News reports of data loss incidents are a regular occurrence. Companies who have suffered an incident report negative business impact due to high recovery cost, compliance fees and penalties, and negative customer perception against an otherwise strong image and brand reputation. In an attempt to bring some order into the data security evaluation process, Egress Software analyzed the frequency of various modes of data loss as a method to order the most effective data security investment. Our recommendation is simple, put security around data where it is most frequently lost, and work towards complete coverage over time. Egress Software offers products, services, and our expertise to deliver data security. Using our industry experience, we have selected partners that offer best-in-breed data security components. When we can’t find the right product, we build our own.
Analysis of unreported loss incidents (from our customers) and public data breach records
continue to show that lost PCs and handhelds are the single largest source of
data loss incidents. With the advances
in Full Disk Encryption technology and increased global spending for these
solutions, still nearly half of the incidents are the result of mobile
computers gone missing. Armed with this information, the most
effective step in a security strategy is to plug the biggest hole first. At a minimum, this means use of Full Disk
Encryption on any mobile computer that can contain sensitive information. To simplify planning, make an assumption that
any notebook could be mobile and could contain sensitive information in the
form of files, database extracts, or emails and their attachments.
The same analysis of unreported and reported loss incidents shows that information
shared with third parties (such as business partners or contractors) account
for over one-third of data loss incidents. There are two key reasons for this. First, organizations focus on what they can control (their users, their
policies, their security technology) leaving it to a matter of trust for the
business partner to handle information with the same care that is used
internally. Second, there have only been
limited solutions for secure data exchange in recent years, and most of these
have been viewed as “too complex” for practical use. This area of data loss is exactly the
reason that Egress Software Technologies created Switch. A solution that is easy to deploy and use, strong in security, and
economical in operation, Egress Switch fills the second largest hole in data
security strategies today. At a minimum,
users who are responsible for interaction and data sharing with third parties
should be provided a subscription to Egress Switch.
Analyzing confidential and public loss incidents has shown that portable devices capable
of storing large amounts of information might be risky. With the increase of end user access to
plug-and-play storage and consumer electronics devices, information can move
out of an organization’s control and never be detected at a network gateway. Over ten percent of data loss happens in this
way. Striking the right balance between end
user productivity, a competitive workplace, and security can be a
challenge. However, best-of-breed port
control technology coupled with media encryption technology can ensure that
information can only be copied to the plug-and-play devices allowed by
policy. Additionally, enforcing
encryption of information copied to these devices also ensures that the benefit
of mobile working always outweighs the cost. To close this third largest hole
in data loss, any computer that has plug-and-play support should have port
protection, and any portable storage media should be encrypted.
Mobile workers typically need access to a company’s network resources when they are away from
their office. Allowing this type of
access can become a source of data insecurity. Our data loss information shows about ten percent of data loss incidents
happen over the network. Strong network
perimeter security prevents unauthorized access while allowing easy connection
for trusted users. The solution is providing the right
access to trusted users. A range of
client and clientless VPN access solutions may be required to address the
specifics of mobile workers and business partners. By controlling any and all access, the
network perimeter security can be preserved.
By following a practical approach to data security, solutions can be implemented that take a step-wise approach to risk reduction. Egress Software Technologies has the expertise and track record to help small and large organizations evaluate options or develop plans. In addition to the solution elements described above, Egress expertise is available in the form or our certified consultants to assist with planning, implementation, or ongoing support of any components of your data protection strategy.
Switch users tell us that this additional information has been useful when explaining secure data exchange to their recipients.
