http://www.siemensjobcam.com/sbs-2008-mobile-devices/
Closing the gaps in the safety of company data: A model for the protection of 360 ˚
Closing the gaps in the safety of company data: A model for 360? protection
Companies adapt to a greater mobility and extended connectivity: Evolution of data threats
Mobile computing and global networks cast a new light on issues like data security, In response, organizations to reevaluate the technologies in use within of their IT infrastructure and reconsider the ways in which staff, customers and partners of communication. Solutions that do not strike the right balance between protection and ease of use should be discarded in favor of solutions that effectively minimize risk of theft or loss of data, achieve compliance with current legislation and equip with tools that help them work productively and safely.
The crux of the matter is simple: The business processes of today are based on very different methods data storage and data exchange even a few years ago. These changes in the computing landscape, it is essential that companies adopt an approach very other than security. According to Forrester Research report, "The State of Enterprise IT Security: 2008 to 2009," 90% of organizations say data security is "important" or "very important" and receives high priority in 2009.
The following sections detail three possible scenarios that illustrate how these individual threats may affect business operations, data integrity and overall security of organizations.
Setting One: the theft of a mobile computing device
Scenario Two: Losing removable media that contain sensitive data
Scenario Three: The threat of insider
Each section also provides recommendations how each threat individual can be minimized by using the technology available today. The aim is to provide full 360 degrees of security that protects against more wide range of attack vectors.
Scenario one: the theft of mobile computing device
California-based Company A, a channel partner of a global chip manufacturer, has designed a promising media player. Product Manager Sally Ortez worked closely with the manufacturer chips to negotiate details of the purchase process, plans for product development, marketing strategy, sales channel projections in separate and details Product Roadmap.
Ortez usually keep all documents relevant to collaboration in your laptop, including property information under a nondisclosure agreement with the manufacturer. At a trade fair in Hong Kong, sailed Ortez fill the halls of vendors and technology companies with his team bag secured by its shoulder strap. After he was beaten from behind, someone quickly cut the strap of the bag and grabbed it. Efforts police to locate the thief.
Five days later, all specifications of the new process appeared on the Internet, along with the marketing plan for the media player and the product roadmap. A day after the chip maker cancels co-channel marketing plans with Company A and threatened to take legal action because of the disclosure. Ortez, never recovered the lost laptop.
The mobility workers depends on computing devices smaller, lighter and more portable to do their work in the field. His confidence in these devices computing increases the importance of protecting information about them from loss, theft or unauthorized viewing. The 2008 CSI Security Survey Computer Crime and reports of laptop theft / fraud ranks among the top three threats, with 42% of safety professionals who responded quoting her.
As reported by a number of different sources, the theft of mobile computing equipment is too common, non-protection of information stored on systems accessible to thieves. Even a power-on password and other forms of single-factor authentication are of little use in surveillance against theft or loss.
However, encrypting data on mobile computing devices makes it inaccessible to thieves and outsiders, and provides a level of data protection that is both prudent and responsible.
Solution SafeGuard Enterprise
SafeGuard Enterprise in order for the above scenario could have been very different. Consider this alternate ending.
Following advice from a leading publication of data security, director of IT operations in a company implemented a policy to perform complete hard disk encryption on all laptop computers use the enterprise SafeGuard Enterprise software deployment took place during the night. After initial use, which requires a simple registration in process, employees who use sign single (SSO) only need to enter your password once to access the computer, as they had done previously. Employees do not notice any difference the behavior of their laptops.
During the trade fair in Hong Kong, Ortez Sally lost her laptop computer when the bag was sequestered in a crowd. Due to strong encryption protection for these devices, there is no possibility that disclosure of sensitive data, and the association business with the chip maker continued to flourish. Company A also avoid having to notify companies and individuals about the stolen data, as required California SB 1386 for the loss of unencrypted data. Encryption preserved the privacy of data and a business relationship of value for everyone involved in this setting.
The industry leader in encryption solutions deliver Sophos enterprise caliber data security, giving mobile workers the confidence of protection and travel freely without worry of disclosing information that could damage both your company and your career.
SafeGuard Enterprise protects data effectively in mobile computing devices, including laptops and netbooks.
Scenario two: Loss removable media that contain sensitive data
Fabian Bredcowski worked as a technical support specialist for Company B, a prosperous England Headquartered in New computer shops, and was aware of the files and information stored on company servers B-all of which were heavily protected by a corporate firewall and rigorous authentication and security access.
Bredcowski took safety seriously, but was also tough on the search for solutions to problems, even when away from the workplace. After treating a particularly vexing question of support could not resolved by telephone, could not Bredcowski that the problem of his mind and decided to work on it at home with your home computer. At day's end, hastened to copy files of high-tech customers to support a 1GB stick of memory and slipped into a pocket in your wallet. The files include contact information and the data Personal of several hundred customers of the company B.
On the way home, stopped at a Bredcowski local takeaway restaurant dinner. The portfolio fell pocket and fell to the floor when out of the car. The driver of the next car into the parking lot of the portfolio account, took the same and find the device memory inside. He put two and quickly went away.
