data_leakage by vverge

VIEWS: 44 PAGES: 3

									                               INTRODUCTION TO BUSINESS ISSUES

                               Data Leakage

                               In a simplified view, Internet content security is about keeping the ‘bad stuff’ on the outside
                               of your company and keeping the ‘good stuff’ on the inside. Data leakage is concerned with
                               keeping the ‘good stuff’ on the inside - securing and managing access to your intellectual
                               property or sensitive information.


                               There are two primary data leakage                                             • Emailing data to the wrong recipient                                          A recent IDC study found that 84% of all
                               elements to be concerned with: 1) what                                         or attaching the wrong file to an email.                                        data leakage was generated internally,
                               data you want to protect and 2) what                                                                                                                           by employees, rather than being stolen
                               constitutes a leak.                                                            • Employees deliberately emailing                                               by hackers or virus infection. Another
                                                                                                              information to competitors.                                                     study in the UK by Forrester Consulting
                               Data, or the ‘good stuff’, covers a range                                                                                                                      found that more than a third of UK
                               of corporate assets such as:                                                   • Disclosure of confidential information                                        companies had suffered a leak of
                                                                                                              to the media.                                                                   sensitive information in the previous 12
                               • Intellectual Property (IP) – this                                                                                                                            months.
                               can be company secrets, product                                                • Emailing confidential information in
                               designs, mathematical formulas,                                                an un-encrypted format.                                                         The newspapers are full of high-profile
                               research papers, source code, patents,                                                                                                                         examples where companies have been
                               schematics, recipes, proposals, reports,                                       • Internal staff using webmail or email                                         exposed for the leaking of confidential
                               etc.                                                                           to discuss confidential subjects with                                           information. For example, Apple
                                                                                                              external parties.                                                               suffered significant embarrassment after
                               • Commercially Sensitive Information                                                                                                                           two employees revealed secret new
                               – this can be financial reports, employee                                      How Common is Data Leakage?                                                     product information on their personal
                               payroll documents, contracts, strategic                                                                                                                        blog sites.
                               business plans, acquisition targets,                                           It is very common. The issue with data
                               product and marketing launch plans,                                            leakage is not so much about how                                                A statistician employed by the Palm
                               budgets, customer databases etc.                                               common it is, but its severity, the nature                                      Beach County, Fla., health department
                                                                                                              of the data and how it has been leaked.                                         inadvertently emailed his colleagues
                               • Confidential Information – this can                                                                                                                          the names of 6,600 locals known to be
                               be patient health records, customer                                            In the 2006 CSI/FBI Computer Crime and                                          infected with HIV and AIDS. This was
                               financial information, legal contracts,                                        Security Survey 68% of respondents                                              a serious breach of the Federal laws
                               employee resumes, confidential supplier                                        reported they had internal security                                             on handling patient information and
                               information, pre-release reports, survey                                       breaches. These breaches included loss                                          ensuring patient privacy.
                               data, etc.                                                                     of information and Intellectual Property
                                                                                                              theft. 39%of respondents reported more                                          What are the Costs of Data
                               Leakage covers possible methods by                                             than 20% such incidents came from                                               Leakage?
                               which this data could be accidentally                                          inside their organizations.
                               distributed or stolen. This could include:                                                                                                                     There are many costs associated with
                                                                                                                                                                                              data leakage. These can be anything
                                                                                                                                                                                              from public embarrassment, to financial
                                                                                                                                                                                              loss, reduced stock equity, loss of
                                                                                                                                                                                              competitive advantage or even criminal

                               A recent IDC study found that 84%                                                                                                                              investigation and prosecution.

                               of all data leakage was generated                                                                                                                              In the case of Apple, where their
                                                                                                                                                                                              employees revealed product information
                               internally, by employees, rather than                                                                                                                          before it was released, the company’s
                                                                                                                                                                                              share price plummeted after the leak
                               being stolen by hackers or virus
                               infection.




