Professional Documents
Culture Documents
Scompliance Ssecurity Data-Protection Final
Scompliance Ssecurity Data-Protection Final
CO M E - B O O K
Data loss
prevention
strategies,
practices
p Protecting
Your Secret
Sauce
p Where
Data Lives
p Mandating
Encryption
ss
1 DLP ESSENTIALS
lo
CHAPTER 1 » DLP: IT’S NOT JUST FOR BIG FIRMS ANYMORE
2 DLP ESSENTIALS
CHAPTER 1 » DLP: IT’S NOT JUST FOR BIG FIRMS ANYMORE
tion should consider in data protec- ■ Reduce your profile. One of the
tion is eliminating data that is not key PCI DSS requirements and one of
absolutely required for the business. the fundamental rules of data protec-
It may sound odd, but with some cre- tion is to confine the protected data
ative thinking, many companies can to a small and well-defined environ-
eliminate the need for regulated data. ment. This practice not only simplifies
For example, online merchants can compliance by reducing the environ-
a ment where controls need to be
CHAPTER 1 implemented, but it also facilitates
DLP: IT’S NOT
JUST FOR BIG The first step any access control, data movement moni-
FIRMS ANYMORE toring, access logging, testing and just
organization should about every other security practice.
a consider in data The idea is to centralize data in as
CHAPTER 2
PROTECTING protection is eliminat- few systems and as small a network
YOUR SECRET environment as possible. Once your
SAUCE ing data that is not data is centralized, you can restrict
absolutely required access to the data to a specific group
a for the business. of users and applications. If possible,
CHAPTER 3
WHERE DATA
you should provide mechanisms to
LIVES allow the data to be operated on
while residing on the centralized sys-
a sometimes store only the transaction tem. In other words, avoid copying it
CHAPTER 4 ID for a credit card purchase and or allowing it to move. Tools like data
MANDATING
ENCRYPTION
avoid storing the primary account loss prevention packages can monitor
number long term. Health care com- and restrict data movement to make
panies can sometimes avoid storing your containment even more effec-
Social Security numbers of patients tive. To further restrict the environ-
by replacing them with other identi- ment, deploy firewalls that restrict
fiers that are not covered by regula- connectivity to specific protocols
tions. from only particular addresses or
This kind of sensitive data elimina- zones. Finally, monitor all access and
tion can be practiced to varying data movement (even within the
degrees throughout an organization. environment). This will help ensure
It may not mean that you eliminate all that only the right people have access
instances where compliance is and help to meet regulatory require-
required, but it can reduce the num- ments as well.
ber of places where sensitive data is
used and make the next step—reduc- ■Share only what you must. These
ing your profile—easier to complete. days, very few organizations actually
3 DLP ESSENTIALS
CHAPTER 1 » DLP: IT’S NOT JUST FOR BIG FIRMS ANYMORE
4 DLP ESSENTIALS
CHAPTER 1 » DLP: IT’S NOT JUST FOR BIG FIRMS ANYMORE
5 DLP ESSENTIALS
Let them
roam
loselaptops
surf
audit
cut budgets
who cares You do! Liberating your people and freeing up time and
resources makes productive sense. Sophos security and data
protection solutions deliver: Install, set and forget. Easy on
your time, easy on your system and easy on your business,
everything from Endpoint to Compliance, Email, Web and
Encryption is covered and all accessed and controlled with
refreshing simplicity.
Now, with security taken care of, you’ve got the rest of the
day to do all the other things that can’t wait.
a IT’S A COLD day in late November. Two says Matt Parrella, assistant U.S.
CHAPTER 2
PROTECTING men are getting ready to board a attorney and chief of the San Jose
YOUR SECRET plane bound for Southeast Asia at branch of the U.S. Department of Jus-
SAUCE
San Francisco International Airport. In tice’s CHIP unit.
their luggage is millions of dollars’ “It’s growing in terms of the num-
a worth of stolen trade secrets. These ber and types of trade secret cases
CHAPTER 3
WHERE DATA pilfered project designs, manuals, we’re prosecuting,” he says. “Three to
LIVES CDs, floppy disks and third-party five years ago we saw physical manu-
licensed materials will allow nefarious
a foreign buyers to unlock the secrets
CHAPTER 4
MANDATING
of the most innovative U.S. compa- “It’s growing in terms
ENCRYPTION nies and aggressively compete with
them on the open market. But just as
of the number and types
the men are about to step onto the of trade secret cases
plane, they are arrested by a joint we’re prosecuting.”
