Preventing the breach

Opinion
Aug 5, 20092 mins

Discovery and regulatory compliance are the main reasons for holding on to things after their immediate business use has passed. Participants in Nemertes security research tell us that the most burdensome regulations – in terms of cost to comply – are the privacy-related regulations that require protection of confidential information. UC adds new categories of data – voice and video — to the mix, requiring both protection and some kind of content tagging for discovery purposes.

Prevention of data privacy breaches relies on procedural protections like separation of duties; access controls on files and database records and fields; and passive defenses such as disk encryption for laptops. These can apply equally well to UC-derived voice and video content as to more traditional forms of data (text, data bases, spreadsheets).

Active defense is growing in importance, with the increasing use of data leak prevention (DLP). DLP is the process of stopping sensitive information from unintentionally (or intentionally) leaving the organization. There are a number of vectors for DLP, with e-mail being the predominant one; so, unsurprisingly, the bulk of DLP solutions target employee e-mail. About a third of the companies we work with are using some kind of DLP solution. Of these, two-thirds are either using a DLP appliance or mail/web scanning service. Both solutions monitor outbound e-mail for potential leaks. Some systems just stop the e-mail and alert a security administrator, while others retain suspect files or content and send the recipient a Web link. The recipient is then able to authenticate him- or herself and download the suspect content over a secure Web link.

As the organizational cost of dealing with the aftermath of a breach rise, the use of DLP solutions — endpoint, appliance or managed service — is sure to continue to rise as well. But, solutions will have to be found to bring UC voice and video streams into the fold in a supportable, affordable way.