The proliferation of processing power, storage capacity and bandwidth has made it possible for nearly anyone to store, download or e-mail gigabytes of sensitive content in seconds.
This kind of easy access to information has boosted productivity and fostered competitive gains in many industries.
As an unintended side effect, few, if any, large organisations have a complete view of how their most sensitive content - trade secrets, financial data, customer information and more - is dispersed across their network. This lack of knowledge, visibility and control represent the fundamental challenge underlying information risk management and content security today.
As a complementary security measure to intrusion prevention, speaking directly to this information management concern is the introduction of extrusion prevention, or information leakage prevention (ILP), as it is more generally referred to. ILP is a significant cornerstone and key touch-point when building a story and a competency around information risk management. More specifically, it addresses the ever-increasing threat landscape of managing and mitigating the insider threat element.
Information risk management
The mushrooming challenge of mobility and the proliferation of devices supporting the mobility conversation are fuelling the landscape of uncertainty and weakened control. The question of ownership of remote and mobile devices further complicates the information risk management challenge.
Policy decisions and their enforcement, as well as adequate protection efficacy, have become exponentially difficult to execute in the mobile and remote-user arena. Add to this the extension of the corporate network to partners and customers, and it is clear that information risk management is a pressing corporate priority.
The Internet is at the heart of this conversation. Although being a vital business enabler, which has always been its raison d`etre, the Internet unwittingly also birthed the introduction of many continuously evolving classes of attacks and threat vectors. Single-handedly, the Internet also consequently spurred the creation of the rapidly evolving and continuously expanding information security vendor landscape. To boot, the Internet is, in fact, the predominant reason why many security developers and professionals are gainfully employed today.
Add to this consideration the latest statistical milestone which states that very soon the Internet will eclipse the telephone as the most used communication medium globally and one can quickly conclude what this means to the areas of data privacy, data protection and information risk management.
Unstructured content
The Internet is the predominant reason why many security developers and professionals are gainfully employed today.
Wayne Biehn is director of products and technology at SecureData.
To put this into greater perspective, consider the looming data exaflood. Researchers are postulating that if one were to quantify every spoken word since the origins of language, in aggregation this would amount to five exabytes of information. Today, one exabyte of information is transported every hour over the Internet.
Statistics reveal that content is proliferating at an amazing rate - the volume of unstructured business content is estimated to be doubling every three months.
While the obvious business risks associated with information leakage - loss in customer confidence, damage to brand, loss of customers and trade secrets - are considerations, a further driver for corporate adoption of controls and measures to mitigate risks are the existence of regulations and standards.
Content security standards and disclosure regulations affect virtually every company in every industry. In the last 18 months, more than 40% of the reported data breaches of personally identifiable customer and employee information have been due to lost or stolen laptops and other media containing sensitive content. Companies of all sizes and industries have recently learned the hard way about costly and irreparable data breaches - proof that that every company is susceptible to insider threat.
Challenges
Hand in hand with this development is the escalating network and data risk consideration. From a security perspective, identity theft has reportedly cost the global market an estimated $56 billion in 2006. With spam incidents reaching 12.4 billion events per day, this challenge costs business an estimated $8.9 billion per year.
From a business continuity perspective, the costs of business downtime due to security incidents is estimated to be in the magnitude of millions of dollars too. From a compliance perspective, the US`s Sarbanes-Oxley corporate governance regulations have cost business an estimated $5.86 billion. These figures illustrate the size of the problem and the investment business is making in addressing information risk management`s needs.
Relying on end-users to enforce information retention and security policies is no longer sufficient. From a data-centric standpoint, without automated mechanisms that can locate sensitive content, wherever it may be on the corporate network, there is no way to prevent its loss, and no way to ensure compliance with regulations and security policies.
Content discovery uniquely enables companies to locate sensitive content on the network, assess and mitigate the risk of a breach, ensure compliance and prepare for audits.
* Wayne Biehn is director of products and technology at SecureData.
Share