All too often, it takes a high-profile case such as the accusations surrounding insider trading involving the Galleon Group to get organizations to think about the security of their most sensitive data. We don't know all the mechanisms that were purportedly used to share illicit information among the people being investigated, but chances are they involved everything from faxes to file transfer software, electronic mail and USB drives.
The takeaway from all this is that most companies are woefully lacking in terms of setting up policies related to data security. The good news is that progress has been made in the form of data loss prevention (DLP) software, encryption and access control technologies. The next step, as evidenced by a recent announcement from Symantec, is to start bringing all these capabilities together under a common policy management framework.
Symantec recently announced the release of Data Loss Prevention 10. The company is adding the ability to apply encryption and rights management software to data at rest using technologies developed by GigaTrust, Liquid Machines, Oracle or PGP Corp.
The Symantec announcement is significant because it first helps close a security gap in terms of how data is managed and then, secondarily, sets the stage for future conversations around the need for a federated approach to securing data that spans multiple products and technologies from different vendors.
Once those standards are in place, it would then be a lot easier to implement a policy-based engine that would allow IT organizations to create a comprehensive approach to managing data security. Until that happens, all we have is a series of point products that, even when implemented, leaves seams open to be exploited. In the meantime, Symantec deserves some credit for starting the process by reaching out to other vendors in the data security space to try to close some of the gaps.