Skip the navigation

Six Ways To Stop Data Leaks

A data breach at DuPont offers timely lessons for thwarting insider threats.

By Jaikumar Vijayan
March 19, 2007 12:00 PM ET

Computerworld - During the five months when Gary Min was stealing $400 million worth of proprietary information from a DuPont database, he downloaded and accessed more than 15 times as many documents as the next most active user of the system. But he wasn’t caught until after he left the company for a rival firm.

Min pleaded guilty last November to misappropriating DuPont data and is scheduled to be sentenced on March 29. His case is only the latest to highlight a lack of internal controls at many companies for dealing with insider threats. In February, a cell development technologist at battery maker Duracell admitted to stealing research related to the company’s AA batteries, e-mailing the information to his home computer and then sending it to two Duracell rivals.

Dealing with such risks can be challenging, especially in large corporations, says Tom Bowers, former manager of information security operations for the global security division of Wyeth Pharmaceuticals Inc.

“I am not at all surprised” about what happened at DuPont, says Bowers, who is now managing director at Security Constructs LLC, a Fleetwood, Pa.-based consultancy. “When you have a huge multinational like that, your security department is never really going to fully have any realistic idea of where or how the information is flowing,” he says.

But there are ways to mitigate the risks and keep track of what’s going on inside the firewall. Experts suggest taking the following steps:

1 Get a handle on the data. It’s impossible to set controls for sensitive and proprietary information on your network if you don’t even know where that data is.

An organization’s sensitive data is widely distributed throughout its network, says Eric Ogren, an analyst at Enterprise Strategy Group Inc. in Milford, Mass. Important data resides not just in databases, but also in e-mail messages, on individual PCs and as data objects in Web portals. Sensitive information also comes in many forms, including credit card and Social Security numbers. And trade secrets can be found in many types of documents and files, such as customer contracts and agreements and product development specifications, Ogren says.

Implementing one set of controls for all data types can be inefficient and impractical. Instead, categorize data and choose the most appropriate set of controls for each data class. Tools that automatically scan company networks and identify where sensitive data resides are available from vendors such as Reconnex Inc., Tablus Inc. and Websense Inc., and such products are growing in number. Many of these tools can be used to separate data into different categories based on policies defined by a company.



insider threat

Additional Resources
ESG - What's Needed for Cloud Computing
WHITE PAPER
Just what is cloud computing anyway? Skeptics might say it is nothing but industry hyperbole, visionaries might say it is the future of IT. In reality, both statements are true - cloud computing has been embellished by the tech industry but it does hold real potential for new types of on-demand dynamic IT services. This paper seeks to clarify the definition of cloud computing, identify how far along users are in terms of cloud deployment, and examine the role of the network in the cloud computing model.
Driving Storage Efficiency in SAN Environments
WHITE PAPER
This ESG paper outlines the considerations for architecting an efficient SAN data storage infrastructure with a focus on the NetApp solutions for increased utilization, improved performance and streamlined protection to reduce operational costs.
Get a Quick ROI from Being Green
WEBCAST
The menu of green initiatives is long, but how do you get an early win with a solid ROI? Enterprise Print Services address sustainability issues well beyond paper usage. Learn how you can get an assessment of enterprise printing to identify underutilized devices, reduce energy consumption, cut waste, and free-up valuable space.
What People Are Saying
Security White Papers
Backup and Disaster Recovery eGuide
As the digital universe grows beyond imagination, enterprise IT executives face the daunting task of keeping their little pieces of it backed up...
Forrester Research: Know your Facts: Understanding The Realities Of Desktop And Application virtualization
Read Now.
Windows 7 Migration Made Easier with Desktop Virtualization
Read Now.
Virtualization 2.0: The Desktop Revolution
Read Now.
Securing Data in the Cloud
This document is intended to give a broad overview of our security policies, processes and practices.
All Security White Papers
Security Webcasts
Desktop virtualization keys innovation drive
View now.
Survival Guide: Overcoming the Obstacles to Effective Risk Management
This virtual meeting for IT managers and CIOs is based on a new IBM study. Senior Vice Presidents and a Chief Technology Officer...
The Evolution of Managed File Transfer
Managed file transfer has evolved greatly from its earliest meaning of scheduled FTP to today's meaning of complete file governance, including visibility, enforcement,...
How to cut software management costs and avoid over-spending in the future
View now!
Get a $20 Amazon Gift Card - Just watch a Demo
View now!
All Security Webcasts
IT Jobs