Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Management still ‘a challenge’ to data leakage protection, says Axway (formerly Tumbleweed) guru

  • 22 May, 2009 10:19

<p>In the evolving ‘war’ over at-risk information on enterprise networks, data leakage protection (DLP) technologies are heading in the right direction. But according to Dr Taher Elgamal, Chief Security Officer of Axway Inc. (formerly Tumbleweed Communications), and an industry leader in information security, overall management remains a challenge.</p>
<p>A global expert in information security, Dr Elgamal addressed the AusCERT2009 information security conference. He is recognised in the industry as the 'inventor' of SSL. According to Dr Elgamal, DLP is a key aspect of managing enterprise networks that host at-risk critical data.</p>
<p>He said: “Current technologies and products are heading in the right direction, but overall management remains a challenge. Yet it is possible to focus on important applications and deploy aspects of DLP without affecting managing the rest of the network or applications.”</p>
<p>Dr Elgamal said networks and applications were designed without taking into account overall data security. The connectivity of all organisations’ networks to each other through the Internet was never designed, but “just happened” leaving many gaps in security.</p>
<p>With multiple applications accessing the same data, the threat of sensitive data or intellectual property electronically leaving an organisation grows daily. The number of entry (and exit) points to an organisation’s network far exceeds the number of machines or even users. Closing one exit point provides no value – the organisation needs an overall protection strategy, said Dr Elgamal.</p>
<p>The problem is complex: critical information is usually stored on multiple networks running with multiple policies without any control from the information “owner”. Identity theft is one of the most difficult situations to protect against - a single incident can cause huge losses of consumer records, plus loss of reputation.</p>
<p>Dr Elgamal said that although governments and industry regulators were calling for protection of information, the tools were not yet mature. Many PCI certified businesses are still being attacked successfully, indeed organisations were being deceived by the regulations.</p>
<p>Implementing regulations was often more expensive than solving the actual problem at hand. He suggested five steps to satisfying regulations, and preventing intellectual property leakage and loss of customer and third party information:</p>
<p>1. Understand what data the business handles and needs
2. Establish organisational policies
3. Improve awareness across all business functions
4. Understand the regulatory landscape
5. Establish the architecture, technologies and products and start implementation</p>
<p>Dr Elgamal said security solutions had to be considered ongoing business processes rather than one time solutions – “this is about the business, NOT about IT.” Solving the compliance problem is usually the driver for customer buying the solutions, driving vendors to satisfy regulations rather than attempting to solve the problem.</p>
<p>“Enterprise DLP solutions do not have the capacity to monitor data locally managed at an endpoint (personal email, mobile device), and it is difficult to thwart insider threats if the endpoints are not guarded. Also encrypted data can cause problems if the enterprise does not manage the encryption well.”</p>
<p>Dr Elgamal said a combination of the solutions was necessary for a complete system, while policies at the servers and at the endpoints required different modes of management. “The “ultimate” solution will not happen until the industry knows how to describe policies for content independent of where and how the content is accessed.”</p>
<p>He said the most effective applications provide content scanning embedded in the data flow itself. These caused no problems with encryption if the application provided this, since the data could be analysed prior to encryption. Combining the DLP engine and its interaction with enterprise policies in a single management infrastructure with the application saved time and effort.</p>
<p>About Axway</p>
<p>Axway recently merged with Tumbleweed Communications to become the leading global provider of multi-enterprise solutions and infrastructure, serving over 11,000 organizations in more than 100 countries. Axway speeds and secures business interactions – both inside and outside the enterprise – by optimizing the way information is moved, managed and protected. Powered by Synchrony™, a multi-enterprise service-oriented framework, Axway’s customers can “start anywhere, use anything” to complement their existing infrastructures. Axway’s comprehensive offering includes: business-to-business integration, managed file transfer, secure email, business activity monitoring, enterprise application integration, service-oriented architecture, business process management, track &amp; trace and identity validation solutions. Axway provides professional and managed services, as well as cloud computing and Software-as-a-Service (SaaS) offerings. Headquartered in Scottsdale, Arizona, Axway’s global presence spans 20 countries.</p>
<p># # #</p>
<p>For more information</p>
<p>David Frost
PR Deadlines, for Axway
Phone: +61.2.4314 5021 or +61 (0) 408 408 210
Email: davidf@prdeadlines.com.au</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release