FBI/Computer Hacking and Intellec-
—MATT PARELLA
tual Property (CHIP) investigative ASSISTANT U.S. ATTORNEY
team.
It sounds like an episode of a televi-
sion crime drama. Yet this actually als being stolen, whereas today digital
happened in 2001, when two men versions of schematics, data sheets,
tried to flee the country with trade manufacturing processes and source
secrets stolen from a few of the code are at risk. And the number of
biggest names in Silicon Valley. In this complaints being filed and investiga-
case, the criminals were stopped in tions pursued are dramatically on the
their tracks, but theft of trade secrets rise.”
is a growing and evolving problem, According to a 2006 report from
7 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
the Office of the United States Trade annually from trade secret theft. Fed-
Representative, U.S. businesses are eral law enforcement officials say the
losing approximately $250 billion most targeted industries include
2. Create an inventory of your company’s trade secrets and the form they
a take (paper-based, electronic, undocumented employee knowledge).
CHAPTER 2
PROTECTING
YOUR SECRET 3. Prioritize the trade secrets according to their value to your organization
SAUCE based on the risk of loss, compromise or theft. To keep things simple, con-
sider using a scale of high, medium or low to rank likelihood and impact.
a
CHAPTER 3 4. Analyze how your company’s trade secrets map to organizational business
WHERE DATA
LIVES
processes throughout their entire lifecycle.
8 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
9 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
says. “You wouldn’t even know it source code, marketing plans and
[your IP] was missing for five years, customer information. So varied are
when a competitor would suddenly the things that can be considered
introduce a product that sold for one trade secrets that your employees
third to one fifth of the price of yours.” may not even know when they are
And it is important to note that handling them.
trade secrets are vulnerable to not
a just malicious theft, but also acciden-
CHAPTER 1
DLP: IT’S NOT
tal leakage in the normal course of Part of the reason U.S
JUST FOR BIG business. For example, an engineer
FIRMS ANYMORE
who has not been properly trained in firms are struggling to
what constitutes trade secrets might protect IP is a wides-
a include some in a seemingly innocu-
CHAPTER 2
ous conference presentation.
pread misunderstanding
PROTECTING
YOUR SECRET of what a trade secret
SAUCE
is, and what legal
PUTTING THE SECRET
a IN TRADE SECRET
protection it possesses.
CHAPTER 3
WHERE DATA Part of the reason U.S. firms are
LIVES struggling to protect IP is a wide-
spread misunderstanding of what a For organizations that depend
a trade secret is, and what legal protec- heavily on commercializing the prod-
CHAPTER 4
MANDATING
tion it possesses. uct of their R&D activities, trade
ENCRYPTION A trade secret is a type of intellec- secrets are particularly important.
tual property that represents an orga- Patents are equally important, but
nization’s intangible assets. Unlike trade secrets differ from patents in a
tangible assets such as land, build- significant way. They are—as their
ings, office equipment or manufactur- name implies—secret. Whereas
ing equipment, intangible assets can- patents represent a set of exclusive
not be seen or touched and are rights granted by the government in
created not by physical materials but exchange for the public disclosure of
by human labor or thought. an invention, a trade secret is internal
According to the Uniform Trade information or knowledge that a com-
Secrets Act (UTSA), trade secrets pany claims it alone knows, and
include formulas, patterns, compila- which is a valuable intangible asset.
tions, program devices, methods, While patent owners have certain
techniques or processes. They also legal protections from anyone using
can be diagrams and flow charts, sup- their patents without permission,
plier data, pricing data and strategies, companies are responsible for prov-
10 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
11 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
place, trade secrets continue to leak tive education and awareness pro-
out. Weaknesses in security proce- grams all contribute to this problem.
dures, inherent vulnerabilities within All too often, senior management
business processes, disjointed risk teams, boards of directors and senior
management programs and ineffec- executives are lulled into a false sense
a
CHAPTER 1
DLP: IT’S NOT
JUST FOR BIG HOW YOUR DATA CAN LEAK
FIRMS ANYMORE
■ An executive of an Ohio hydraulic pump maker was convicted of stealing
a his company’s trade secrets by handing over financial and confidential mar-
CHAPTER 2 keting materials to a South African-based competitor.
PROTECTING
YOUR SECRET
SAUCE
■ A Kentucky man was convicted in 2006 of conspiring to steal and sell trade
secrets belonging to Corning. While an employee, the man stole drawings
of Corning’s thin filter translator liquid crystal display glass and sold them
a to an offshore-based business.
CHAPTER 3
WHERE DATA
LIVES ■ A Duracell employee downloaded sensitive data about a top-selling prod-
uct from company computers onto his home PC and sent it to two Duracell
a competitors; he was convicted earlier this year.
CHAPTER 4
MANDATING
ENCRYPTION
■ A magazine publisher kept its entire pricing strategy, competitive intelli-
gence, financing information and marketing plans for a new, unreleased
magazine stored within a hidden file share on its public Web server. Due to
a misconfiguration on its website, these trade secrets were exposed to the
public through Google hacking.
12 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
of security about trade secrets. This is secrets are not going to feel bound by
largely due to misunderstanding the an NDA.”
legal protection for trade secrets, And while a company might have a
coupled with being organizationally strong IP protection program on
buffered from the daily operations paper, it can get in the way of employ-
security managers face. ees doing their jobs effectively. A
related problem is that the corporate
a culture may be at odds with IP securi-
CHAPTER 1
DLP: IT’S NOT Many organizations ty directives and employees simply
JUST FOR BIG ignore them. Intellectual property
FIRMS ANYMORE believe they mitigate protection done wrong creates a bar-
the risk of a trade secret rier to creativity, which is what makes
a via a contractual agree- U.S. companies such great innova-
CHAPTER 2
tors.
PROTECTING
YOUR SECRET
ment such as NDAs
SAUCE
and confidentiality
a agreements, but this TECHNLOGICAL SOLUTIONS
Essentially, a trade secret is just
CHAPTER 3
WHERE DATA
simply isn't the case. another piece of corporate informa-
LIVES tion. Like all information, it has a life-
cycle—it is created, used, shared,
a “When we speak to victims, we are stored and eventually destroyed.
CHAPTER 4
MANDATING
finding out that the people responsi- What makes protecting a trade
ENCRYPTION ble for security on R&D projects are secret challenging is how it changes
not at the C-suite level, so that mag- form and proliferates through the
nitude of the risk is filtered out by the organization during its lifecycle. It
time it gets to the top of the organiza- may start as a chemical process writ-
tion,” Parrella says. ten in a lab notebook, at some point
Furthermore, many organizations be recorded in an electronic docu-
believe they mitigate the risk of trade ment, become a set of discrete tasks
secret theft via contractual agree- in a manufacturing process and even-
ments such as NDAs and confiden- tually be combined with other IP to
tiality agreements, but this simply form a product. Each of these forms—
isn’t the case. Although important to manual, digital, process, product—
have in place from a prosecution may have a different lifecycle. At each
standpoint, these agreements are not point, the IP may face different risks
particularly effective at preventing that must be examined and, where
theft, Schadler says: “The sort of peo- appropriate, mitigated.
ple who want to steal the trade Various products can help protect
13 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
trade secrets and IP data that exist in enterprise rights management prod-
digital form, during certain points in ucts designed to provide data protec-
the data’s lifecycle. There are emerg- tion—specifically IP—across business
ing technologies that monitor the processes and organizational bound-
movement of structured and unstruc- aries.
tured data and enforce actions on the Adobe offers products that securely
data based on custom policies. These capture, process, transfer and archive
a products work at the network and information, both online and offline.
CHAPTER 1
DLP: IT’S NOT
desktop levels and can monitor John Landwehr, Adobe’s director of
JUST FOR BIG movement, prevent data from being security solutions and strategy, says
FIRMS ANYMORE
copied from the originating applica- he believes the best protection of
tion to external sources—for exam- sensitive data happens at the docu-
a ple, USB drives—and help classify ment level: “Given the range of
CHAPTER 2
PROTECTING data as requiring more or less protec- devices that IP can live on—from
YOUR SECRET tion. desktops to laptops to PDAs and
SAUCE
EMC Corp.’s Infoscape can help mobile phones—we think that the
inventory unstructured data, such as only viable way to persistently pro-
a Microsoft Word documents, Adobe tect that information is if the protec-
CHAPTER 3
WHERE DATA .pdf files and various spreadsheets, tion travels with the document.”
