With her latest book, Harry Potter and the Deathly Hallows, J.K. Rowling managed to protect the story line and ending of her book. Public sector organizations should likewise guard their critical intellectual property, including personal information, contracts, and other sensitive digital assets.
Admittedly, data protection is a lot more complex within larger organizations. The challenge is that most lack any form of automated processes to identify and classify their intellectual property. Manual processes don’t scale, are costly, and can’t adequately ensure critical data is in fact protected. New automated tools are required.
These new tools must be able to discover, classify, index, and report on what intellectual property is in an organization’s network of servers, PCs, and document repositories; so that organizations can apply appropriate protection policies to the information.
These automated discovery and classification tools should meet the following minimum requirements:
1. Broad reach: The ability to crawl and analyze stored content on the most common repositories, including Windows file shares, NFS, EMC-Documentum stores, and others.
2. Robust classification: The ability to detect intellectual property using a variety of techniques:
a. Exact match: Finding an original or exact copy of a document.
b. By example: Finding a derivative work of a document, such as finding snippets of sensitive data that have been cut and pasted into another document, or which have had words added or deleted, have had tense changed, and maybe even some words re-arranged.
c. Search: The ability to include words, phrases, expressions, and concepts in search strings, and include/exclude searches of certain document types (e.g., Word, Powerpoint, Excel, and more).
3. Flexible protection. Once intellectual property has been detected, a tool should be able to provide comprehensive reports, to move or delete documents, and to register documents so that exact matches or derivative works can be detected leaking out of the corporate network.
Additionally, a tool should be able to detect sensitive information and prevent it from being communicated via wireless or wired networks from laptops or desktops that are not connected to the corporate network (e.g., from a coffee shop, at the airport, or at home). And finally, a tool should prevent the storage of information on removable media such as USB devices.
Fortunately, data loss prevention technology exists today that meets or exceeds these requirements. Now is the time to begin evaluating which vendors provide the best fit for your needs.
According to a recent survey of 102 information security professionals by Enterprise Strategy Group, 74 per cent of those surveyed will spend more (and 44 per cent will spend significantly more) to protect their intellectual property in 2007 than they did in 2006.
This increase in spending is driven by the need to comply with government regulations such as Sarbanes Oxley, HIPPA, GLBA, FISMA, and others, as well as the need to protect data in conjunction with outsourcing (37 per cent of respondents) and increased collaboration with business partners, suppliers, and customers (34 per cent of respondents).
In addition, the larger an organization, the more likely it is to be increasing its spending on intellectual property protection to avoid costly and embarrassing public breaches of information security.
J.K. Rowling’s new book sold 8.3 million copies worth approximately $250 million in its first 24 hours. How many millions of dollars might have been lost if the story’s secrets had been divulged? How much is your intellectual property worth? Are you willing to risk the economic and competitive loss that could result if it leaks out of your organization?
John Peters is CEO of Reconnex Inc. This article appears courtesy of Network World (U.S.) and the IDG Newswire Service.