using these tools in monitor-only mode to reduce the noise and help internal security do its job by removing stupidity, and that's an extraordinary benefit to businesses.

What's not so good about these products?

Enterprises don't know where their unstructured data is, let alone where their sensitive data is. Putting a box at the gateway doesn't solve the problem, but highlights it. What do you do once you've identified what's going out the door, run around the building hitting people over the head with newspapers?

What's more, now you're subjected to litigation problems. Imagine the person who has to answer the plaintiff lawyer's question `You knew three years ago that this stuff was going out the building and you didn't do anything about it?'

Some anti-data leakage products say they help customers discover and identify their sensitive data, is that valuable?

The time it takes to classify that data that already exists is such that by the time you're finished, a new mountain exists. Every day information workers create more unstructured data measured in gigabytes if not terabytes ... to keep up with the flow while classifying what's already been done is a very difficult challenge.

So if anti-data leakage tools aren't the answer, what is?

Data leakage is a symptom of a company's misunderstanding the classification of data and where it sits in their enterprise. You have to pick your battles and start out with a limited scope to create IT processes that will solve business problems. So working between technology and business leaders, there has to be a concerted effort to understand and enumerate the [data-leakage] problem, gather data about the scope of the problem, and create policies that are enforceable to address each area of the problem.

Eventually the Holy Grail is management of the information life cycle, where data is classified at birth correctly and appropriately, and that classification follows the data throughout its life. We're no where near that.

Why is the anti-data leakage market so hot right now, with large security companies spending hundreds of millions of dollars to acquire start-ups in this area?

The reason these things are so hot right now is it's easy to understand the problem -- the demos [of data leaking out of a company] are so effective they scare the heck out of everyone. But this is attempting to insert a technical fix to what is a business problem. And the business problem is we don't understand where the data is.

More about Gateway
Market Place
WIN a printing technology upgrade worth $20k* with HP MFPs! >> CLICK HERE TO ENTER.
Download now for free Security whitepapers !!
Harness ‘The Power of Collaboration’. Register now for Cisco Networkers 2008 and stay informed on industry changing technologies.
Discover the latest web security SaaS solutions | Download new IDC white paper to lessen your IT burden
Computerworld Webinar | Business Mashups - Building the Intelligent Organisation by Empowering Users | 11am Tues 16th Sep 08
Discover trends in the B2B infrastructure market in 2008 | Download new Gartner white paper now.
Computerworld Webinar | Learn how to deliver value to your business through IT Service Management | 4th Sept 11am
Software & Systems Quality Conferences: 30 – 31 October 2008 in Canberra. Book now!
Free Forrester Report on Ubiquitous mobility download now.

Computerworld Member Login


 

Prioritizing Services with IT Service Management (ITSM)

Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)

To be repeated on:

Thursday 4th, September 2008
11:00am EST (Sydney Australia)

Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.

Attend and discover:

  • How to deliver value to your business through ITSM
  • Best practice ITSM implementation
  • Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
  • If service-oriented ITSM is best for your business
Whitepaper
Dude! You Say I Need an Application-Layer Firewall?!

Read Whitepaper

Dude! You Say I Need an Application-Layer Firewall?!

Proxy firewall technologies have proven time and again to be more secure than “stateful” firewalls. They will also prove to be more secure than “deep inspection” firewalls. High-performance proxy firewalls are available today which are easily capable of handling gigabit-level traffic. Discover more by reading on.

Enterprise IT Buyer's Guide
Find Technology Vendors Fast
 
Find vendors by name | Find by category
Sponsored Links