Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Management still ‘a challenge’ to data leakage protection, says Axway (formerly Tumbleweed) guru

  • 26 May, 2009 15:09

<p>In the evolving ‘war’ over at-risk information on enterprise networks, data leakage protection (DLP) technologies are heading in the right direction. But according to Dr Taher Elgamal, Chief Security Officer of Axway Inc. (formerly Tumbleweed Communications), and an industry leader in information security, overall management remains a challenge.</p>
<p>A global expert in information security, Dr Elgamal addressed the recent AusCERT2009 information security conference. He is recognised in the industry as the 'inventor' of SSL. According to Dr Elgamal, DLP is a key aspect of managing enterprise networks that host at-risk critical data.</p>
<p>He said: “Current technologies and products are heading in the right direction, but overall management remains a challenge. Yet it is possible to focus on important applications and deploy aspects of DLP without affecting managing the rest of the network or applications.”</p>
<p>Dr Elgamal said networks and applications were designed without taking into account overall data security. The connectivity of all organisations’ networks to each other through the Internet was never designed, but “just happened” leaving many gaps in security.</p>
<p>With multiple applications accessing the same data, the threat of sensitive data or intellectual property electronically leaving an organisation grows daily. The number of entry (and exit) points to an organisation’s network far exceeds the number of machines or even users. Closing one exit point provides no value – the organisation needs an overall protection strategy, said Dr Elgamal.</p>
<p>The problem is complex: critical information is usually stored on multiple networks running with multiple policies without any control from the information “owner”. Identity theft is one of the most difficult situations to protect against - a single incident can cause huge losses of consumer records, plus loss of reputation.</p>
<p>Dr Elgamal said that although governments and industry regulators were calling for protection of information, the tools were not yet mature. Many PCI certified businesses are still being attacked successfully, indeed organisations were being deceived by the regulations.</p>
<p>Implementing regulations was often more expensive than solving the actual problem at hand. He suggested five steps to satisfying regulations, and preventing intellectual property leakage and loss of customer and third party information:</p>
<p>1. Understand what data the business handles and needs
2. Establish organisational policies
3. Improve awareness across all business functions
4. Understand the regulatory landscape
5. Establish the architecture, technologies and products and start implementation</p>
<p>Dr Elgamal said security solutions had to be considered ongoing business processes rather than one time solutions – “this is about the business, NOT about IT.” Solving the compliance problem is usually the driver for customer buying the solutions, driving vendors to satisfy regulations rather than attempting to solve the problem.</p>
<p>“Enterprise DLP solutions do not have the capacity to monitor data locally managed at an endpoint (personal email, mobile device), and it is difficult to thwart insider threats if the endpoints are not guarded. Also encrypted data can cause problems if the enterprise does not manage the encryption well.”</p>
<p>Dr Elgamal said a combination of the solutions was necessary for a complete system, while policies at the servers and at the endpoints required different modes of management. “The “ultimate” solution will not happen until the industry knows how to describe policies for content independent of where and how the content is accessed.”</p>
<p>He said the most effective applications provide content scanning embedded in the data flow itself. These caused no problems with encryption if the application provided this, since the data could be analysed prior to encryption. Combining the DLP engine and its interaction with enterprise policies in a single management infrastructure with the application saved time and effort.</p>
<p>For more information</p>
<p>David Frost
PR Deadlines, for Axway
Phone: +61.2.4314 5021 or +61 (0) 408 408 210

Most Popular





Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?