Going to privacyrights.org will clue you into a large cause of data breaches–the stolen laptop.
This type of incident is a repeated example of why knowing where data lives in your enterprise is so vital. When we are called into a customer for PCI consulting services, rarely do we see a holistic approach to understanding data flows. There are certainly experts who know their part, and 80% of the time they are right on. But they often lack an over-arching perspective of the data flows, and are unaware of data flows that lie outside of their bailiwick. The level of documentation required for overarching visibility is considerable, but it is also extremely valuable. Imagine being able to see the entire picture at once and instantly be able to identify risky areas or understand how a new service or acquisition could compromise security.
Of course, someone violating policy will not show up a formal diagram. How do you protect against the outliers?
Several companies including (but not limited to) Tablus, Vontu, and Verdasys have taken a focus on locating and tracking data from credit card numbers, to personally identifiable information, to intellectual property throughout a corporate network and it’s workstations. Using this data in conjunction with that magical map can help point to high risk areas as well as policy violations. This are not the end all solution by any means, as education and awareness can be just as effective from the “honest mistake” type breach. It is a key piece to the Layered Security strategy your company takes.
Why are these tools not the end all solution? This will help prevent the accidental exposure, but will not prevent the sophisticated insider from siphoning this data off site. If data flows are encrypted for example (by say an SSL VPN), many of the data flow analysis tools fall down because they cannot see inside the stream. You can always block all encrypted traffic, but if you allow people to browse out to an SSL site, you may be allowing this data to leave without your knowledge. It also may not cover USB Drives, iPods, or other temporary storage if it it is not mounted at the time of the scans. USB Drives have long been a debated topic for good reasons.
The moral of this story is really beginning to think about the data.
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC
- Life after G-Suite/Postini