Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Six Ways To Stop Data Leaks

A data breach at DuPont offers timely lessons for thwarting insider threats.

March 19, 2007 12:00 PM ET

Computerworld - During the five months when Gary Min was stealing $400 million worth of proprietary information from a DuPont database, he downloaded and accessed more than 15 times as many documents as the next most active user of the system. But he wasn’t caught until after he left the company for a rival firm.

Min pleaded guilty last November to misappropriating DuPont data and is scheduled to be sentenced on March 29. His case is only the latest to highlight a lack of internal controls at many companies for dealing with insider threats. In February, a cell development technologist at battery maker Duracell admitted to stealing research related to the company’s AA batteries, e-mailing the information to his home computer and then sending it to two Duracell rivals.

Dealing with such risks can be challenging, especially in large corporations, says Tom Bowers, former manager of information security operations for the global security division of Wyeth Pharmaceuticals Inc.

“I am not at all surprised” about what happened at DuPont, says Bowers, who is now managing director at Security Constructs LLC, a Fleetwood, Pa.-based consultancy. “When you have a huge multinational like that, your security department is never really going to fully have any realistic idea of where or how the information is flowing,” he says.

But there are ways to mitigate the risks and keep track of what’s going on inside the firewall. Experts suggest taking the following steps:

1 Get a handle on the data. It’s impossible to set controls for sensitive and proprietary information on your network if you don’t even know where that data is.

An organization’s sensitive data is widely distributed throughout its network, says Eric Ogren, an analyst at Enterprise Strategy Group Inc. in Milford, Mass. Important data resides not just in databases, but also in e-mail messages, on individual PCs and as data objects in Web portals. Sensitive information also comes in many forms, including credit card and Social Security numbers. And trade secrets can be found in many types of documents and files, such as customer contracts and agreements and product development specifications, Ogren says.

Implementing one set of controls for all data types can be inefficient and impractical. Instead, categorize data and choose the most appropriate set of controls for each data class. Tools that automatically scan company networks and identify where sensitive data resides are available from vendors such as Reconnex Inc., Tablus Inc. and Websense Inc., and such products are growing in number. Many of these tools can be used to separate data into different categories based on policies defined by a company.



Jump to comments

insider threat

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs