The right Formula for preventing data leaks

From the race track to the boardroom, data leaks are bad news. Just ask Ferrari and McLaren. Or Monster.com, which lost over a million customer records to phishers.

Companies are facing spiralling pressures to protect business data, as regulatory mandates on information protection increase. It’s a race to secure data against increasingly smart hackers.

The race is made harder by the need to protect sensitive data whether it’s parked – for example, stored within the enterprise – or in motion, on the network or on external links. However, the bulk of the task is controlling access and use of this data by employees and trusted third parties.

The task is made harder by the influx of digital media players, cameras, IM, social networking sites, and USB devices into the workplace, which are all potential sources of leaks.

Hence the growing interest in data leak protection (DLP), as companies search for the policies, processes and tools to plug leaks and protect their intellectual property. So what’s the right formula for DLP? And how do VARs help deliver that protection – adding value and accelerating their business?

A 2007 Gartner report identified four key technologies as the biggest risks. Let’s deal with each in turn, and evaluate the solutions and policies that help you to help your customers manage each risk type.

Stopping the bus
USB devices are a key risk, said Gartner. These must be included in the business acceptable usage policy (AUP), and users educated on the risks. But policies alone aren’t enough.

Some companies have reportedly blocked USB ports with glue, but enforcement is more manageable with a port control product, which automatically blocks USB devices from unauthorised use. Advanced products also include transparent encryption, so that information copied via USB is rendered inaccessible to thieves.

Curbing the office social
Blogging, and use of social networking websites should also be added to the AUP. The business should specify what it’s comfortable allowing employees to discuss. Intellectual property and confidential data should obviously be restricted from blogs, and networking sites. Again, policies should be enforced by products, to limit risk.

Mobile matters
Mobile devices run increasingly robust business applications, and are targeted by malicious code. Enterprises should control this risk by deploying encryption for all approved mobile devices. Ensure that the encryption product you recommend is proven, transparent and automatic, creating an enforceable solution that holds up to stringent compliance requirements.

Going remote
Employees connect to enterprise resources through unmanaged networks, from unmanaged remote devices. This can punch holes in the company's network security. Companies should deploy VPNs to restrict access based on checks of the security of the user’s endpoint. IPSec VPN clients enable increased control and management of the remote access point, which increases protection of corporate assets.

Combined, these four steps result in a formula that will enable you to help most companies mitigate the risks of data leaks. It’s a long race, but the rewards of the podium are sweeter than crashing out on the track.