Six Ways To Stop Data Leaks
I can tell this won't be the first or last rant I post about data leak protection if it turns out to be "The next Big Thing(tm)"
Ultimately I think that a lot of magic bullets are going to be sold in this field, and a lot of companies are going to end up disappointed.
Lets look at this article though. it lays out some ways to stop data leaks.
Point 1. - Get a Handle on the data. Yep the idea that if you don't know where you're critical information is you can't protect it. Fair point, although in reality it's a lot harder than it sounds in a large environment.
Point 2 - Monitor Content in motion. Now here's where I start getting a bit cynical. the idea that you can monitor all your content as it leaves your company is frankly silly. Here's a couple of examples of ways that data might leave your company that most of these solutions aren't likely to address.

  • do you allow Internet access for your staff? If so do you use white-list or black-list filtering. If you allow access for your staff to the Internet (as almost all companies do) and you don't use white-list filtering (so only allowing access to approved sites on a list), then how do you monitor content leaving over the web... do you intercept and read all content on the Internet channel? Do you intercept all SSL traffic and look inside? If you find encrypted traffic inside the SSL session do you just block it? If not you're not monitoring the single biggest conduit for data out of your company.
  • Here's another One. Do you have desktop machines with nice large hard drives? Can people work out of hours in your offices? now.. how good is the physical security on all your desktops... could a user just open one up take the hard drive out copy it and put it back?

to be fair to them points 3, 4 and 5 are pretty reasonable, IT Security best practice.
point 6 Centralize your intellectual property data - Just not practical for most companies. Companies at the moment are looking to make working more and more flexible and information easier to access. The idea of putting it in one big vault so it can be protected just ain't gonna fly.


Security Geek, Kubernetes, Docker, Ruby, Hillwalking