Lessons learned from WikiLeaks
WikiLeaks is only one example (albeit a major one) in a chain of data leakage incidents in recent months. Looking back over the last year or so, you might also recall the posting of TSA screening manuals online, the unintentional release of numerous product specs, as well as many other incidents.
Why are we seeing so many leaks lately? Here are three reasons:
Reason 1: The need to share
Leakage is in no small part due to the fact that data sharing and collaboration have become a “must” in today’s increasingly mobile and global world. This more complex world makes it easier to share and collaborate, but also makes it exceedingly easy for information to leak.
Reason 2: Ease of use
This is the usual security-versus-connectivity paradox. You need to find the optimal solution that balances security and connectivity. You cannot lock down all documents in a vault and not share them with anyone. Nor can you indiscriminately send them via unprotected e-mail. A major reason why documents leak is that most existing solutions are extremely cumbersome to use. They involve installing servers, agents, defining policies and more. And, if something is hard to use, chances are people will not use it.
Reason 3: The right solution for the problem
There is a lot of confusion in the market today, with many different product categories available, such as data loss prevention (DLP), enterprise digital rights management (DRM), e-mail encryption, virtual data rooms and many others. For example, just because you’re using encrypted e-mail doesn’t mean your information will not leak, as this type of protection typically applies only when the document is in transit. As soon as it gets to its destination, it can be freely forwarded to an unauthorized party. It is important to make sure that your solution is solving the right problem.
So what can you do?
In our world, without walls, we need to assume that documents must be shared across organizational boundaries and across different platforms, such as PCs and mobile devices. So, it is pointless to try to protect some nonexistent perimeter. Ultimately, the only solution is to embed security and controls into the documents themselves. New technologies allow document owners to maintain control and track files throughout the documents’ lifecycles. Such solutions allow users to control who views documents and who prints them, and even lets them wipe files completely at any time; even after they have been downloaded.
Adi Ruppin is vice president of marketing and business development for WatchDox, a provider of document protection, control and tracking solutions. Ruppin can be reached at:
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|