Your Data And The P2P Peril - InformationWeek
11:15 AM
John Foley
John Foley
Connect Directly

Your Data And The P2P Peril

Usher, 10,000 BC, and your company's confidential spreadsheets could all be out there for the world to grab. Here's how these data leaks happen and what you can do to prevent them.

What might have been a minor breach of IT policy at Pfizer last year cascaded into a serious security incident when the personal data of 17,000 employees and former employees leaked onto a peer-to-peer network. Connecticut's state attorney general, concerned that state residents were at risk, launched an investigation. At least one former employee filed a lawsuit against the company.

It all started when the spouse of a Pfizer employee used file-sharing software on a company laptop, presumably to swap music or other content with other P2P users. Unknowingly, the laptop user also exposed 2,300 work files, including those containing sensitive Pfizer employee data--names, Social Security numbers, addresses, and bonus information resident on the laptop.

InformationWeek Reports

Pfizer isn't the only company to have its sensitive data exposed in this way. A former employee of ABN Amro Mortgage Group last year exposed spreadsheets with personal data on 5,000 customers from a home computer loaded with the BearShare file-sharing program. And last fall, a terrorist threat assessment of Chicago's transit system, completed by Booz Allen Hamilton under contact to the Federal Transit Administration, surfaced on a P2P network.

An End To Data Leaks
Find out about extrusion-prevention systems that can drop attackers in their tracks.
The problem of business data being leaked onto P2P networks by unsuspecting users isn't new, but it's getting worse. Researchers with the Center for Digital Strategies at Dartmouth College's Tuck School of Business, pointing to a rise in P2P usage and the decentralized nature of P2P networks, have concluded that file sharing is a growing security threat to business. File-sharing programs account for three of the top 10 apps on CNET's And it's not just an internal issue; customers and business partners are frequently the sources of P2P data exposure.

To gauge the seriousness of the situation, we launched an investigation to see what kind of corporate data could be found on the popular Gnutella network. We discovered spreadsheets, billing data, health records, and more. (See our full report, "Our P2P Investigation Turns Up Business Data Galore".)

Used as intended, file-sharing programs and P2P networks can be a cheap, easy way for people to share content, and they're a popular channel for distributing open source software. Despite their association with illegal music sharing, not all P2P networks are equally dangerous when it comes to business data. The BitTorrent client and protocol, which employ centralized servers, are less prone to inadvertent file sharing than decentralized networks like Gnutella.

It's the improper or careless use of P2P that should worry IT departments. What can go wrong? Users sometimes mistakenly file a spreadsheet in the same folder they store music files or check the wrong box when configuring the P2P client and, voilà!, their corporate documents are out there for everyone to see.

Impact Assessment: Proceed With Caution On P2P

(click image for larger view)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
5 Data and AI Trends for 2019
Jessica Davis, Senior Editor, Enterprise Apps,  1/7/2019
Act Now to Reap Automation Benefits Later
Guest Commentary, Guest Commentary,  1/3/2019
Cloud Trends: Look Behind the Numbers
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  12/31/2018
Register for InformationWeek Newsletters
Current Issue
Enterprise Software Options: Legacy vs. Cloud
InformationWeek's December Trend Report helps IT leaders rethink their enterprise software systems and consider whether cloud-based options like SaaS may better serve their needs.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll