Are Your Employees Leaking Sensitive Information?

Ralph DeFrangesco

You are doing all the right things; you scan for viruses in e-mail; you limit attachments; you have an acceptable use policy that each employee signs yearly; you train on e-mail usage at new employee orientation; and against the wishes of some in the business, you disable USB ports so no one can accidentally unleash a virus into your network.


You come into work one day and are called into the CIO's office only to be told that someone is sending secrets to a competitor through e-mail. You asked how they know, and you are handed e-mail with the evidence as clear as Times New Roman font.


Sound like something that could happen to you? Of course it does, to you and everyone else not using Data Loss Prevention (DLP).


What is DLP? It is a technology that allows security professionals the ability to inspect, classify and apply policies on how to secure data that flows in, out and around your network. This includes data in motion, like e-mail, and data at rest, such as info in a SAN. DLP varies according to vendor implementation and can include appliances, software and services. These tools allow security professionals to do deep-packet inspection, identifying what is important to the business and apply a set of rules via policy across the organization.


American Apparel learned its lesson recently when someone from within the organization leaked e-mail from the CFO that the compnay was nearly bankrupt. This caught the attention of the Securities Exchange Commission, which is now launching an investigation of the company.


Top vendors in this space include RSA, the security division of EMC. Reconnex and Websense were named top leaders cited in a 2008 Forrester report. Verdasys, Vericept, and Trend Micro round out my list.


Remember, security must be implemented in a layered fashion. No one product can do everything, and although we do everything we possibly can -- and that money will allow -- data will find a way out of the organization. People manage systems and people are the weakest link in the security model. DLP just gives us one more tool to strengthen the link.

Add Comment      Leave a comment on this blog post
Mar 4, 2009 3:11 AM Hank Hank  says:

I can see this as being a serious problem - good article. Companies want to protect their IP.

Mar 5, 2009 12:34 PM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Hank


You hit the nail right on the head. Even though I did not say Intellectual Property (IP), this is what we are really talking about. IP can include things like: client lists, new product specifications, M&A activity, and business strategy documents.

Thank you for taking the time to comment,


Mar 10, 2009 12:48 PM Miles Technologies Miles Technologies  says:

"Remember, security must be implemented in a layered fashion." - Great point!  Information security is essential to any business and it truly does require a multifaceted approach in order to be effective.  Miles Technologies provides comprehensive information security solutions, including assessments that evaluate everything from a company's physical facility to its employees' knowledge of security policies and procedures.

Mar 11, 2009 3:51 AM blogster blogster  says:

It is written. Thou Shall Not Steal.

Mar 12, 2009 1:23 AM Hank Hank  says: in response to blogster


Good words to live by and if everyone did it, it would be a wondeful back down to reality. Employees are going to steal. How do we protect IP?


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.