Courion Corporation

Not Just Technology... It's Also About People, Policies and Process

I recently read a report, sponsored by Symantec, on DLP...and part of the executive summary caught my eye,

"If there ever was a problem that could be solved purely by the appropriate deployment of technology, data loss prevention isn't it. People, policies, and products must all work together, or the exodus of information will surely continue."

This is an interesting article that discusses the increased risk of theft/loss of your data, in part, because a market exists for things like stolen credit card data or personal information.  Here's a synopsis...

In the past locked down perimeters and datacenters were the norm, but the "line" is blurring....workers are accessing systems from home, from hotels, on the road.  Your IT organization may be blurring the line as well, moving applications into the "cloud".  The enterprise infrastructure of your business is expanding to include partners and customers.  Businesses continue to have a need to balance how they manage security against how they allow the business to run.  Today's work environment, more than ever, expects to have data easily available at any time, from anywhere...the security model needs to protect data (no matter where it is) in addition to protecting systems.

The article then goes on to describe how Network Access Control complements DLP.  Basically, ensuring that any device that is connected to the network meets the policies of the business.  (Ex: require antivirus, encryption, up to date patches, etc.)

Another key component is people and education.  Teach them how to make the right business decisions with security in mind, AND, make it "easy" to do the right thing.

Ensure that people have the right access to the right data at the right time.  Good people doing unintentional things can introduce as much risk as a malicious hacker.   Reduce your exposure by removing access to sensitive data that is not needed by the business.