17 April 2013

The fundamental principle of breach prevention!

The fundamental principle of breach prevention!


A layered Information Protection solution to keep data safe and secure regardless of whether it is in transit or stored inside or outside your perimeter
An advanced Persistent Security mechanism, using state-of-the-art e-Biometrics, to continuously verify that the people using your systems are who you think they are

For the past two decades, vast amounts of money and countless hours have been invested in breach prevention. The order of the day has been to harden network and server access through the deployment and redeployment of an evolving series of firewalls, anti-spam/anti-virus applications and intrusion detection and prevention systems – all of them, in essence, attempts to ‘reinforce the perimeter’ to protect what lies within.

While this remains good and necessary IT practise, it takes no account of two very important and inescapable truths:

  • users are always inside the perimeter, and
  • even those authorised users can cause significant damage.

By ignoring these, CIOs fail to address possibly the most fundamental persistent threat, that of a breach orchestrated by one or more of their organisation’s own users.

The antidote to this insider threat is to arrange persistent protection and control over information at all times. The best of today’s data-centric technologies ensure that even if confidential data is released, it is rendered meaningless to whoever may acquire it.

So long as the data itself is encrypted then there is control over who should be able to read it, when they are able to do so and for how long. This means that even if an insider with no malicious intent inadvertently misdirects sensitive data, it remains inaccessible and damage limitation can take place.

A data-centric approach to data breaches isn’t mutually exclusive of any other forms of defence, but the addition of classification and encryption mechanisms ensure the protection and control of proprietary information - arguably as important an asset of any company as its people.

RightsWATCH and TypeWATCH are market-leading products designed to keep sensitive information safe from security breaches resulting from malicious wrongdoing or inadvertent misuse. Come and see live demonstrations of just how simple they are to implement and use on stand O80 @ InfoSEC Europe, 23-25 April, Earls Court, London, UK.

No comments:

Post a Comment