Are Innocent Insiders Taking Away Your Data?

Transcription

1 White paper Cyberoam Endpoint Data Protection Are Innocent Insiders Taking Away Your Data? Data Protection & Encryption Device Management Application Control Asset Management

2 Contents Data Originates At Endpoints... 3 Removable Devices and Applications Complete the Data Loss Threat... 3 Silent Data Loss - Are You a Victim?... 3 Data Security Stays Only As Good As the User... 4 How Are Your Employees A Threat To Your Data?... 4 Employee Lethargy Insider Errors Ignorant Insiders Cyberoam Endpoint Data Protection... 7 Conclusion... 7 Cyberoam Endpoint Data Protection

3 DATA ORIGINATES AT ENDPOINTS Data locked in your data centers through physical and IT security measures may look secure. But, how was this data created? Every bit of data residing in your data centers comes from users' endpoints, where they work on it. In the process of creating data, the user may have transferred/shared the file for internal approvals, information sharing, and more, using applications like s, Instant Messengers, and FTP. Periodically, sensitive data is retrieved from the data center for use by users - albeit with the required identity-based access controls - to be referred to, work upon, update or simply share with other colleagues. SILENT DATA LOSS - HOW IS IT HAPPENING? % of removable media incidents involved data with no protection - KPMG Data Loss Barometer - 12,500 handheld devices are forgotten at the back of taxis every 6 months in UK Credant Technologies 62% of removable media incidents are internal; only 27% of them are external KPMG Data Loss Barometer 59% of employees shifting from one organization to another carry confidential information with them Ponemon Report Does your organization take enough care that sensitive data is removed from all endpoints viz. PCs, laptops, pendrives, FTP, s, and more, that may have received it, once its purpose is completed? If not, sensitive data may still be lying unmonitored and unprotected over your endpoints! With no endpoint data protection in place, organizations have little idea of what happens with data at their users' endpoints: How long does data stay on users' endpoints? Confidential data like product, financial, human resource, marketing as well as potentially embarrassing data might be residing on endpoints indefinitely - out of reach of data security administrators. Who all have access to this data? When users routinely place data within a shared folder, offering shared rights to all within the network, there is little data security. How and when is the data modified, deleted or transferred? Lack of track of such actions over data files can lead to loss of critical data. REMOVABLE DEVICES AND APPLICATIONS COMPLETE THE DATA LOSS THREAT The ubiquitous use of removable devices like USBs, CDs/DVDs, MP3s, digicams; and applications like Instant Messengers, P2P, FTP and more, offer innumerable methods for data transfer that highly increases the chances of data leakage. Of importance is the fact that such transfer is highly insecure. According to the Open Security Foundation Data Loss Database, during 2008, 24 mn or 34% of all records reported lost were a result of these devices and media. SILENT DATA LOSS - ARE YOU A VICTIM? TJX, Dupont and AOL make it to the headlines for the high profile and high volume data loss incidents that took place in these organizations. For most organizations, it is easy to dismiss fears of such data loss incidents as the stuff that happens to others. Yet, given the increasingly flexible data transfer practices as well as the extensive presence of data over endpoints, you can easily become a victim of silent data loss. A report from Vista Research states that 70% of security breaches, involving losses of over $100,000, are perpetrated from inside the enterprise. Thus, despite the fact that your data centers are quite secure and their access to internal or external users highly regulated, data loss at users endpoints is leading to silent yet significant loss of resources, without your knowledge.

4 DATA SECURITY STAYS ONLY AS GOOD AS THE USER It's true that organizations with best security practices often have clearly defined data security guidelines in place and they educate users on safe data security practices. But, user endpoints are vulnerable. And as long as users remain lethargic, mistake-prone or ignorant where data security is concerned, they multiply the vulnerability factor by many times, placing organizations at data risk. Insider behavior like lethargy, ignorance and errors are larger causes of corporate data loss. Security guidelines can effectively protect data only in the presence of a strong endpoint data security solution that overrides threat posed by end users' actions and behavior. HOW ARE YOUR EMPLOYEES A THREAT TO YOUR DATA? Most security administrators perceive malicious intent arising out of disgruntlement and those leaving the organization as the leading causes of data loss via insiders. But, a study involving Fortune 1000 information security professionals revealed that over 90% of data loss incidents are non-malicious. This brings us back to the truth behind silent data loss - Risky Data Practices. Insider behavior like lethargy leading to lax security practices, ignorance and errors are the larger causes. Even if the organization defines data security guidelines, they are unlikely to be followed since they are viewed as a hindrance to work flexibility. Given this aspect of human nature, it is critical that deterring measures in the form of an endpoint data security solution are in place to ensure