© 2006 Marshal Limited, all rights reserved. U.S. Government Restricted Rights: The software and the documentation are commercial computer software and documentation developed at private expense. Use, duplication, or disclosure by the U.S. Government is subject to the terms of the Marshal
standard commercial license for the software, and where applicable, the restrictions set forth in the Rights in Technical Data and Computer Software clauses and any successor rules or regulations. Marshal, MailMarshal, the Marshal logo, WebMarshal, Security Reporting Center and Firewall Suite   1
are trademarks or registered trademarks of Marshal Limited or its subsidiaries in the United Kingdom and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
                               INTRODUCTION TO BUSINESS ISSUES

                               Data Leakage


                               was revealed. The company was forced                                           These tools include:                                                            signatures of the file type, rather than
                               to fire the employees involved, resulting                                                                                                                      relying on the name of the file, or the
                               in embarrassment, lost productivity and                                        • Lexical Analysis – the ability to                                             file extension for identification. Using
                               legal costs.                                                                   control email based on the presence of                                          the file extension for identification
                                                                                                              certain keywords and phrases. Marshal                                           is an unreliable method used by
                               In the incident with Palm Beach health                                         can identify passages of confidential                                           some competitors that can easily
                               department, the apparent violation of                                          text either in the message body or                                              be circumvented by a user by simply
                               the Healthcare Insurance Portability                                           buried within an attachment. With                                               renaming the file extension. There
                               and Accountability Act (HIPAA) could                                           respect to web browsing, Marshal can                                            are a wide range of file management
                               result in prosecution, not to mention                                          detect attempts to upload confidential                                          options available to protect against data
                               the loss of patient confidence in the                                          text to websites. For example, attempts                                         leakage. For instance:
                               department’s ability to protect their                                          to use webmail (like Hotmail or Gmail)
                               private information and identities.                                            to send confidential information.                                               • Embedded signatures – you can
                                                                                                                                                                                              embed code words or alphanumeric
                               The financial costs of data leakage                                            • User Management – the ability                                                 markers in confidential documents such
                               are very hard to quantify. Consider                                            to restrict rights for distributing                                             as “CODEWORD123,” for example.
                               a hypothetical scenario, where a                                               confidential information to authorized                                          These markers can be made invisible
                               company’s new MP3 player designs and                                           persons only. This could mean that                                              to the reader by making the font white,
                               specifications are leaked to a competitor                                      financial reports can only be emailed                                           but MailMarshal can still detect the
                               before it is launched. This breach in                                          externally by the CFO, or product                                               code word and block any document
                               security could undermine the company’s                                         designs can only be emailed by                                                  featuring the code word being sent by
                               entire business and lose millions of                                           members of the Executive Team.                                                  an unauthorized user.
                               dollars in revenue. In addition, this                                          If another user tries to email a
                               could result in embarrassment, loss                                            confidential document to an external                                            • Fingerprinting – you can save a copy
                               of professional reputation and give a                                          email address, the message can be                                               of any confidential document or file
                               significant boost in the competitor’s                                          blocked and a notification can be sent                                          into MailMarshal’s “fingerprint” folder.
                               market share.                                                                  to your security officer, a supervisor or                                       Any email with an attached copy of
                                                                                                              other appropriate email address. User                                           a file saved in the “fingerprint” folder
                               The Marshal Solution for Data                                                  Management also allows you to restrict                                          can then be detected. Any attempt to
                               Leakage                                                                        the ability to upload certain attachment                                        email or access a restricted file can be
                                                                                                              types to websites. This can prevent                                             blocked and reported.
                               Marshal provides a range of tools                                              unauthorized users from uploading
                               which can be applied to protect against                                        Excel spreadsheets or CAD files to the                                          • File Type – specific file types such
                               data leakage. These tools work in a                                            Internet without permission.                                                    as CAD, Microsoft Project plans or
                               policy-based framework to enforce                                                                                                                              password protected zip files can be
                               security and prevent attempts to leak                                          • File Management – Marshal products                                            automatically restricted to authorized
                               information. Marshal products can                                              allow you to control over 175 different                                         users only. This prevents general
                               be adapted to identify data which is                                           file types. This control can encompass                                          users from emailing files that are
                               specific to your business and manage                                           file type, who the sender and recipient                                         not intrinsically related to their job
                               this data according to your unique policy                                      are, the presence of key words and                                              function. MailMarshal can also detect
                               requirements.                                                                  other elements. Marshal products                                                files embedded inside of other files,
                                                                                                              identify files by the characteristic code                                       such as a Word file inside of an Excel




                               Marshal provides a range of tools which can be applied to
                               protect against data leakage. These tools work in a policy-
                               based framework to enforce security and prevent attempts
                               to leak information.



