Description: Data theft is one of the biggest security headaches for companies today. Joe Fantuzzi of Workshare explains how all networks are vulnerable and the steps you can take to secure them.
I'm Joe Fantuzzi, CEO at WorkShare. Today I'm here to talk to you about confidential data loss. This is happening everywhere. In the last year alone, 30 companies and governments have been reported as having major gaffs of information leaving the inside of their data networks out to somebody outside of the organization where there was a risk of loss. Let me talk about examples at work, on plane or at home for mobile warriors and other mobile warriors who are at customer sites.
Let's take the first example. SoftBank, an organization that is in Japan, recently lost a thousand names and addresses of Yahoo email people, and they lost also some personal social security information. What happened in that case is that SoftBank had to pay $40 million for those thousand names. That's a $1,000 per name.
Another example close to home is the Veteran's Administration. The VA lost 26.5 million names of VA records from 1975 to present. Those records cost U.S. taxpayers $16 million to set up a call center just to notify all those people, and now there's a class action lawsuit of $26.5 billion against the VA and the U.S. government for that loss. A third example is Ernst & Young. At a customer site called Hotels.com, one of the Ernest & Young folks actually moved information out, 250,000 names, and we've yet to know what the cost is going to be.
Now how do these things happen and what are ways technology can help prevent confidential data loss? Let's look at the at work example. In that case, what actually happened is information that was not analyzed went through the corporate firewall, through the internet to the undisclosed recipient. What should have happened is using technologies known as keywords and numeric matching for in this case the social security numbers, what would have happened is the organization analysis would have been to take that email which went through a document attachment and bounce it back to the user saying this is not allowed. Would have prevented that loss, and a $40 million fine.
In the case of the VA, there's a similar set of technologies. What happened here is that the information moved in a theft at a gentleman's home. The employee took the data home and it moved directly to the person who stole the laptop from home. Now how could that have been prevented? There are ways to do that. One is to use something called encryption and coupled with something called rights management. Encryption for data in transit would actually lock down that data, scramble it, so that when the user closed his laptop, no one would be able to use that information. And then if somebody did get hold of that information at the other end, rights management could have self-destructed the information because they were undisclosed recipient upon entering their name or their password.
The final situation at Ernst & Young is even more subtle. This employee wanted to move confidential information from the Hotels.com site but was blocked either by a firewall at the Hotels.com site or wouldn't get the information back here to be checked for confidentiality to whom he was sending it to. What he actually did was use the personal email that actually moved the information through the internet without that checking at a safe zone at his corporation. And what he did was sent that information inadvertently to the wrong person, creating the gaff.
What could have solved that problem was the combination of two technologies. One is fingerprinting and the other is what we call end-point analysis. What would have happened in this case is the database that had the Hotels.com information would have been fingerprinted, the information would have been analyzed, and he would not been able to have sent that information out.
As we've seen, vulnerabilities exist that lead to large organization and personal costs at work, on the road and at a customer site. There are technologies that exist that can help you at work, they can help you on the road, and they can help you whether you're at a customer site to secure against these types of confidential data loss.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Is it time for "Radical Change" in IT?
-
We need to get back to freethinking and innovation that is core to our roots. Companies like Intel were founded on thoughts like the famous quote from Robert Noyce - "Don't be encumbered by the past, go out and do something wonderful."
- Read the impassioned view on IT@Intel Blog >>
