Prepare to plug your content security holes

Employees saving data on to portable storage devices could be sharing trade secrets or other confidential information with competitors.

Denial of service attacks, viruses, spyware and phishing schemes may be the best-known corporate security threats, but vendors are pushing products designed to address "content security" holes.

The content security market is huge. Infonetics Research forecasts the market for content security appliances and software will be US$2.4 billion in 2010. Sales of content security gateways were US$392.3 million during the third quarter of 2007, up four per cent from the previous quarter.

One area of content security is commonly referred to as data loss prevention, though the term is a bit of a misnomer (as is another term, data leakage), because the threat is not from losing data permanently. Data leakage is when employees copy data on to portable storage devices or send it to someone else by e-mail.

Vendors say users should be concerned, because employees saving data on to portable storage devices could be sharing trade secrets or other confidential information with competitors. Companies could also put themselves at risk of lawsuits if employees copy sensitive personal or corporate information - on customers or workers.

To address this concern, some vendors are pushing products that prevent employees from copying information to their own devices. For example, Vericept Edge, made by Vericept, has detection and classification software designed to look for sensitive data on desktop and notebook PCs, and blocks the unauthorized use of USB drives and iPods. It can prevent users from opening and saving sensitive files to local drives or USB drives, and can audit workers when they do save these files.

But employees don't need USB memory sticks or iPods to cause data leakage. Data can leak out in other ways - through phone conversations, photocopies, or simply when an employee takes handwritten notes and passes it on to others. In fact, if an employee has malicious intent and even a tiny bit of IT knowledge, he or she is unlikely to save sensitive data on to a USB memory stick (or iPod or CD) or e-mail it, knowing his or her action can be detected.

When we're talking about sensitive information, we often think of medical information, sensitive financial records or trade secrets. But some seemingly innocuous documents, which may be saved electronically, can actually contain sensitive information. For example, do your workers ever handle invoices from self-employed contractors? Do these have their social insurance numbers or residential street addresses?

IT or business managers who fret over employees with memory sticks or CDs should ask why the workers are using these devices. Could it be a simple (though crude) method of backing up data? Have you ever heard complaints from workers that he or she could not access data saved to a shared drive? Do some workers need to catch up on work at home? If you don't want your employees backing up data on to their memory sticks or CDs (or e-mailing files to themselves) you need to educate them on your company's policies. For example, senior managers could say, "If the computer system crashes and you have lost all of your work, you are not responsible for reconstructing this in any way." Or they could say, "We guarantee if the system goes down, your work will be retrieved with no delay."

If you can't provide such assurances to your workers, and you also tell employees they are prohibited from saving data to USB sticks, you're putting your workers between a rock and a hard place. Who would want to work in an environment where critical data is saved electronically, on a system with unreliable backup and recovery?

When forming content security policies, IT managers should always consider what they prescribe in the context of their backup and recovery measures. Before rushing out to buy a content security product, ask whether it will actually prevent data leakage.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Computerworld Staff

ComputerWorld Canada

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?