Put Up A Strong Defense - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:00 PM

Put Up A Strong Defense

Emerging security technologies monitor and encrypt data to defend against internal threats as well as outside ones

High-profile security threats such as the Sober worm and vulnerabilities in Microsoft software grab a lot of the attention, but most companies this year will be looking to control the biggest threats of all--the ones initiated within their own businesses.

Customized outbound data searches will be part of the Houston Texans' defensive strategy.

Customized outbound data searches will be part of the Houston Texans' defensive strategy.

Photo by Marin Media
The growing use of blogs, chat rooms, Internet postings, instant messages, and E-mail have increased the risk of proprietary information being leaked, knowingly or inadvertently, into the public domain or where it shouldn't be. Employee training, enforcement of security policies, and careful screening during hiring can reduce the threat, but emerging technologies also are playing an increasing role. Among the latest are software to monitor messages sent from mobile devices, technology that provides more comprehensive encryption of data, and real-time blocking and encryption of voice-over-IP messages.

In extreme cases, data-protection measures could thwart insiders, such as disgruntled employees or ex-employees, looking to post sensitive data on the Web from their employer's databases, as William Sutcliffe did after being fired in 2001 from telecommunications provider Global Crossing. Sutcliffe created a Web site containing personal information, including Social Security and phone numbers, home addresses, and birth dates, of as many as 8,000 Global Crossing employees and provided links to Web sites that described how to use this information to commit identity fraud. He was caught and sentenced to 46 months in prison.

Bad Choices

Most security breaches by insiders are unintentional. They come from employees who make ill-advised or uninformed choices regarding storage of their passwords, the Web sites they visit, and the E-mails they send. The Computing Technology Industry Association's annual survey on IT Security and the Workforce trends, to be published in March, indicates that nearly 80% of corporate security breaches are caused by computer-user error. One in four outbound E-mails poses a legal, financial, or regulatory risk to the sending company, according to a 2005 survey conducted by Forrester Research and messaging security software maker Proofpoint Inc. of 332 IT executives and managers. Companies expect insider risks to grow, and nearly half of survey respondents plan to deploy technology to monitor Web mail or instant messaging to combat these threats.

Among the challenges are the growing number of methods-- such as PDAs and smart phones-- for transmitting sensitive data out of a company. Security software maker Workshare Inc. plans to release a new version of its Protect software in February that monitors messages sent from mobile devices. The company also will partner with an encryption-technology company to deliver software that encrypts information sent outside business networks.

Rating The Risks
25% of outbound E-mails contain content that poses a legal, financial, or regulatory risk
  36% of companies employ staff to read or analyze outbound E-mail
47% intend to deploy technology for monitoring Web mail or IM traffic
70% are concerned about the use of Web-based E-mail to expose confidential data
77% say preventing intellectual-property and trade-secret leaks is their top E-mail concern
Data: Forrester Research and Proofpoint survey of 332 IT executives and managers
The integration of encryption capabilities with content-monitoring software will help companies ensure that even when sensitive data gets out, no one else can access it. A more formal approach to encryption also will alleviate the need for security pros to resort to ad hoc approaches to encryption.

"Rogue encryption is a danger from insiders who develop their own encryption schemes for their companies to use," says Jim Pante, president and CEO of security software maker Tablus Inc. and a former law-enforcement officer. They end up making it difficult to decrypt messages, Pante says. Tablus expects by the end of February to make encryption available as part of its Content Sentinel software.

Security controls on all types of outbound information are particularly important when defending against inside breaches. Blocking and encrypting voice over IP in real time as it travels over the network is a new requirement, says Kurt Shedenhelm, president and CEO of Palisade Systems Inc., a provider of software for inspecting network communication. "The challenge is decoding the voice message in real time," he adds. "We're within nine months of being able to understand and decode VoIP protocol and messages." The ability to block VoIP content in real time is likely to take longer to develop, but it's coming.

Best Defense

Technologies that protect against insider threats help all kinds of businesses. As the Houston Texans football team prepares to make the first-round pick in April's NFL draft and searches for a new head coach, it has many reasons for guarding its communications. The Texans use Vericept Corp.'s content-management software to monitor network activity and Palisade's Packetsure software to block sensitive information from being leaked.

Texans IT director Nick Ignatiev knows a strong defense is his best offense, and he's looking downfield at new technologies. Ignatiev's team is tweaking Packetsure so that it can customize outbound data searches to look for intellectual property specific to the football organization, including text and diagrams that would indicate files containing the team's plays. "It's a project that's been on the list for a while but is now rising to the top," Ignatiev says, "thanks to the growing interest in network security."

Continue to the sidebar:
Mind-Reading Voice Analyzer On Tap

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll