Insider data leakage
Consultancies get in on the act
By Chris Mellor, Techworld | Techworld | Published: 15:00, 03 September 2007
Finding out your perimeter security is about as effective as a sieve is a chastening experience. Monster.com is the latest IT service company to suffer large-scale leakage of sensitive data from its disk drives. Not surprisingly the major IT consultancies are offering guidance and advice on how to deal with the data breach problem, and focusing on insider leak prevention (ILP).
Symantec and Accenture have an alliance that includes looking at ILP issues. They state, "It is hoped customers will use Accenture and Symantec's Security Transformation Services, to build and implement data security projects for organisations grappling with the increasing complexity of managing risk in their IT environment."
Both Forrester and Accenture have ILP awareness-raising efforts underway.
Forrester
Forrester has a focus on information leak prevention (ILP) with a Forrester Wave study released last year which looked at several vendors.
Thomas Raschke is a Forrester senior analyst specialising in the subject of data leakage. He views the insider threat as being serious, that is employees, people inside the perimeter, deliberately or accidentally revealing sensitive information. They may lose laptops or remove information on USB sticks. Rashke says: "it's down to users making mistakes or acting intentionally. The traditional external security focus doesn't work," as it tries to keep bad people out.
In the insider threat situation companies need to think of extrusion prevention, not intrusion prevention. He says that there have been several US start ups in the last couple of years with: "ILP products applying policies based on content and context. They aim to deny data movement in an illegitimate business context."
However, it is still very early days in this new IT product sector.
The problem is that: "You need to know what to protect in order to protect it." He says that traditionally IT data security is a security officer problem but that, in instances such the Monster one above, it rapidly becomes a CEO-level problem.
There is a difficulty in scaling the size of the problem represented by ILP. Raschke has no financial cost estimates of such data loss and says that the reputational damage can be severe. He says: "The banks can't afford it."
There is a difficulty with accepting this assertion as no authority can identify banks or other financial institutions who have lost customers in any numbers through ILP. For example, there is no evidence that Nationwide in the UK has suffered any customer loss because of its publicised data breaches. Banks are used to being resented and disliked by their customers
Apparently though, TK Maxx has suffered customer loss since its major data breach in the USA, both in its online and in its bricks-and-mortar businesses. This was a gigantic breach with 45.7 million credit and debit card details stolen from the site. However, this was due to intrusion, not internal leakage. So while ILP must be theoretically a potentially serious problem there is no reasonably satisfactory estimate of the actual size of the problem.
This point is worth bearing in mind as Raschke's prescription for dealing with it is large scale: "We're moving to putting protection around the data itself, like a wall around the data itself. ILP impacts people, processes and technology."
