Tell me what you think in this Linked In poll – DLP success or failure

I think that a more relevant question is “Is information protection possible?”

The  author correctly identifies that it’s easier to access data (and leak it) than to modify or delete data.  However, the notion that data is out of control in the corporate world is an over-reaction and does a mis-justice to most businesses.

Data is out of control in the corporate world…I think… the only way that we can have influence on the likelihood of (data loss) occuring is through a couple of fundamental controls, namely

1. Reduce and limit access to data

2. Control the “copyability” of data

Companies already manage access and control “copyability”. This is not new, nor is it effective against the threat of a major data loss event.

Organizations from SME and up to Global 2000 use Microsoft networks based on Active Directory with planned (not always well executed) group policies and permissions management.  Controlling access and copyability in the service of business objectives is precisely the objective of these systems.

If you need finer-grained copy protection – there are dozens of endpoint security products – from Checkpoint, Mcafee and Symantec to Controlguard.

If you need finer-grained rights management, there are products like Microsoft DRM and Oracle IRM. Personally, I don’t think that DRM is effective for enterprise information protection. DRM changes the user experience and depends on user behavior, it can be broken and or bypassed and DRM systems are difficult to deploy on a large scale because of the above constraints.

However – permissions and rights access management and lately, removable device management have not prevented major data loss events like Heartland or Hannaford. The reason for this is that once rights are granted – the user is trusted and can move the data anywhere he  or she wants.

We need information protection,  not copy protection; and in a way and at a cost that is a good fit for the business.

Information protection is possible by taking a value-based approach that integrates with the business operation.   Analyze your business requirements and threat scenarios – and only then – consider data loss prevention solutions like  enterprise information protection from Verdasys, agent DLP from Mcafee or a gateway DLP solution from  Fidelis Security.

Is a SME like the old German expression – Kleine Kinder kleine Sorgen, große Kinder große Sorgen? “Small children, small problems, big children, big problems”?

I wanted to call this post “The need to understand operational risk of information security” – but I realised that op risk is a concept used by big banks and that a SME with 40 employees is not even thinking in that direction and may not even have an IT manager, let alone an IT security and compliance group. Yet – a small payment processor,  or customer service outsourcing provider can be destroyed by a  single data loss event.

The impact of a data loss event on an SME can be proportionally much greater than for a large, globally dispersed organization.  An SME has all their eggs in one basket – outsourcing manufacturing to the Far East and providing sales and support using the Internet from offices in New York, Tel Aviv and Mumbai.

A typical SME buys network access from the ISP and installs standard network security in the office: like a SOHO firewall (Checkpoint or Cisco do fine), anti-virus on the workstations and anti-spam from the ISP.

The problem with firewall/anti-virus/anti-spam is that they are defensive means against known signatures rather than proactive means of mitigating the next attack launched from inside the network.

In order to understand the possible impact of an internally-launched attack on data (for example – an employee taking proprietary customer pricing with them to a competitor) or blogging new product plans from the office – or losing a database of payment card numbers to a hacker – the first step to being proactive is monitoring.

With a UTM box, security focus is on outside­-in attacks, despite the fact that the majority of attacks on customer data and intellectual property launch from inside the office/extended network. The notion of trusted systems inside a hard perimeter has disappeared with rise of Web 2.0 services and convergence of all applications to HTTP.

I cannot imagine an SME spending $150,000 on Fidelis XPS network DLP solution or Verdays Digital Guardian (which is oriented to Global 500 customers or translated into English – at least 2,000 seats) but the new network DLP  product – Traffic Monitor Lite from Infowatch is taking DLP technology into realm of pricing and ease-of-use from a Global SME. I look forward to having the opportunity to evaluate it and report back on my findings.

Biswamohan Pani, 33, was indicted for allegedly stealing trade secrets from Intel’s Hudson, Mass. facility and downloading confidential documents from Intel offices in California.

According to the indictment, Pani gave notice to leave Intel and told his superiors he was using up about a week of vacation while looking for a job at a hedge fund.

In reality, according to the indictment, he had taken a job at Intel rival AMD and, while using up vacation time at Intel, was downloading documents marked by Intel as confidential. Without going into the entire discussion of Intel’s management of intellectual property, there are some interesting  questions:

Why was an employee, who had announced he was leaving, and was running down vacation at home – even allowed to have access to Intel file servers?

