The Ponemon Institute estimates that 6 out 10 people leaving their jobs will take some sort of company data assets with them. See the article here. This is regardless of whether the employees are voluntarily or involuntarily leaving the company. I expect the number would be higher in the involuntary case. But, the malicious insider is really a threat that most companies choose to ignore. Most companies I talk with are much more concerned about outsiders … though this suggests that they should worry at least as much about the malicious insider.
Companies that do take this threat of the malicious insider seriously, deploy data loss prevention (DLP) solutions from vendors such as McAfee, Symantec, Websense, Trendmicro, Cisco. These DLP solutions have three core functions: Discovery, Endpoint Protection, and Network Protection. Discovery includes automatic or manual classification of electronic data held within the company. Endpoint Protection provides the ability to prohibit writing to USB sticks, CDRW drives, cut-and-paste operations, print screen requests, etc. The prohibitions are usually enforced using the classification of the data determined by Discovery. Network Protection provides the ability to stop the transmission of protected data via a number of TCP/IP or UDP/IP protocols. Usually, SMTP, HTTP, HTTPS, FTP, SMS, and chat protocols are protected.
The problem most of these companies miss is that they remain vulnerable to data loss if they have deployed VoIP (and almost everyone has a least some VoIP deployed today). Here is why: VoIP is not just another data application. It is different and demanding. VoIP requires low-latency (packets must get through the network fast) and low-jitter (the transmission of the packets must be very consistent) or the result is really bad quality voice service. The DLP Vendors mentioned use packet inspection technolgy. Packet inspection requires each packet to be stopped, opened, examined, analyzed and then passed through if appropriate. As you can imagine, this slows down packets and disrupts the consistency of the transmission of the packets and would ruin voice quality. Additionally, VoIP must use encryption to provide private phone calls (who can afford to have people listen to what they are saying). This encryption, hides the content and makes a packet inspection based solution impractical. The encrypted packets can’t be opened for inspection!
A robust data loss prevention solution must include products to guard against data theft through a VoIP network. The big DLP vendors must provide a solution to data loss over VoIP otherwise HIPAA, SOX, FERPA, GLBA and PCI DSS compliance is lost!
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.