LIVES and also classify it based on a compa- However, a word of caution about
ny’s data classification scheme. Com- some of these products designed to
a plementary EMC products offer protect confidential data: Because the
CHAPTER 4
MANDATING
secure storage and archiving of data. vast majority are based on rule set-
ENCRYPTION Sun Microsystems Inc.’s Identity driven engines, the number of false
Manager can provide a foundation for positives they generate can be signifi-
controlling what systems people are cant.
given access to and what roles they
are given within an application based
on company-defined policy. Sun also PROTECTIVE STEPS
offers integrated solutions for secure Despite the increasing sophistication
data storage. of technology, there’s no magic bullet
In addition, there are products from for protecting IP. “There is no
companies such as PGP Corp. and absolute, 100 percent, foolproof way
Entrust Inc. to protect mobile data to protect trade secrets,” Sabett says.
with combinations of file-level “You could spend all your time and
encryption and access controls on money on technological protections,
physical interfaces to the mobile and yet your trade secrets could be
device. Finally, vendors such as flowing out of the organization in all
Adobe Systems Inc. have developed sorts of other ways.”
14 DLP ESSENTIALS
CHAPTER 2 » PROTECTING YOUR SECRET SAUCE
15 DLP ESSENTIALS
Could you use a little
direction when
choosing a
DLP solution?
a
CHAPTER 2
PROTECTING IT’S THE CALL you’ve feared. The phone scheduled for next month, making
YOUR SECRET rings at 9 a.m. on a Sunday. You’re the this about the worst time possible for
SAUCE
chief information security officer of a an accidental disclosure. It’s not like
medium-sized retailer, and weekend you can blame this one on evil hack-
a calls aren’t all that unusual. But within ers.
CHAPTER 3
WHERE DATA 30 seconds of picking up the phone, This situation is hypothetical, but it
LIVES you know your weekend, if not your illustrates the pressures companies
job, is over. One of the customer serv- are under. Data protection grows
a ice managers accidentally emailed an more critical every day as our sensi-
CHAPTER 4
MANDATING
Excel file of all the clients acquired tive information faces increasing
ENCRYPTION last quarter to an external distribution scrutiny from regulators and business
list while trying to send it to his per- partners. It’s no longer just a matter
sonal Gmail account to work on over of keeping the bad guys away from
the weekend. Worse yet, the file con- data. Businesses now are expected to
tains full credit card and verification handle it responsibly, often in accor-
numbers. dance with contractual or legal
The really bad news? You recently requirements. Yet the average organi-
signed off on your self-assessment zation typically has little idea of
for your Payment Card Industry Data where its sensitive data is, never mind
Security Standard audit and affirmed how it’s really being used.
that you don’t keep card numbers in During the past five years, a new
an unencrypted format. No one told category of tools emerged to address
you about the nightly database this problem. Data loss prevention
extract the customer relations team (DLP) products help companies
runs with the credit card number as understand where their sensitive data
the primary key. Your external audit is is located, where it’s going and how
17 DLP ESSENTIALS
CHAPTER 3 » WHERE DATA LIVES
it’s being used, and they can some- snap purchases or set their expecta-
times enforce protective policies. The tions inappropriately high will strug-
technology may not always stop evil gle with this powerful collection of
hackers, but it offers considerable tools.
help in protecting a business from
internal mistakes and in cost-effec-
tively managing compliance. DEFINING DLP
a Knowing where sensitive content is DLP is one of a dozen or so names for
CHAPTER 1
DLP: IT’S NOT
located protects the organization and this market; others are information
JUST FOR BIG may reduce the time and cost of leak prevention and content monitoring
FIRMS ANYMORE
audits; a company can prove that its and filtering. To further complicate
data is appropriately secured and matters, data loss prevention is so
a show real-time controls to detect vio- generic a term it could easily apply to
CHAPTER 2
PROTECTING lations. By gaining considerable any data protection technology;
YOUR SECRET insight into how data is communicat- everything from encryption to port-
SAUCE
ed internally and externally, odds are blocking tools is hopping on the DLP
that an organization will identify a bandwagon. While early tools were
a number of risky business processes— tightly focused on preventing data
CHAPTER 3
WHERE DATA like the above nightly database dump leaks on the network, the market is
LIVES and use of personal email accounts. It rapidly evolving toward robust solu-
also gains the ability to prevent acci- tions that protect data in motion on
a dents and eliminate bad habits, like the network, at rest in storage and in
CHAPTER 4
MANDATING
improper use of USB drives. DLP use on the desktop, all based on deep
ENCRYPTION won’t make you compliant, but its content inspection and analysis.
combination of risk reduction, insight So DLP is a class of products that,
and potential audit cost reduction is based on central policies, identify,
compelling. monitor and protect data at rest, in
Yet, while DLP tools have signifi- motion and in use, through deep con-
cant potential to reduce an organiza- tent analysis. Other defining charac-
tion’s risk of unapproved disclosures teristics are:
of sensitive information, they are
among the least understood and ■ Broad content coverage across
most overhyped security technolo- multiple platforms and locations.
gies on the market. Organizations ■ Central policy management.
that take the time to understand the ■ Robust workflow for incident
18 DLP ESSENTIALS
CHAPTER 3 » WHERE DATA LIVES
19 DLP ESSENTIALS
CHAPTER 3 » WHERE DATA LIVES
binations to identify matches; and risk, and then slowly add other con-
statistical techniques that use a large tent—generally trade secrets and
repository of related content to iden- intellectual property—once they get
tify consistencies and create policies. comfortable with their tools.