5 60% corporate data lies unprotected on endpoints Lost USBs Lost Multimedia Discs Wrong Attachment Lost ipods The scenarios below give us a clearer picture of how silent data loss occurs through insiders' Risky Data Practices in organizations. THREAT FROM EMPLOYEE LETHARGY As long as employees do not cultivate data security habits, the problem of silent data loss remains. A user passes on his official USB pen drive to a colleague forgetting that he has to delete sensitive files stored in it or a user walking away from his computer without logging off are a few instances of employee lethargy in following organizational data security policies. SCENARIO* California-based Precision Technologies is a supplier of chip substrate, an important ingredient in chip making, to a global chip making firm. A major focus and stake in R&D has helped Precision introduce innovations in the product, faster than competitors. Product Manager Careen worked closely with the R&D team to define the product roadmap, rollout and marketing plans. During a presentation at a tradeshow in Taiwan, Careen shared her pen drive carrying a copy of her presentation, with her subordinate. Obviously, there was more than just the presentation in her 8GB pen drive! While her subordinate promptly returned it, he was able to access a lot more than he was authorized to and traded sensitive product details and plans with Precision s biggest competitor. The competitor launched the technology Precision was working on, before Precision did, resulting in a loss of $1.2 bn in sales to Precision. SOLUTIONS An Endpoint Data Protection solution could have helped Careen protect sensitive product information by encrypting either the whole pen drive or selected files in it. This way, she could have allowed her subordinate access to the presentation while making other sensitive information in the pen drive remain inaccessible to him. A data protection solution can block transfer of files with specific file names eg., confidential, business plan, and more, as well as pre-defined file extensions eg.,.jar,.xls. In Careen's case, access to confidential files in her pen drive could have been blocked to her subordinate. THREAT FROM INSIDER ERRORS According to a leading analyst firm, majority of data loss incidents are a result of employee error or oversight that is unintentional. Employee errors can leak data via , Instant Messengers, message boards, blogs and more. While organizational policy over who can post and what content to post to blogs and message boards is currently the most effective measure against these two, in case of s and Instant Messages, the problem needs to be tackled at the endpoint. Selecting the wrong recipient or attaching the wrong file while sending an are common examples of data loss on account of employee errors. SCENARIO* Brian was Manager (Wireless Systems) at Fullpoint Systems Inc., a supplier to leading national wireless carriers. Fullpoint entered into a partnership with a software solutions vendor to enhance their ability to meet some of the composite RFP requirements of the wireless carriers. Brian was asked to share specific RFPs and customer contact profiling with the new partner in exchange for some data from the

6 partner. Brian copied these from Fullpoint's database server and sent them via - except that he erroneously sent it to the address of his ex-colleague with the same first-name as the intended recipient, but was now working for Fullpoint's competitor. SOLUTIONS An endpoint data protection solution would have aborted Brian's attempt to send s to an unauthorized mail address or unauthorized user, thereby offering protection at Fullpoint Systems Inc. The solution could have protected sensitive data from going out by scanning the subject line, attachment or size of the . For example, Fullpoint could have created a rule, preventing any mail with attachments going to the ex-colleague from all but the human resource department. Or an with pre-defined subject lines or file names could have been blocked from going out of the organization itself. Employees are often unaware that their actions are unsafe, leading to data loss. THREAT FROM IGNORANT INSIDERS Employees are often unaware that their actions are unsafe, leading to data loss. The most often seen cause is the lack of communication of corporate security policies to new employees. Even in case of existing employees, it takes periodic re-communication of security policies for employees to remember these policies and take them into their work stride. SCENARIO* Prior to a meeting, Rose wanted to print a confidential document containing customer survey results and analysis for a new product her company was planning to launch. The printer next to her machine malfunctioned so she selected the shared printer on her office floor to take out the print. Before she could reach the printer, someone else took away the printed documents. Apparently, the other person, who was waiting at the printer to collect his documents, got hold of the confidential documents and left with them. SOLUTIONS Rose's organization could have blocked printing of sensitive documents from the shared printer to protect sensitive corporate data through an endpoint data protection solution. The solution could have saved a copy of the printed file on the organization's database server, also notifying the network administrator that a sensitive document was printed using a shared printer, helping in immediate action or in a security audit. *Fictionalized Scenario

7 Cyberoam Endpoint Data Protection Cyberoam Endpoint Data Protection protects the organization s endpoints from data leakage through Identity and group-based policy controls, encryption, shadow copies, logging, reporting and archiving. Cyberoam offers data protection and asset management in four easy-to-deploy and use modules Endpoint Data Security solution nullifies threats originating from risky data practices. Data Protection and Encryption Device Management Application Control, and Asset Management. CONCLUSION Tight access controls over data centers give a false sense of security to organizations that their sensitive data is safe within the center. However, with valuable data lying at employee endpoints, in most cases without the knowledge of data 'caretakers', risky data practices by employees like lethargy, ignorance and errors lead to data vulnerability. Coupled with easy availability of removable storage devices and data sharing applications, data sharing becomes effortless and results in silent data loss in organizations. An endpoint data security solution that protects the organization's endpoints from data leakage through Identity and group-based policy controls, encryption, shadow copies, logging, reporting and archiving is the immediate need for all organizations. It enables organizations to limit insider access only to trusted devices and applications when sharing data, nullifying threats originating from risky data practices. Toll Free Numbers USA : India : APAC/MEA : Europe : Copyright E l i t e c o r e Te c hnologiesltd. AllRightsReserved.Cyberoam & Cyberoam logo are registered trademarks of Elitecore Technologies Ltd. /TM: Registered trade marks of Elitecore Technologies or of the owners of the Respective Products/Technologies. Although Elitecore attempted to provide accurate information, Elitecore assumes no responsibility for accuracy or completeness of information neither is this a legally binding representation. Elitecore has the right to change, modify, transfer or otherwise revise the publication without notice.