As demonstrated by the leak of hundreds of thousands of sensitive US
documents to WikiLeaks, organizations need to do more to protect their
documents than preventing their unauthorized disclosure, according to
Adi Ruppin, vice president of marketing at WatchDox.
Simply taking steps to protect the data loss is no longer enough;
organizations need to implement measures to control and track
documents even after they have been transferred or leaked, Ruppin told
Infosecurity.
“People are not aware enough of the problem….Organizations might have
access controls in place and encryption, but people don’t realize that
if a person already has access to these documents, there is little to
prevent that person from forwarding them to someone else or
downloading them to a USB drive”, he said.
“Most people still think, ‘I have this password and this encryption,
so I’m fine.’ They don’t realize that this is just one point of
protection; these documents still need to be protected wherever they
go afterward”, he added.
WatchDox offers products that enable an organization to deny access to
documents even after they are no longer under the organization’s
direct control.
Ruppin said he was “surprised” at the extent of the US government's
data loss to WikiLeaks. “You would expect [the US government] to have
some tools in place” that would enable control of documents even after
an unauthorized disclosure.
According to the WikiLeaks website, it has over 391 000 US military
reports on the Iraq and Afghanistan wars, as well as more than 250 000
leaked US embassy cables.
According to a WatchDox survey of 500 corporate executives and IT
professionals, 65% of respondents said they share sensitive data with
third parties. Of those, 96% said they are concerned that data they
share with other organizations might get into the wrong hands.
One-third admitted that they have had a least one incident of data
loss.
A full 83% of those surveyed ranked document and intellectual property
security as very important, ahead of anti-virus and network security.
But only 12% are using a data loss prevention (DLP) or digital rights
management (DRM) system.
But even these systems are not adequate to prevent a massive loss of
documents like WikiLeaks. “If you look at DLP or DRM, they are mostly
built around preventing the stuff from going out, which is not a
complete solution”, Ruppin said.
“Once these documents go to another destination, you still need to
maintain control over them, otherwise you get a WikiLeaks or somebody
posting the [Transportation Security Administration’s] screening
manual online. You cannot relinquish control of documents once they
are shared”, he stressed.
No comments:
Post a Comment