When Bredcowski hand on your wallet to pay for his meal, he was surprised to discover who had disappeared. At the same moment, he realized the Memory Stick with private customer data was inside. In conscience, reported missing his supervisor, who was furious that as a matter of policy, Company B would have to notify each customer personal data loss, a reflection deep on the handling of personal information company. For this breach, Bredcowski docked the cost of mailing notices of data loss and relegated to a position in the shipping department. For several months after the event, the staff of customer service in Company B has had to respond to a constant flow telephone and complaints from email clients worried that their personal data had been treated casually.
The larger storage capacity and evolving form factors of removable media to create a new array of possible data loss. Protect hard drives removable devices flash memory, optical disks, magnetic media, memory cards and similar media must be a priority for security strategists within an organization.
The compact size and lightweight form factor for removable media devices that make them especially prone to loss or theft. These potential gaps security can damage customer relationships and lead to financial losses for the companies involved.
Protect sensitive data and intellectual property residing in the endpoint devices: the encryption prevents unauthorized access to hard drives, flash memory cards, optical disks, memory cards and media Similar communication.
Solution: SafeGuard Data Exchange
Using SafeGuard Data Exchange could be as final result in very different story. Consider this alternative scenario. After tackling the difficult issue of support can not solve by phone Bredcowski copying files associated with a 1GB memory stick protected by the solution Protect Exchange data. All data stored in the memory device was automatically encrypted, protected by a password that previously assigned Bredcowski.
The loss of his wallet in the restaurant parking lot turned out to be a tragedy staff, but the driver who stole his wallet and both the memory device had no way to access any of the data files, because encrypted. Although reported Bredcowski loss to your supervisor, no action was taken because the data from the memory card was well protected. For several months later, Bredcowski had to deal with fraudulent charges on their credit cards, but good customers of company B were protected from potential disclosure of personal information and the company maintained its solid reputation.
SafeGuard Data Exchange provides security to go to all forms of removable media. As a reasonable precaution against loss or theft, this solution ensures the consistency, the effective protection of the media commonly used storage devices in your company. To ensure that confidential information remains confidential, you can configure SafeGuard Data Exchange, to prevent sensitive data leaving the company in a removable medium without being encrypted. As an additional measure of protection, access to unencrypted data stored on removable media simply be denied.
Setting Three: The threat of insider
Profolo Wendy had been working as a software developer of his contract, and mid-twenties, and competence and integrity of their cattle a good dose of confidence. In its new mission of Company C, which was quickly provided access to the network and their manager is pleased to see her making steady progress in the codification project had been given. What your manager Profolo not know was that he had a serious gambling problem and had become the domain of finding ways to exploit information from a corporate server to meet their increasing debt game.
Within two weeks, Profolo succeeded in changing their access privileges, travel network file structures to retrieve a dozen credit card numbers, corporate, personal information gathering on the executive board that could be useful later, accumulate financial records that he thought could be sold to a competitor company in Taiwan C and steal the source code of a revolutionary new product that the company was developing. Profolo was surprised one night while walking through the human resource files of one of the janitors, who was surprised to see your name on your screen and immediately informed his supervisor. Profolo is serving a prison sentence of minimum security and as a result of this experience, Company C is currently based on encryption to protect sensitive resources stored on corporate servers.
Insider threats, if contractors working in the software code, disgruntled managers who act maliciously or rogue staff with unknown programs are some of the scenarios more insidious threat data. The
2008 CSI Computer Crime and Security Survey reports that the abuse insider trading is among the top two concerns, with 44% of professional respondents citing security threats.
A strategy Comprehensive data protection should address this potential risk and mitigation techniques to find.
First, consider the range of assets being inside, theoretically, you can view or access, then use decisive measures to ensure these assets against unauthorized persons. This can include access to network file Internal LAN, server content that is accessible to those inside and by chance the information stored on workstations or notebooks physically accessible on the desktops and tables in a facility.
Solution: SafeGuard LAN Crypt
Before the company hired Wendy C Profolo, an expert Manager in the software engineering group acquired a copy of proof of SafeGuard LAN Crypt. Impressed by the ability of the software application, the manager of purchasing and installing a licensed version of the product. Following the recruitment of Profolo, although a progression of attempts to penetrate the contents of encrypted server, which ultimately realized that there was no possible way to access protected files and folders on the LAN.
Given this situation, Profolo was forced to face his problem and its supervisor helped him gain admission to a 12-step program gambling addiction, who got his problem under control. Profolo has recovered and focused his skills in design Applications recently become a value, full-time employee of the company.
SafeGuard LAN Crypt prevents sensitive information stored on company servers from being seen by anyone without proper authorization. In any organization in which insiders have potential access to the contents of servers, encryption is an effective means of protecting sensitive information from prying eyes.
Embracing a 360 degree approach to data protection
As discussed in this work, maintaining data privacy and confidentiality is an essential component of any security strategy data designed to deal with the threats of today's data. With a set of data security solutions based on advanced encryption technology, products Sophos directly the three stages in the life cycle of data: the endpoint or the back (data at rest), during transmission (data in motion) and during the process (data in use). The prevailing model of the open enterprise, where mobile workers, removable media and networks to increase new threats-requires a strategy that aligns with complete business practices, comprehensive data protection.
Central management and monitoring of protective measures data provide organizations a means to ensure that current security policies are enacted consistently throughout the organization. SafeGuard solutions combine Central to the management of key security components to provide a unified approach to data protection-an important factor in combating the threats of data.
About the Author
This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
Stay Connected With Email On Your Phone