All the leading products can com- The last major component of DLP
bine different analysis techniques into solutions is an endpoint agent to
a single policy to improve accuracy. monitor use of data on the user’s
a The content analysis technique will desktop. A “complete” agent theoreti-
CHAPTER 1
DLP: IT’S NOT
directly determine what products cally monitors network, file and user
JUST FOR BIG make the short list, but companies activity such as cut and paste, but
FIRMS ANYMORE
should make sure to account for few real-world tools provide full cov-
future needs. Although most of the erage. Most products start with file
a market—90%, by some estimates—is monitoring for endpoint content dis-
CHAPTER 2
PROTECTING focused on protecting PII, about 30% covery and to detect (and block) sen-
YOUR SECRET to 40% of those organizations are sitive data transfers to portable stor-
SAUCE
also interested in protecting unstruc- age. Rather than completely blocking
tured data. They start by using DLP to USB thumb drives to protect data, an
a protect PII to reduce their compliance organization can use these tools to
CHAPTER 3
WHERE DATA
LIVES
20 DLP ESSENTIALS
CHAPTER 3 » WHERE DATA LIVES
21 DLP ESSENTIALS
CHAPTER 3 » WHERE DATA LIVES
22 DLP ESSENTIALS
CHAPTER 3 » WHERE DATA LIVES
23 DLP ESSENTIALS
Co m p l e t e A p p l i c a t i o n a n d
D a t a b a s e S e c u r i t y L i fe c yc l e
Free Guide:
Register for the Essential Series “The Role of Database Activity Monitoring in Database
Security”. This guide outlines the best practices for database activity monitoring and
describes how to implement this increasingly important technology.
Divided into three articles:
» Article 1: Data Discovery and Classification in Database Security
» Article 2: Database Assessment and Management in Database Security
» Article 3: Mitigating Risks and Monitoring Activity for Database Security
Mandating Encryption
State laws and industry standards are
forcing organizations to encrypt or face penalties.
Here are the options they can use.
a
CHAPTER 1 BY B R I E N P O S E Y
DLP: IT’S NOT
JUST FOR BIG
FIRMS ANYMORE
25 DLP ESSENTIALS
CHAPTER 4 » MANDATING ENCRYPTION
26 DLP ESSENTIALS
CHAPTER 4 » MANDATING ENCRYPTION
drive and use them to unlock the Of course, these are just software-
encrypted data. Many third-party based encryption solutions native to
encryption products protect against Windows. There are also third-party
this by storing the encryption keys on encryption solutions that work at the
USB flash drives or on network hardware and software levels.
servers.
a Network encryption
CHAPTER 1
NETWORK ENCRYPTION
DLP: IT’S NOT
JUST FOR BIG Encryption at the storage level does a
has traditionally been
FIRMS ANYMORE
good job of protecting files residing difficult to implement.
on storage media, but it does nothing The other major
a to protect data in transit. Data flow-
CHAPTER 2
ing across a network or the Internet is
drawback is it can
PROTECTING
YOUR SECRET unprotected unless the session is degrade performance.
SAUCE
encrypted. A hacker can easily use a
packet sniffer to capture a copy of
a individual packets as they flow across There are two major drawbacks to
CHAPTER 3
WHERE DATA the network, a technique used in encrypting network traffic. First, net-
LIVES recent high-profile credit card thefts work encryption has traditionally
from retailers. These packets can been difficult to implement. For
a then be reassembled and the data example, using IPSec encryption usu-
CHAPTER 4
MANDATING
within them extracted. At one time ally requires an organization to install
ENCRYPTION this was considered a fairly advanced an enterprise certificate authority. An
type of attack. Today, though, utilities administrator will also have to under-
exist that take all the work out of a stand the key management process
network sniffing attack. Even an and know how to set group policies
unskilled hacker can use such a utility that require network computers to
to steal data. use IPSec encryption. Additionally,
There are countless mechanisms IPSec encryption will fail unless net-
available for protecting data as it work clients are using operating sys-
flows across a network. Windows tems that support IPSec.
