A new sheriff in town: outbound data monitoring

It's 11:32 on a Tuesday morning: Do you know where your data is?

IT organizations have learned the hard way that leakage of confidential information -- whether it trickled out inadvertently or passed through in a calculated fashion -- can levy heavy damages against market share and brand reputation, and potentially give rise to civil lawsuits and punitive fines.

The danger of data leakage is clear and present. Research conducted by InfoPro says 72 percent of enterprises surveyed report that internal security threats pose an equal or greater problem than external risks. An ability to prevent disclosures, or at least manage them, is critical to complying with industry and governmental regulations and guarding brand reputation.

IT executives must take a more proactive approach to monitoring and securing all data in motion. Not only e-mail but all forms of electronic communications must be monitored -- instant messages, peer-to-peer, telnet, FTP traffic, automatic faxes, posting to discussion boards and online business transactions.

Enter a slew of new and reconditioned products geared toward blocking sensitive data from leaving the corporate network. Vendors in this market include Fidelis Security Systems, Intrusion, Palisade Systems, PortAuthority Technology, Proofpoint, Reconnex, Tablus, Vericept and Vontu.

These vendors have developed network-based products that can monitor data in motion and in some cases, data at rest. This lets an organization identify data flow patterns, such as a human resources department distributing unsecured employee information via e-mail. Policy-violation alerts can be sent to administrators, the sender and/or the user. These products can quarantine suspect data before it leaves the network, so it can be appropriately reviewed before going on to its destination. Suspicious activity, such as an employee e-mailing marketing plans to her Hotmail account or another employee accidentally copying someone on an e-mail containing customer information, can be blocked immediately.

In a nutshell, these products help shield an organization against breaking local or federal privacy laws, violating corporate policies, ignoring e-mail best practices, losing intellectual property and exposing customer information. In addition to providing a final security checkpoint, these products can be used as a training tool to teach employees how to protect private, sensitive data and as the means of providing evidence that a company is serious about data privacy.

On the flip side, these products register false positives, miss some legitimate policy violations and -- with the six-digit price tag they often carry -- can be difficult to cost-justify.

Savvy companies realize that proactively managing and protecting intellectual property and customer data is like putting money in the bank, says IDC security analyst Brian Burke.

"It not only reduces the possibility of legal and financial risk but also helps to protect and safeguard an organization's future revenue," he says.

The market

One of the difficulties with these products is that the industry doesn't quite know how to classify them.

Gartner analyst Paul Proctor refers to these wares as "content monitoring and filtering" tools. IDC analyst Dan Yachin calls them "information leakage detection and prevention" products, while in military deployments they are referred to as "extrusion prevention systems."

In spite of the confusion over the product category name, Proctor predicts this market will double each year for the next two to three years. He expects an increase in shipments from both start-ups and well-established security vendors.

"The market for these solutions is relatively immature, as the adoption . . . relies on organizations' growing awareness of the inside-out threat," Yachin says.

The key function of these products is to help organizations comply with data privacy law. Their niche is to guard against both the intentional and accidental leak of sensitive data. The underlying technology won't provide an all-encompassing answer to data privacy, but it's a key ingredient to be coupled with user education, encryption safeguards, access-control mechanisms, physical security, and incident response and reporting processes inside an information security infrastructure.

Some users view these products as potential employee-monitoring tools, providing ways by which an employer could infringe upon the privacy of people sending and receiving information. But vendors are quick to say that spying on employees is not a prime objective.

"Our tool is not used as Big Brother monitoring but as a tool to educate employees about what's occurring on the network," says Kevin Cheek, vice president of marketing at Reconnex, maker of the Reconnex inSight Platform.

Still, it would be wise to investigate whether these tools violate any labor, civil or criminal laws in the country where they are implemented.

Join the newsletter!

Error: Please check your email address.

More about ACTBossBrother International (Aust)ExposureGartnerGuidance SoftwareHISIDC AustraliaInfoproMicrosoftMotionSecurity SystemsTuesday MorningVericeptVIA

Show Comments

Market Place