10 things to keep in mind when securing sensitive data

by CXOtoday News Desk    Jul 12, 2013

ten points

While the security risks associated with sensitive data was always a concern for businesses, the complex corporate environment that is increasingly relying on mobile workers and collaboration between geographically dispersed groups have increased the scope of the risk. Tom Clare, Senior Director Product Marketing Management at Websense discusses 10 quick points for CSOs to consider when keeping sensitive data secure and protected against data theft:

1. Endpoint Protection - Intellectual property (IP) and confidential data is often in-use on endpoints, putting it out of reach of the protection offered by simple pattern data loss prevention (DLP) controls in firewalls and gateways. DLP endpoints can protect on and off-network devices to control what is copied, printed or transferred. This also includes data moving to portable media drives.

2. Portable Encryption - When data must be moved off the network and off the endpoint, you can enforce encryption for tighter control of that information.

3. Enterprise DLP Controls - The differences between simple pattern-matching DLP solutions from fuller, enterprise-grade protection include: data registration, advanced machine learning of data, data categorization as it is created, and defined policies for all content that matters to your organization’s success.

4. Prevention Polices Protect Property - Often projects stall in data discovery and monitoring phases. To avoid this, start with a small set of confidential data and work the project all the way through to prevention. You could secure your most sensitive data within 6-8 weeks!

5. Remediation and Auditing - Moving to DLP prevention policies can cause an unfounded fear of stopping data-in-motion and business processes. The key to solving this is to implement DLP solutions that allow end users to provide explanations for data use and self-remediate. This keeps data flowing while allowing visibility to administrators.

6. DLP as a Defense - Security gateways that use DLP as a defense are critical when detecting password file theft, use of criminal encryption and slow data leaks over time. Geo-location destination awareness and incident reporting through forensics can provide important data theft information for mitigation and post-incident analysis.

7. Image Text Analysis - Smartphones and camera-enabled devices now make it very easy to capture data. In addition, many times the sensitive data you are looking to protect are images themselves. The top DLP solutions now provide the ability to use optical character recognition (OCR) to analyze text within images and prevent data exposure.

8. Malware and Hacking - We must recognize that DLP and data protection also hinge on solid defenses against advanced threats, malware and hacking. Implementing enterprise DLP without reviewing web and email gateway defenses is a common mistake. Traditional defenses such as AV, firewalls and URL filtering continue to be less effective. Therefore, it is essential that we look for real-time defenses that are put into action at the point-of-click.