Take a holistic approach to data security

Technology that safeguards private data and intellectual property is clearly an essential part of a total security strategy. Experts say at least one of the technologies covered in this roundup should be installed to protect content, whether that technology uses agents to enforce rights management or heuristics to sense or block sensitive data from leaving the network.

Yet few enterprises can afford to implement multiple approaches on a large scale. Accordingly, you need to make economic trade-offs in what you protect and how you protect it.

Perform a full audit for vulnerabilities and start by making certain current security systems are fully engaged. Next, rank what’s most important to your organization — what data you could tolerate losing and which files, if lost, would jeopardize your entire business. Implement an appropriate solution for each case.

Lastly, don’t overlook low-tech approaches. For example, using role-based security available with existing identity management systems (such as Microsoft Active Domain and Novell Nsure Secure Login) helps ensure that employees or partners have access to just the information required to do their job. True, this alone won’t prevent a midlevel salesperson leaving for a new job with his or her client list, but that probably won’t put you out of business.

On the other hand, you could be put out of business if your chief scientist takes information for a patentable invention. The lesson here is to put tight monitoring on trusted high-profile users. For this job, it’s smart to try an agent-based system with a strong audit trail.

In the middle ground, especially in regulated industries, few would question the need to protect your perimeter with automated outbound-network scanning. Still, to make this work successfully you need to understand and precisely classify information vital to your organization and constituents, a challenge many groups fail.

Finally, through education programs, employees and contractors need to understand that it’s their responsibility to protect information, just as they take care of physical assets.

For instance, employees often send confidential files to their public Hotmail and Yahoo accounts so they can get some work done over the weekend; even these well-meaning employees don’t realize that this puts an organization at high risk. Articles on your intranet or a simple warning from a detection solution often reduce this type of problem by as much as 95 percent.