Cathy Brode, the chief executive at 3BView, answers questions about ILP - insider leak prevention - starting with a pointed one suggesting the term is just consultant buzzword speak.
Techworld: Isn't ILP just a consultancy buzzword to worry CIOs and get consultancy projects where there is no real proof that ILP is an actual threat?
Cathy Brode: No. Revealing confidential data in outbound communications (as blocked by LP) is a real threat. Financial consequences for firms that get it wrong include losing lawsuits, loss of customer confidence/trust, and penalties for breaching the increasing number of data protection regulations and compliance rules (in the legal and financial sectors in particular). Analysts like Gartner, Aberdeen, etc. are certainly seeing this as a real threat.
Symantec too certainly thinks it's a real threat - it spent $350m this week to acquire Vontu.
Techworld: Can you identify real instances - with names and costs if possible - where actual insiders have leaked or stolen sensitive data and caused their organisations identifiable harm?
1. Merck reveals drug details in Word tracked changes - highly relevant to thousands of multi-million dollar legal cases and Merck put aside $598m last year to its legal defence fund for these. (December 2005, here.)
2. Google reveals secret financial forecasts in PowerPoint; the cost was hard to quantify, but Google shares dropped 2 percent in after-hours trading that day. (March 2006, here.)
3. AT&T accidentally gave away sensitive details in a lawsuit on spying on its customers in a PDF file. (May 2006 and lawsuits are ongoing, (here.)
4. US Defence Intelligence Agency (DIA) revealed classified intelligence budget in PowerPoint doc. (June 2007, here.)
5. Australian ministers sacked due to author names identifiable in Word doc. (March 2007, here.)
Techworld: What are the main reasons for insider leaks?
Cathy Brode: The number one reason for leaks is simple human error - for example, sending out the wrong version of a Word document that has tracked changes still in it, or a PowerPoint document that still has notes visible (like Google did with financial forecasts). Employees may also not be aware of the information that their documents give away (e.g. the author names in a document) - this is what caught out the UK government over the "dodgy dossier."
Techworld: What are the main mechanisms?
Cathy Brode: Email is the main mechanism, but documents can also be leaked via any electronic communications method: IM, P2P, webmail via HTTP etc. ILP protection needs to address all the main likely mechanisms.
Techworld: How can the insider leak threat be realistically met?
Cathy Brode: Realistically, no protection is ever going to be 100-percent perfect. A sufficiently determined insider is almost certainly going to find a way to get data out - but protection can at the very least block all accidental leaks, can make it extremely difficult for insiders to leak data, and can put in place an audit trail that ensures a company is protected against any legal action that might result from a leak.
Techworld: How are ILP measures to be measured? What is the RoI?
Cathy Brode: RoI for IT security is tricky at the best of times. It's like measuring the RoI of car insurance when your car hasn't been stolen yet. Companies can evaluate the RoI as best they can by comparing the potential cost of a breach (as shown by examples in their industry sector) with the cost of implementing ILP protection.
3BView can be contacted here.