Technology Sectors

Market Sectors

Lessons learned from WikiLeaks

Mon, 2011-01-03 06:43 PM
By: Adi Ruppin

Adi Ruppin

WikiLeaks is only one example (albeit a major one) in a chain of data leakage incidents in recent months. Looking back over the last year or so, you might also recall the posting of TSA screening manuals online, the unintentional release of numerous product specs, as well as many other incidents.

Why are we seeing so many leaks lately? Here are three reasons:

Reason 1: The need to share

Leakage is in no small part due to the fact that data sharing and collaboration have become a “must” in today’s increasingly mobile and global world. This more complex world makes it easier to share and collaborate, but also makes it exceedingly easy for information to leak.

Reason 2: Ease of use

This is the usual security-versus-connectivity paradox. You need to find the optimal solution that balances security and connectivity. You cannot lock down all documents in a vault and not share them with anyone. Nor can you indiscriminately send them via unprotected e-mail. A major reason why documents leak is that most existing solutions are extremely cumbersome to use. They involve installing servers, agents, defining policies and more. And, if something is hard to use, chances are people will not use it.

Reason 3: The right solution for the problem

There is a lot of confusion in the market today, with many different product categories available, such as data loss prevention (DLP), enterprise digital rights management (DRM), e-mail encryption, virtual data rooms and many others. For example, just because you’re using encrypted e-mail doesn’t mean your information will not leak, as this type of protection typically applies only when the document is in transit. As soon as it gets to its destination, it can be freely forwarded to an unauthorized party. It is important to make sure that your solution is solving the right problem.

So what can you do?

In our world, without walls, we need to assume that documents must be shared across organizational boundaries and across different platforms, such as PCs and mobile devices. So, it is pointless to try to protect some nonexistent perimeter. Ultimately, the only solution is to embed security and controls into the documents themselves. New technologies allow document owners to maintain control and track files throughout the documents’ lifecycles. Such solutions allow users to control who views documents and who prints them, and even lets them wipe files completely at any time; even after they have been downloaded.

Adi Ruppin is vice president of marketing and business development for WatchDox, a provider of document protection, control and tracking solutions. Ruppin can be reached at:

adi@watchdox.com

 

 

 

Tags:
 
  • Share/Save
  • Email this page
  • Printer-friendly version
 

Recent Webinars

Powerful Cyber Intelligence: Deep Analytics and Big IT Data
Thu, 04/26/2012 - 2:00pm - 3:00pm

Extracting real-time intelligence from Big Data with deep analytics is valuable but dif

Upcoming Events

Event Details Dates of Event
SANS Security West 2012 May 10 - 18
SANS Toronto 2012 May 14 - 19
SANS Secure Indonesia 2012 May 14 - 19
Emergency Management Seminar May 15 - 15
Counter Terror Expo US May 16 - 17
Emergency Management Seminars May 17 - 17
SANS at iTWeb Security Summit 2012 May 17 - 18
New Fire & Emergency Communications Codes Educational Seminar May 18 - 18
Managing Your Physical Security Program: Collaborate and Manage Smarter May 21 - 24
SANS Brisbane 2012 May 21 - 26
CEIC 2012 (Computer and Enterprise Investigations Conference) May 21 - 24
NERC CIP Compliance Training May 24 - 24
NESCO Town Hall: Security Risk Management Practices for Electric Utilities May 30 - 31
Advanced Hands-On CAMEO Training Jun 4 - 6
Security Program Design: A Critical Infrastructure Protection Model Jun 4 - 5
Facility Security Design Jun 4 - 6
SANS Rocky Mountain 2012 Jun 4 - 9
F5 Government Technology Symposium Jun 6 - 6
SEL Modern Solutions Power Systems Conference Jun 6 - 8
Second Annual Citizen Engagement Seminar Jun 12 - 12
ASIS Assets Protection Course: Functional Management (APC III) Jun 18 - 21
SANS Malaysia 2012 Jun 18 - 23
Data Center Brainstorm 2012 Jun 19 - 19
SANS Forensics and Incident Response Summit 2012 Jun 21 - 27
Vanguard Security & Compliance 2012 Jun 25 - 28
SANS Canberra 2012 Jul 2 - 10
SANSFIRE 2012 Jul 7 - 15
Executive Protection Jul 9 - 10
Military Vehicles Exhibition & Conference Jul 10 - 13
NERC CIP Compliance Training Jul 12 - 12
Security Force Management Jul 16 - 17
Physical and Logical Security: Advanced Applications and Economics Jul 16 - 19
Investigative Interviewing Methods Jul 18 - 19
SANS Thailand 2012 Jul 23 - Aug 4
SANS San Francisco 2012 Jul 30 - Aug 6
College & University Police & Investigators Conference Jul 31 - Aug 3

Full 2012 Calendar