The explosion of social networking tools – Facebook, Twitter, LinkedIn and others – has created some big, new headaches for IT managers and those concerned with protecting corporate networks and data. Many workers assume they need and will get instant access to these tools, but they might not realize the potential risks and harm using them can inflict on their companies.
In an article published June 3, Code Green Networks’ CTO Mark Menke discusses the growing usage of these networks and the impact on security and data protection. Code Green Networks’ sales team has heard plenty of hair-raising stories by now about medical staff posting patient data on Twitter and Facebook, about critical corporate information leaking out via LinkedIn and other scary scenarios – and we estimate this is the tip of the iceberg as social networking tool usage becomes embedded into many workers’ everyday workflow. DLP, or data loss prevention, is one tool that can be used alongside strong policies and other mainstream protections.
In this video, I give a quick “chalk talk” about of how to use a Data Loss Prevention solution to prevent your organization from losing information over the Web.
Topics Covered Include:
Leveraging the Proxy architecture with a DLP solution to stop data leaks
How a Data Loss Prevention works to monitor and stop HTTP traffic
When it comes to network data loss prevention solutions monitoring SSL encrypted traffic a lot depends on the transparency of the web/ICAP proxy and how it is configured to handle SSL certificates. Some proxies are better at this than others. Pretty much all the network DLP solutions utilize ICAP integration with a web proxy for inspecting SSL traffic and are somewhat/very successful.
When it comes to endpoint data loss prevention solutions monitoring SSL encrypted traffic there are issues.
You can’t monitor traffic from systems that don’t have the endpoint solution on them, for example guest machines, contractors, visitors, etc. Or the endpoint solution may not be available for all the different endpoint operating systems and browsers used on your network. A network based solution monitors/controls anything going through the gateway regardless.
The endpoint solution has to have its inspection/control happen prior to the data being SSL encrypted by the web browser. This can be difficult to build and not all endpoint solutions can do this. If the endpoint solution is built to handle IE browsers you may need to lock the endpoint down to prevent other browsers (chrome, safari, etc) from being installed and used.
The deployment and management issue – network DLP is much easier and less disruptive to deploy and manage than installing an endpoint DLP agent on every desktop in your organization.
I’m not against endpoint DLP, it’s one of the products Code Green offers, but network DLP is a much better solution for web traffic monitoring and control.