O que podemos realmente fazer sobre vazamento de dados?
A data leakage survey, initiated by Cisco, was recently conducted involving a total of 1000 end-users and 1000 IT professionals across 10 different countries; And the results were alarming. The survey revealed that, despite the security protocols put in place, employees continued to put corporate and personal data at risk. Such breaches include:
- Unauthorized use of certain applications
- Unauthorized access to parts of the company network
- Unsupervised sharing of work devices
- Transferring files from home computers to work computers
- Sharing of passwords with co-workers.
So, what steps can we take to limit the risk of data leakage?
Firstly, know where your data is! – Em primeiro lugar, saber onde seus dados são!
Without knowing exactly where your sensitive data is stored, how can you possibly implement controls to protect it? Of course, it’s not as straight forward as it sounds. The problem is that sensitive data resides not only in the database, but also in emails, websites / portals and on individual computers (as contracts, specifications etc.). Since it would be too impractical to implement one set of controls for all data types, it is important to spend some time categorizing the data to set controls appropriately.
There are many high-end products such as Reconnex, Websense and Tablus, which will automate the process of data discovery and categorization. Company’s such as GroundLabs can find more than 100 types of personally identifiable data and allow you to define algorithms and search patterns for custom data types. They can search files on disk, DBs, emails, cloud storage, as well as a detailed report after every scan.
Secondly, monitor network traffic and the content that is flowing through it! – Em segundo lugar, monitorar o tráfego de rede eo conteúdo que está fluindo através dele!
There are many solutions available to monitor network gateways and alerts alerts when they find suspicious data packets, as well as blocking and encrypting certain pieces of data.
Thirdly, keep a close eye on the ‘crown jewels’! – Em terceiro lugar, fique de olho nas “jóias da coroa”!
I’m talking about the database, of course. You need to know who, what, where, when, and how people are accessing the database. Our very own LepideAuditor Suite is designed to keep track of who’s authorized to access privileges and limit certain actions, such as deleting, modifying, copying or downloading information from the database. LepideAuditor will alert you to suspicious actions and provide a variety of reports; Including an audit trail. You should also consider sensitive data encrypting in the database. Finally, be sure to limit user privileges. According to the chief technology officer at Imperva, most employees are granted far more privileges than they actually need, so do not care if their access policies seem overly restrictive.
Fourthly, monitor those end-points! – Em quarto lugar, monitore esses pontos finais!
There will be an increasing number of devices, such as laptops, mobile phones, USB sticks etc., connecting to your network which will inevitably increase the risk of data leakage. Solutions such as ControlGuard will monitor devices and enforce controls on all devices connected to your network. Policies can be defined to block certain devices, restrict PrintScreen options, limit access to specific content and limit file transfer permissions. ControlGuard also provides a wealth of real-time updates and reports for regulatory compliance and auditing.
Finally, centralise the data! – Finalmente, centralize os dados!
While the centralisation of data is often perceived as a security vulnerability, it represents a single point of failure, in this case the use of a centralized document for storing sensitive data provides a necessary level of control.