How did Intel discover that confidential documents were being downloaded? Does Intel use data loss prevention technology? were they tipped off by another employee? or did the investigation start once Intel discovered that the employee was going to work for a competitor and then they started checking download logs?

Full article on the Sacremento Business Journal

Are test equipment sales  a bellwether of the telecommunications and technology industry prospects?

I have been looking for macro indicators of what will happen in the telecommunications industry. We specialize in  data  security for telecommunications. Data security is a big issue for companies in flux – firing employees, turning more to outside contractors and merging operations. The question is whether or not data security is getting slashed out of 2009 budgets.

One macro indicator is sales forecasts of technology vendors to the telecom industry – Cisco, which is regarded as being very good at forecasting, predicts a sales drop of 10 percent in the next quarter. However – the supply chain doesn’t stop with telecom equipment and  network security manufacturers like Cisco, Nortel. HP. Juniper, IBM, Alcatel and Nokia.   These vendors  need test equipment to test their products on telco and corporate networks.

Amid the telecom industry storm of warnings and worries, test equipment vendor Spirent Communications plc (NYSE: SPM – message board; London: SPT) believes it’s on-target for 2008 and a capable of maintaining a similar level of sales during 2009.

The crash of Lehman Brothers , in September 2008 caused widespread financial woes by companies of all shapes and sizes and also caused a blip for Spirent. But – Spirent sales bounced back in October. Telco equipment firms continue to spend in areas that are core to their strategies: wireless, carrier Ethernet, data center developments, and the automation of lab-based testing processes. “Customers are aiming for better utilization of their resources,” says the Sprient CEO.

Since customers need better utilization of their resources, that means that we need to show how our data security solutions will not only help protect telecom digital assets but also reduce the cost of ownership and do the job with less head-count.

I suppose I didn’t really need Spirent for that insight.

See  the full article on Light Reading

I was talking with my friend Gennady Weizman yesterday about medium term (as in the next 6-18 months) impact of the current financial markets crisis on the tech market.   Most of our business is in the telecom industry – so I have an interest in whether our clients will have money to spend.

it appears to me that there is a significant difference in the threat surface for telecom business today than 8 years ago when the dot.com bubble burst.   Back in 2000, the telecom service providers and their technology suppliers were living off the bubble, overpriced products and services and an over-supply of fiber and network infrastructure.  It took the the telecom industry 7 years to recover but today the industry is healthy with multiple growth drivers in VOD, IPTV, broadband, triple-play, VoIP, HDTV, 3G cellular, WiMax and mobile data.

Cisco is my personal indicator – if their orders (many from telecom service providers) drop then it’s a sign that the consumer credit crisis is trickling back up the supply chain to the equipment vendors.

Cisco shares declined in Nasdaq trading after John Chambers forecast the first revenue drop in five years because of the financial crisis. Sales may fall as much as 10 percent in the second quarter, which ends in January

The business took a hit  with the credit crunch, driving October 2008 orders for Cisco products down 9 percent. Chambers said that his comfort level with the forecast was the lowest since the dot-com bubble burst in 2000. Cisco plans to save $1 billion in costs over the next three quarters by freezing hiring, business travel and relocation expenses.

Chambers is usually an optimistic fellow – so should we be worried?

If you’re holding Nortel stock – you have a problem:

In a report titled “I would like to refill my Prozac prescription,” RBC Capital Markets analyst Mark Sue said Nortel’s “marginalized industry position,” combined with the bad economy, means the company’s outlook may deteriorate before stabilizing. Sue rates Nortel “Underperform” with a target price of $1.50, down from an earlier $2.

The cellular and Internet industry is fundamentally strong – far healthier, and apparently much better managed than the US automobile industry.  Cisco orders are down 9% in October but they’re not on the verge of bankruptcy like GM.

Wired and cellular service providers have their key assets in the consumer market – and are vulnerable to the consumer credit crunch and a slowdown in usage of telecommunications. The slowdown will move back up the supply chain but as long as the vendors control costs – it will be a drop in net revenues not a crash like GM or Lehman Brothers. I predict a slowdown for 6-18 months with the telecom market hitting the bottom in another year and staying there for a while. This time recovery will be faster – but I predict that sales for Cisco,  Nortel and Motorola will get worse before they get better.