Tuesday, October 13, 2009

"Protect the Data" -- What Data?

This is another follow-on from my "Protect the Data" Idiot! post. If you think about the "protect the data" mindset, it's clearly a response to the sorts of data loss events that involve "records" -- credit card records, Personally Identifiable Information (PII), and the like. In fact, there's an entire "product line" built around this problem: data loss prevention. I wrote about DLP earlier this year in response to the rebranding effort taken by vendors to make whatever they sold part of the DLP "solution."

What's interesting to me about "protect the data" in this scenario is this: "what data?" Is your purpose in life to keep PII or other records in a database? That's clearly a big problem, but it doesn't encompass the whole security problem. What about the following?

  • Credentials used to access systems. For example, intruders often compromise service accounts that have wide-ranging access to enterprise systems. Those credentials can be retrieved from many locations. How do you protect those?

  • Systems that don't house PII or other records, but do serve critical functions. Your PBX, HVAC control system, routers, other network middleboxes, etc., are all important. Try accessing "data" without those devices working.

  • Data provided by others. The enterprise isn't just a data sink. Users make decisions and work by relying on data provided by others. Who or what protects that data?


Those are three examples. If you spend time thinking about the problem you can probably identify many other forms of data that are outside the "DLP" umbrella, and outside the "protect the data" umbrella.

2 comments:

Kevin Rowney said...

Here:
"the protect the data mindset, it's clearly a response to the sorts of data loss events that involve 'records' "

...you invoke one of the more common misconceptions concerning the limits of Data Loss Prevention tech. The innovation that got this space off the ground: new search algorithms for detection of both unstructured IP and database records.


Highly accurate search and protection is now possible on engineering design documents, source code, M&A transaction terms, exec memos, etc....

Furthermore, you go on to ask:

"What about the following?
* Credentials used to access systems. [..]
* Systems that don't house PII or other records, but do serve critical functions. [..]
* Data provided by others. [..]"

Point by point:
>> Login credentials can in fact be indexed and searches unleashed to detect exposure. The new (well new as of 2001) algorithms I mentioned above are highly effective at running accurate search on exactly this kind of case.

>>Systems that don't house PII that have no data of any sort are obviously not a ICRM risk management target, but frankly, availability issues are rarely a reason to pursue such protections. Confidentiality is usually primary.

>> Data flow provided by third parties is often a big reason enterprises are engaging in DLP deployments. Primary reason here is the identification of broken business processes.


We may have done a poor job at getting the word out far and wide on this matter, but DLP is now widely in use protecting a broad range of classes of data far outside of just PII/records/CC#s etc..



Kevin

Anonymous said...

Inaugural NetWitness user conference November 4&5, Ronald Reagan Building, Washington DC

NetWitness is holding its inaugural user conference next month and we'd like you to attend as a VIP!
This action-packed two-day event will include a FULL DAY of advanced NetWitness NextGen training, followed by a rich day of customer presentations and panels, problem-solving use cases, and lots of new information about upcoming NetWitness innovations.
• Meet key NetWitness development and engineering staff and executives.
• Exchange ideas and use cases with fellow NetWitness government and commercial customers, partners, and end users.
• Dramatically improve your skills and learn new and valuable uses for NextGen.
• Discover advanced topics such as FlexParser, Rule Creation, and Live Feed development...and much more.
Cost for NetWitness Customers and Freeware Users: FREE!
(you just need to get to Washington DC).
Please feel free to pass this invitation to any of your staff members who may be interested in the event. Advance registration is essential as space is limited.

The conference information page contains additional details regarding the conference, area hotels, and the preliminary agenda. If you need additional information, please contact: userconference@netwitness.com or your NetWitness Regional Sales Manager.
http://www.netwitness.com/userconference.html

Agenda Located at:

http://www.netwitness.com/userconference_agenda.html

NetWitness Corporation, the leading provider of next generation network monitoring and threat analysis solutions, announced several milestones today demonstrating major momentum in the U.S. Government market