Secure your enterprise data

Regulations and a fear of banner headlines put the focus on data, not network, security

Building barriers

Some of those measures can be straightforward. Companies seeking to protect data on laptops and other mobile devices have been a boon to top-tier data encryption vendors such as RSA and PGP.

Even at PKWare, makers of PKZip, simple encryption features that work across diverse platforms have helped drive sales. Data security now accounts for half of the company's business, compared with just 20 percent three years ago, says Todd McLees, vice president of marketing.

As CDS has discovered, start with the obvious and build from there. The company used a layered approach to get a handle on external security -- with standard security measures such as firewalls, VPNs, and SSL encryption -- then added configuration control technology from Tripwire. More recently, McCarthy says, CDS has deployed outbound filtering technology from Palisade Systems that can do packet-level inspection and spot data such as credit card numbers that might be traversing the company's network or leaving the company over FTP or HTTP.

CDS has gone further than tackling sensitive data as it flows among authorized employees inside the company. It also has determined the behavior of hundreds of companies that contract with the magazines CDS works with, many of which pay far less attention to data security -- and may send spreadsheets or CDs with sensitive subscriber data to the company.

Nonetheless, the threat of a Gary Min-style rogue insider looms large. The goal, McCarthy says, is to put up enough barriers that it becomes almost impossible for a lone insider to do significant damage.

"You want to reduce it to the point where nobody can act alone and do something," McCarthy says, "where you need a conspiracy of persons to make it happen."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ACTDLPDuPont AustraliaExposureFBIHISMicrosoftNASAOraclePGPPKWareRSASAP AustraliaSASTripwireVIA

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Paul Roberts

Latest Videos

More videos

Blog Posts