Three years ago my mother sent me a smoked salmon through the post as a Christmas present and it still has not arrived. The reality is that most of us think twice about sending anything valuable through the post.
And yet the vast majority of us are still sending highly sensitive information via email and a variety of other antiquated methods.
Today we are talking about data leakage or data loss prevention (DLP), the latest security buzz phrase, alongside endpoint security or, as I heard it referred to recently, “the stupidity patch”, for those users who tend to forget things such as mobiles and notebooks after a night out.
Yet DLP is usually all about protecting the perimeter. In other words, if my mail had a better security system, my salmon would have arrived. The transfer of information is increasingly time critical, like my salmon, and traditional approaches such as FTP and secure email lack the security mechanisms that sensitive data demands, thus raising the risk of leakage. And it becomes really challenging when you need to share information with business partners.
So here are a few suggestions to keep customer security sweet. Do not expose your internal network. No type of direct or indirect communication should be allowed between the partner and the enterprise.
Make sure that intermediate storage is secure. This is especially critical when the intermediary storage is located on an insecure network, such as the enterprise’s DMZ, outsourced site, or even the internet.
Protect data at rest, using encryption. Select technology that automatically
encrypts without asking the user for an opinion.
Always keep older versions of your data, ensuring an easy way to revert to the correct file content or recover from data deletion.
Data inside protected storage must be tamper-proofed by integrating authentication and access control so only authorised users can alter the data.
Also, digital signatures must be employed to detect unauthorised changes in the files.
Comprehensive auditing and monitoring ensures the enterprise policy is adhered to and offers track-and-traceability of data.
The process of transferring data must in itself be secure. Users who store or retrieve data must be authenticated, at times using strong authentication mechanisms. Access control must ensure that users only perform appropriate, authorised actions. Use solutions that guarantee delivery.
Maybe if my mother had not written “smoked salmon” on the label, it might have arrived or if the packaging had been more secure, it might have been less likely to have been tampered with.
It might have just disappeared like the occasional email seems to do.
In any case I have now switched to the more reliable route of hand delivery of smoked salmon and apart from an occasional “firewall” at customs my salmon arrives on time. So if you suspect something fishy is going on with your sensitive data like 30 per cent or so of companies, I suggest looking at a reliable managed file transfer solution.
Calum Macleod is director for Western Europe at Cyber-Ark Software
Contingency plans follow Carillion's demise earlier this year
Oliver Tuszik says partners can boost subscription sales by taking a customer experience-led approach
Firm says enterprise business has performed 'weaker than originally expected'
Top executives from nine VARs, including Computacenter, Bell Integration, XMA, ANS and Epaton, weigh in on which server, storage and networking technologies will be red hot next year