1. /
  2. Confident Insights Newsletter/
  3. Getting Smart about Data Loss Prevention

Getting Smart about Data Loss Prevention

April 28, 2008

Summary

Since almost all businesses fall under some kind of regulatory or corporate mandate to protect private information, the absence of well-defined data protection policies and an enforcement plan can put organizations at huge financial risk and cause substantial reputation damage.

Introduction

Today's mobile technology environment has had a profound effect on how small and mid-sized businesses protect confidential and proprietary information. In fact, current trends in technology are essentially forcing SMBs to shift their security approach from putting up walls around their infrastructure to finding ways to control the access and use of data while still making it available to those who need it. In addition, the string of high-profile breaches in the past year has made SMBs acutely aware of their need for a more comprehensive approach to truly protect their data.
Since almost all businesses fall under some kind of regulatory or corporate mandate to protect private information, the absence of well-defined data protection policies and an enforcement plan can put organizations at huge financial risk and cause substantial reputation damage.

Mobile targets

Today's workforce is increasingly mobile, and that means more workers are using a wide range of mobile devices to access business data over insecure public and home networks –all potential sources of data leaks. Thus, the challenge that SMBs face is to keep their information widely available while at the same time asserting control over how it is being used and who has access to it.
In fact, a 2007 Gartner report identifies the influx of consumer-based technology into the workplace – i.e. IM, social networking sites and USB devices – as the biggest threat to a company's security. Specifically, the report names four technologies that present the most risk:
  • USB devices – The practice of downloading sensitive business data on devices such as portable memory sticks and MP3 players poses a substantial security risk. However, most SMBs find it increasingly difficult or impractical to ban the use of such devices. In the absence of an outright ban, SMBs should take precautions to limit the risks of these devices.
  • Social networks – An increasing number of employees now post to blogs and participate in social networks and other Web 2.0 applications, both inside and outside of the workplace. To protect intellectual property and other important data, SMBs need to adopt clear policies on how sensitive information should be handled on blogs and social networking sites.
  • Mobile devices– Today's smart phones can be used like a computer, but have increasingly become the target of malicious attacks. Without stringent compliance with security policies, the use of mobile devices can place business's confidential data at risk.
  • Remote connectivity – Allowing employees to connect to business resources from remote locations increases productivity and saves costs for many SMBs, but it also means that many workers are accessing corporate data over insecure public and home networks.
A carefully thought-out and comprehensive approach to data protection starts with SMBs asking the following questions:

The need for a comprehensive approach

  • Where is the business' data stored?
  • How do the employees, partners and customers use it?
  • Is the information being downloaded on USB drives and other portable devices?
  • Is proprietary or confidential information being sent via email?
  • Is there a clear company policy regarding how sensitive information should be handled and if so how is it enforced?
Recent studies show that email and other messaging applications store as much as 75 percent of a company's intellectual property. Symantec's data loss prevention tools can help SMBs protect their confidential and proprietary information in today's mobile technology environment.

Solutions that can help

Symantec Enterprise Vault utilizes intelligent classification and retention technologies to capture, categorize, index, and store target data and to enforce security policies. Its archiving platform stores, manages, and enables the discovery of business data from email systems, file server environments, instant messaging platforms, collaboration and content management systems while helping to reduce storage costs and simplifying management. It also provides specialized applications, such as Discovery Accelerator and Compliance Accelerator, which mine archived data to support legal discovery, content compliance, knowledge management, and information security initiatives.
As malicious threats directed at mobile devices and vulnerable messaging systems intensify, Symantec Mail Security 8300 Series appliances deliver antispam, antivirus, and compliance technologies that allow IT teams to more effectively control sensitive data, reduce the risks associated with data leakage, and meet regulatory compliance mandates. These solutions leverage integration with industry-leading, sophisticated structured data-protection solutions from Vontu, which analyze the data held in databases (e.g., customer and patient records, banking information, order processing, or CRM) and create unique fingerprints for the actual data.
In addition, administrators can create policies that mark suspect messages as "Hold for Review" before allowing their delivery, providing an opportunity for administrative intervention by compliance or legal staff if needed. These and other easy-to-configure, integrated workflow tools enable the creation of policies to control data and respond to policy violations–while allowing business to continue uninterrupted. Premium Content Control (PCC) allows customers to more easily deploy policies that manage risks associated with data leakage, internal governance, and compliance with specific regulations. PCC includes premium templates and dictionaries as well as reporting on triggered policies and export options for incident history.

Conclusion

The growing popularity of consumer technologies in the workplace is a constant challenge to the traditional security models of SMBs. At the same time, a spate of recent high-profile data breaches is keeping the heat on SMBs to find ways to control this complex security problem. As businesses continue to face unrelenting pressure to protect their data, Symantec's security solutions tools such as Enterprise Vault and Mail Security 8300 Series, can help SMBs protect their confidential and proprietary information in today's mobile technology environment.

Related links

Back to Newsletter