Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 17 January 2017 11:54

Employees can steal company IP


Tell me something new – a person leaves the company with its customer list, intellectual property, designs, and more, walking out with a USB drive or simply emailing it. The fastest way to take down the competition is to work for them, or a close supplier.

Today’s Sydney Morning Herald tells the story of online fashion business Showpo suing a former employee now working for the competition Black Swallow, for the alleged theft of its 360,000-strong email direct marketing (EDM) list.

MailChimp manages the EDM and has provided activity history that allegedly shows the former employee’s password was used to access the EDM that was then exported to her home IP address.

Regardless of the event and the potentially expensive and lengthy legal outcome, the damage has been done. It is timely to remind readers that data loss protection (DLP) or alternatively a secure file management platform approach are becoming a mandatory part of business security – using another acronym it is DRM (Digital Rights Management).

It boils down to risk. If the risk of a competitor gaining your EDM would seriously affect your business, you need a DRM solution. If a competitor gets hold of your IP or sales/pricing documents – ditto.

There is the age-old problem – if you lock things down too tightly it affects productivity, if you use passwords for sensitive data or folders all it takes is one password leak and that is useless. What is worse is that passwords are often not changed quickly, if at all, when an employee leaves with the keys to the castle.

Two products come to mind – BlackBerry’s Workspaces (formerly WatchDox) and Symantec’s DLP (Data Loss Prevention). Both rely on establishing what constitutes sensitive data and policies for its access, distribution, and use. Both realise that mobile BYOD devices are now repositories of much sensitive corporate data. Both use different approaches.

Workspace is the rework of WatchDox that Blackberry acquired in mid-2015 and its part of BlackBerry’s metamorphosis from a secure smartphone company to a secure software company.

Moti Rafalin, WatchDox chief executive, said back in 2011, “WikiLeaks, as well as numerous smaller document leakage incidents, have raised awareness for the need to better secure documents as they are shared inside and outside of the organisation. Legacy enterprise digital rights management and data loss prevention products are failing to address the problem, and enterprises are realising documents need to be seamlessly protected and controlled wherever they go.”

Workspaces builds on the WatchDox raison d'être ‎(or should that be reasonable deterrent) to securely share documents among employees and other authorised individuals. When those files leave the corporate circle of trust — for example, to be sent to someone outside the organisation — the security goes with them.

Rebecca Bradburne, head of Asia Pacific & Japan, BlackBerry Workspaces, said, “Showpo’s security breach is not an isolated incident. Companies need to start recognising the danger that comes from within. We see that businesses have put systems in place to protect data inside an organisation, but as soon as data leaves the four walls they are powerless to stop a breach. This makes them a sitting duck to attacks."

“Now is the time for businesses to get smarter about the technology they use and the policies they have in place. BlackBerry Workspaces gives organisations the ability to maintain control over all corporate information in all circumstances. Workspaces allows companies to revoke access to data at any point, protecting information when it leaves the organisation. By implementing these type of technologies, Showpo could have avoided a breach and the implications it will have on the organisation’s reputation," she added.

Security is more than just IT and passwords – it needs to be viewed holistically by businesses. Without both a robust security policy and the right technology in place, these kind of high-profile breaches will become more and more common.

Symantec has been in DLP for a little longer (since 2006) and is a leader in Gartner’s Magic Quadrant.

According to Gartner, “Data loss prevention is currently experiencing a renaissance through a ‘second wave’ of adoption. What’s driving this need for data loss prevention? It is all about the data as organizations of all sizes and in all industries experience breaches. While DLP is not designed to be a silver bullet, it provides a key layer of data visibility needed to detect and respond to security incidents. And unlike other security controls, it can recognize the difference between a well-meaning insider and a malicious insider. This is why DLP is now considered a foundational technology that should be in every security leader’s toolbox.”

Symantec’s mantra is “data-aware defence” and wrapping tools around different data types and environments including the cloud for email, apps, and storage. It uses an extensive “discovery” process for file type detection (330 automatically recognised), content matching e.g. identifying things like credit card numbers, exact data matching and blocking, indexed document matching including a full file fingerprint (useful for unstructured data like documents, spreadsheets etc.) and machine learning.

Once done it monitors all use and builds a profile of policies that protect data in motion consistently across the whole environment including on-premise, cloud, and mobile. Its DLP covers application control, device control, automatic data classification, storage control and backup, sovereignty of data, ID management, malware/ransomware encryption protection, malware data exfiltration, and more.

Speaking with both BlackBerry and Symantec it appears that renewed interest in DLP is from small business like Showpo to enterprise level – all must put a value on the data they have, protect it and comply with new breach legislation and things like PCI-DSS.

Bradburne sums up for Workspaces: "Because it is cloud based — pay as you go — it is instantly available from one seat to thousands. It is part of BlackBerry's culture to inject a security first culture into every organisation, regardless of size."

Symantec sums up for its DLP, "Now we have a cloud offering our products are suitable from small business to enterprise - both on and off-premise."

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News