Never Lose Trust: Protect Customer Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management

Never Lose Trust: Protect Customer Data

The information age has its dark side: data theft and privacy breaches. The proactive approach to safeguarding customer information starts with encryption for mobile devices. Next, consider the extra security measures implemented at Sharp Healthcare and Zions' Bank.

Discovering Sensitive Data

The most secure solution to the portable-data problem is to never store sensitive information on those devices, but that's simply not practical in business environments in which users expect unfettered access to information and have legitimate reasons for accessing, sharing and storing data. Instead, businesses do better to invest in technologies that help monitor where sensitive data resides and enforce data security policies.

Monitoring has been around since the first time someone reviewed a database access log. However, dealing with the typical enterprise volume of logs, sniffers and security systems demands an automated approach. Database activity monitoring software "sniffs" database queries to track access to particular data. When combined with business intelligence, this software can also look for abnormal access behavior, such as a DBA running a query on a list of credit card numbers or sales reps requesting information on customers outside their territory.

Content monitoring and filtering, also known as data-loss prevention, provides a benefit beyond encryption and rights management. For instance, while rights management applied to a spreadsheet can prevent unauthorized e-mailing of that spreadsheet, content monitoring can dissect e-mail messages to ensure that the content of a spreadsheet hasn't simply been re-typed to avoid rights-management controls.

"The next level of these tools offers discovery—the ability to crawl around storage of sensitive information in your network that you might not be aware of," Mogull says.

Discovery was a key capability sought by Sharp Healthcare. The San Diego-based health care provider was satisfied with the security of its core business systems and databases, but wanted to assess file and print servers as well as networked devices. In late 2006, the company deployed a data-loss prevention system from Vontu. The solution samples a representative slice of sensitive data from a database, such as names, addresses and social security numbers, and when a match is found, the system uses business rules to create a priority list of incidents for Tobia's team to address. For instance, a file found on a server, desktop, or laptop that contains names, addresses, and social security numbers would generate a higher-priority alert than a file containing just a list of addresses.

"We contact the owners of those files and make sure they're following established security procedures," says Paul Tobia, information systems security manager. "It also helps us comply with requirements to document data outside our core systems."

Tobia says Sharp Healthcare runs "gigabytes a week" through the software, and he adds that without automation, the company would otherwise have to rely on "a ton of people" to handle the assessments.

The company now plans to use Vontu to monitor network traffic to detect sensitive data in motion. The role of the system is to help users comply with good security policy, not to harass them, says Tobia. "Our first goal is to understand why someone needs to move data from one location to another," he explains. "With that need in mind, [we help them figure out] the most secure way to get that data where it needs to go, whether it's encrypted e-mail or secure file shares that can be locked down."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 3
Comment  | 
Print  | 
More Insights
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
What Comes Next for AWS with Jassy to Become Amazon CEO
Joao-Pierre S. Ruth, Senior Writer,  2/4/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll