Prepare to plug your content security holes

Employees saving data on to portable storage devices could be sharing trade secrets or other confidential information with competitors.

Denial of service attacks, viruses, spyware and phishing schemes may be the best-known corporate security threats, but vendors are pushing products designed to address "content security" holes.

The content security market is huge. Infonetics Research forecasts the market for content security appliances and software will be US$2.4 billion in 2010. Sales of content security gateways were US$392.3 million during the third quarter of 2007, up four per cent from the previous quarter.

One area of content security is commonly referred to as data loss prevention, though the term is a bit of a misnomer (as is another term, data leakage), because the threat is not from losing data permanently. Data leakage is when employees copy data on to portable storage devices or send it to someone else by e-mail.

Vendors say users should be concerned, because employees saving data on to portable storage devices could be sharing trade secrets or other confidential information with competitors. Companies could also put themselves at risk of lawsuits if employees copy sensitive personal or corporate information - on customers or workers.

To address this concern, some vendors are pushing products that prevent employees from copying information to their own devices. For example, Vericept Edge, made by Vericept, has detection and classification software designed to look for sensitive data on desktop and notebook PCs, and blocks the unauthorized use of USB drives and iPods. It can prevent users from opening and saving sensitive files to local drives or USB drives, and can audit workers when they do save these files.

But employees don't need USB memory sticks or iPods to cause data leakage. Data can leak out in other ways - through phone conversations, photocopies, or simply when an employee takes handwritten notes and passes it on to others. In fact, if an employee has malicious intent and even a tiny bit of IT knowledge, he or she is unlikely to save sensitive data on to a USB memory stick (or iPod or CD) or e-mail it, knowing his or her action can be detected.

When we're talking about sensitive information, we often think of medical information, sensitive financial records or trade secrets. But some seemingly innocuous documents, which may be saved electronically, can actually contain sensitive information. For example, do your workers ever handle invoices from self-employed contractors? Do these have their social insurance numbers or residential street addresses?

IT or business managers who fret over employees with memory sticks or CDs should ask why the workers are using these devices. Could it be a simple (though crude) method of backing up data? Have you ever heard complaints from workers that he or she could not access data saved to a shared drive? Do some workers need to catch up on work at home?

If you don't want your employees backing up data on to their memory sticks or CDs (or e-mailing files to themselves) you need to educate them on your company's policies. For example, senior managers could say, "If the computer system crashes and you have lost all of your work, you are not responsible for reconstructing this in any way." Or they could say, "We guarantee if the system goes down, your work will be retrieved with no delay."

If you can't provide such assurances to your workers, and you also tell employees they are prohibited from saving data to USB sticks, you're putting your workers between a rock and a hard place. Who would want to work in an environment where critical data is saved electronically, on a system with unreliable backup and recovery?

When forming content security policies, IT managers should always consider what they prescribe in the context of their backup and recovery measures. Before rushing out to buy a content security product, ask whether it will actually prevent data leakage.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Computerworld Staff

ComputerWorld Canada
Show Comments

Father’s Day Gift Guide

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?