FierceFinanceFierceFinanceITFierceComplianceIT   FierceCIO

Goldman Sachs incident a boon for data loss prevention?

Data loss prevention technologies have earned a certain amount of buzz as of late. We've noted over on FierceComplianceIT that the pioneering start-ups--the likes of Reconnex, Orchestria, Vontu, Provilla and Tablus--have been swallowed up by McAfee, CA, Symantec, Trend Micro and RSA.

The services are certainly evolving, "moving beyond the first generation products, which was focused on gateways and desktops. The functionality is now being linked into applications that govern digital rights management, identity and access management." The Goldman Sachs rogue programmer case certainly plays to the trend. The bank, via routine monitoring, discovered that an employee machine was used at least four times to send some 32 megabytes of data to an external website. The bank then recovered alleged thief's bash history to uncover his specific actions.

Vendors are already making hay with the incident. PGP Corporation and Fidelis Security Systems certainly think their next-generation approach, combining data loss prevention with enterprise encryption, could have prevented the breach. It launched it's product a few days after the scandal made headlines--good timing in a sense. We'll see how the market responds. The Goldman Sachs incident may well focus more attention on all data loss prevention technologies. 

For more:
- here's the release

Related Articles:
Are you up to speed on data loss prevention?
Citadel sues former employees
Software programmer steals from Goldman Sachs?
Big data theft settlement gets approval
Countrywide faces fallout from internal data breach

SHARE WITH:
Email Twitter Facebook LinkedIn StumbleUpon
Get Your FREE FierceFinanceIT Email Newsletter:
Comments (2) | Post a comment

Comments

Strange you list pretty much all DLP vendors apart from Websense. They led the 2008 Forrester and Gartner analyst reports as the leading technology!

"GTB Technologies 5 Essential Ingredients of a DLP system":
1. Comprehensive channels coverage. DLP systems must cover ALL the relevant channels.
2. Enforcement of the data security policy: the product must be able to effectively block transmission of protected data. Many “DLP” products being sold are actually DLD – Data Leak Detection products. They report what data breaches have occurred, instead of stopping it in real time.
3. Content Inspection: Making decisions based on the form (file type, file attributes etc.) or meta-data (author, language, size of attachment etc.) is NOT enough.
4. Accuracy: a DLP solution has to employ detection technology with virtually zero false positives. The DLP system must be resilient to typical modifications of the data
5. Non-duplicating protected data. If it does, then DLP becomes Data Leak Provoking. But many vendors still sell products, copying the data they are supposed to protect into their internal database. Encrypting such data, or keeping it in the form of the search index is not enough to satisfy this requirement!

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.