© 2006 Marshal Limited, all rights reserved. U.S. Government Restricted Rights: The software and the documentation are commercial computer software and documentation developed at private expense. Use, duplication, or disclosure by the U.S. Government is subject to the terms of the Marshal
standard commercial license for the software, and where applicable, the restrictions set forth in the Rights in Technical Data and Computer Software clauses and any successor rules or regulations. Marshal, MailMarshal, the Marshal logo, WebMarshal, Security Reporting Center and Firewall Suite   2
are trademarks or registered trademarks of Marshal Limited or its subsidiaries in the United Kingdom and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
                               INTRODUCTION TO BUSINESS ISSUES

                               Data Leakage


                               spreadsheet or a database file inside of                                       • Webmail Blocking – WebMarshal                                                 your organization via email or the
                               a zip compressed archive file.                                                 provides the capability to completely                                           Internet, at the gateway. Viruses and
                                                                                                              block access to blacklisted webmail                                             spyware are the most common tools
                               • Recipient Blacklisting – this allows                                         accounts. However, if you wish to allow                                         employed by hackers bent on gaining
                               you to define specific email addresses or                                      users restricted access to webmail for                                          access to confidential information
                               domains that you wish to control email                                         limited personal use, you can block                                             within your organization. By employing
                               communication to. For example, with                                            users from uploading certain file types                                         a layered approach to virus and spyware
                               MailMarshal, you can set a wildcard                                            or even adding confidential text.                                               protection at the server level, Marshal
                               rule that states “block all emails to                                                                                                                          products also help to prevent data
                               *@mycompetitor.com unless from the                                             • Anti-virus & Anti-spyware – Marshal                                           leakage by external parties.
                               Authorized Users group.” This rule                                             products support the use of many
                               would block any email going to your                                            popular third-party anti-virus and anti-
                               competitor’s email domain, coming from                                         spyware scanners. These block Trojan
                               an unauthorized email address.                                                 worms and malicious spyware entering




                               Why Marshal?

                               Today, Marshal is the solution of choice for more than 18,000 organizations worldwide, protecting in excess of 7 million users.

                               • 10 years experience in total content security solutions

                               • Solutions for companies from 10 to 100,000+ users

                               • Global 24/7 support team

                               • TRACE team insights and updates

                               • More than 40% of the Global Fortune 500 companies rely on Marshal solutions for email and Internet security needs

                               • More than 60% of the European Fortune Top 50 Companies use Marshal

                               • 45% of the USA’s Fortune Top 170 Companies use Marshal

                               • 40% of Asia’s Fortune Top 50 Companies use Marshal




                               Marshal’s Worldwide and EMEA HQ                                                Americas                                                                        Asia-Pacific
                               Marshal Limited,                                                               Marshal, Inc.                                                                   Marshal Software (NZ) Ltd
                               Renaissance 2200,                                                              5909 Peachtree-Dunwoody Rd                                                      Suite 1, Level 1, Building C
                               Basing View,                                                                   Suite 770                                                                       Millennium Centre
                               Basingstoke,                                                                   Atlanta                                                                         600 Great South Road
                               Hampshire RG21 4EQ                                                             GA 30328                                                                        Greenlane, Auckland
                               United Kingdom                                                                 USA                                                                             New Zealand

                               Phone: +44 (0) 1256 848080                                                     Phone: +1 404 564 5800                                                          Phone: +64 9 984 5700
                               Fax:   +44 (0) 1256 848060                                                     Fax:   +1 404 564 5801                                                          Fax:   +64 9 984 5720

                               Email: emea.sales@marshal.com                                                  Email: americas.sales@marshal.com                                               Email: apac.sales@marshal.com
                                                                                                              info@marshal.com | www.marshal.com


© 2006 Marshal Limited, all rights reserved. U.S. Government Restricted Rights: The software and the documentation are commercial computer software and documentation developed at private expense. Use, duplication, or disclosure by the U.S. Government is subject to the terms of the Marshal
standard commercial license for the software, and where applicable, the restrictions set forth in the Rights in Technical Data and Computer Software clauses and any successor rules or regulations. Marshal, MailMarshal, the Marshal logo, WebMarshal, Security Reporting Center and Firewall Suite   3
are trademarks or registered trademarks of Marshal Limited or its subsidiaries in the United Kingdom and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

								
To top