Prepare to plug your content security holes

Employees saving data on to portable storage devices could be sharing trade secrets or other confidential information with competitors.

Denial of service attacks, viruses, spyware and phishing schemes may be the best-known corporate security threats, but vendors are pushing products designed to address "content security" holes.

The content security market is huge. Infonetics Research forecasts the market for content security appliances and software will be US$2.4 billion in 2010. Sales of content security gateways were US$392.3 million during the third quarter of 2007, up four per cent from the previous quarter.

One area of content security is commonly referred to as data loss prevention, though the term is a bit of a misnomer (as is another term, data leakage), because the threat is not from losing data permanently. Data leakage is when employees copy data on to portable storage devices or send it to someone else by e-mail.

Vendors say users should be concerned, because employees saving data on to portable storage devices could be sharing trade secrets or other confidential information with competitors. Companies could also put themselves at risk of lawsuits if employees copy sensitive personal or corporate information - on customers or workers.

To address this concern, some vendors are pushing products that prevent employees from copying information to their own devices. For example, Vericept Edge, made by Vericept, has detection and classification software designed to look for sensitive data on desktop and notebook PCs, and blocks the unauthorized use of USB drives and iPods. It can prevent users from opening and saving sensitive files to local drives or USB drives, and can audit workers when they do save these files.

But employees don't need USB memory sticks or iPods to cause data leakage. Data can leak out in other ways - through phone conversations, photocopies, or simply when an employee takes handwritten notes and passes it on to others. In fact, if an employee has malicious intent and even a tiny bit of IT knowledge, he or she is unlikely to save sensitive data on to a USB memory stick (or iPod or CD) or e-mail it, knowing his or her action can be detected.

When we're talking about sensitive information, we often think of medical information, sensitive financial records or trade secrets. But some seemingly innocuous documents, which may be saved electronically, can actually contain sensitive information. For example, do your workers ever handle invoices from self-employed contractors? Do these have their social insurance numbers or residential street addresses?

IT or business managers who fret over employees with memory sticks or CDs should ask why the workers are using these devices. Could it be a simple (though crude) method of backing up data? Have you ever heard complaints from workers that he or she could not access data saved to a shared drive? Do some workers need to catch up on work at home?

If you don't want your employees backing up data on to their memory sticks or CDs (or e-mailing files to themselves) you need to educate them on your company's policies. For example, senior managers could say, "If the computer system crashes and you have lost all of your work, you are not responsible for reconstructing this in any way." Or they could say, "We guarantee if the system goes down, your work will be retrieved with no delay."

If you can't provide such assurances to your workers, and you also tell employees they are prohibited from saving data to USB sticks, you're putting your workers between a rock and a hard place. Who would want to work in an environment where critical data is saved electronically, on a system with unreliable backup and recovery?

When forming content security policies, IT managers should always consider what they prescribe in the context of their backup and recovery measures. Before rushing out to buy a content security product, ask whether it will actually prevent data leakage.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Computerworld Staff

ComputerWorld Canada
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?