Server provides IPSec encryption. The other major drawback to net-
Mobile users accessing a Windows work traffic encryption is that it can
network through a Windows-based degrade performance. Every time a
virtual private network can be pro- client needs to communicate over the
tected by Point-to-Point Tunneling network, the client must establish a
Protocol, Layer 2 Tunneling Protocol session and encrypt the data that is
or Secure Sockets Layer encryption. to be transmitted. The recipient must
27 DLP ESSENTIALS
CHAPTER 4 » MANDATING ENCRYPTION
28 DLP ESSENTIALS
CHAPTER 4 » MANDATING ENCRYPTION
The nice thing about rights man- often provide guidance on the types
agement is that permissions are typi- of encryption solutions that must be
cally linked to a back-end server. This used.
means that if a user were to copy a Most organizations will want to
rights-managed file onto removable take a layered approach. When it
media and then leave the company,
the administrator could prevent the
a data in that file from being accessed The nice thing about
CHAPTER 1
by the former employee by simply
DLP: IT’S NOT
JUST FOR BIG removing the rights. rights management
FIRMS ANYMORE
Windows natively supports rights is the permissions are
management, but third-party prod- typically linked to a
a ucts offer similar capabilities. For the
CHAPTER 2
PROTECTING most part, rights management works back-end server.
YOUR SECRET very well, but the initial setup can be
SAUCE
complicated, depending on the prod-
uct. Also, depending on how rights comes to encryption, the general rule
a management is set up, mobile users is that data needs to be protected at
CHAPTER 3
WHERE DATA may not be able to open rights-man- rest and in motion. If data is encrypt-
LIVES aged documents unless they have ed at only the storage level, or only
connectivity to the company’s rights while in transit, then the data is not
a management server. Another poten- fully protected against potential
CHAPTER 4
MANDATING
tial downside is that not all types of exposure. Although application-level
ENCRYPTION data can be rights managed. On the encryption fulfills both of these crite-
upside, rights management does ria, it should be used only to augment
solve the management headaches your network’s security, not as the
typically associated with application- sole encryption method. The reason
level encryption. is that not every application offers
built-in encryption, and those that do
have varying encryption strengths.
HOW TO CHOOSE If a company is not subject to regu-
With so many types of encryption lations requiring encryption, it’s criti-
available, it can be tough for a com- cal to consider the total cost and staff
pany to figure out which one is best requirements associated with deploy-
suited to its needs. The first step is to ing and maintaining the technology.
determine whether your organization Encryption can cost a significant
is subject to any federal or industry amount in terms of hardware, soft-
regulations that mandate how data is ware and support, and it is important
to be secured. If so, these regulations to make sure the benefits justify the
29 DLP ESSENTIALS
CHAPTER 4 » MANDATING ENCRYPTION
expenditures.
Whatever encryption solution a
company chooses, it should be trans-
parent to end users and compatible
with your network infrastructure.
Some encryption solutions cause
complications with backing up data
a or with accessing or encrypting data DLP Essentials is produced by
CHAPTER 1 Security Media Group and CIO Decisions/
DLP: IT’S NOT
on a storage area network. Make sure IT Strategy Media Group,
JUST FOR BIG the solutions you are considering will © 2009 TechTarget.
FIRMS ANYMORE
not cause a significant administrative
burden once the initial setup is com- MANAGING EDITOR
a plete. CIO/IT STRATEGY MEDIA GROUP
CHAPTER 2 Jacqueline Biscobing
PROTECTING While encryption definitely has its
YOUR SECRET place in an enterprise security strate-
SAUCE
gy, a company can’t rely on encryp- ART DIRECTOR OF DIGITAL CONTENT
Linda Koury
tion to solve its security problems.
a Most security experts agree that
CHAPTER 3
WHERE DATA there is no such thing as a foolproof CONTRIBUTING WRITERS
Richard E. Mackey, Russell L. Jones,
LIVES security solution. Any security mech- Rena Mears, Rich Mogull, Brien Posey
anism can be circumvented with
a enough time and effort, including
EDITORIAL DIRECTOR
CHAPTER 4
MANDATING
strong encryption. The key to good SECURITY MEDIA GROUP
30 DLP ESSENTIALS
R E SO U RC E S FROM OUR SPONSORS
31 DLP ESSENTIALS