Archive for the ‘DLP’ Category

What LEGO® Can Teach Us About Data Security

Thursday, February 11th, 2016

LEGO is slippery. I know that statement doesn’t sound like it makes sense and you are probably saying to yourself: “Surely he knows that LEGO blocks interlock and stick together!”

That is true. But, if you have ever used LEGO to build on a hard surface you know that, as you add more bricks to the building you are making, your construction can easily slip around. Unless you are building on a LEGO surface, you can’t always be sure the pieces you are adding won’t cause the structure to slip or tip. The foundation that you build upon makes all the difference to the stability of what you are building.


(more…)

Millennial Privacy – A Paradox?

Tuesday, January 26th, 2016

Each year, International Privacy Day reminds us how important it is to question where sensitive data resides, who has access to it, and how to best value and protect private information. As large enterprises hire the next generation of social media savvy employees, it is also a good time to question whether these millennials understand the value of data. Do they know what information should stay private vs. what can be shared?

Working with a generation that readily connects, collaborates and shares information online, companies are faced with educating employees on balancing the need to share with the need to protect. In an era of digital business, company brand and customer loyalty and retention depend on it.

blog privacy day

(more…)

Oh Canada! How a Trip to Ottawa Converted a Data Classification Skeptic into a TITUS Champion

Thursday, January 14th, 2016

The following blog has been re-posted with permission of the author. The original post can be found on Jeremy Wittkop’s LinkedIn blog.

This will be the rarest of posts. I am going to begin my post about why Data Classification is important to a content and context aware security program by telling you all of the reasons why I was originally skeptical of its value. I do so in hopes that people who share the same concerns I did will have an opportunity to experience the magic of the Titus approach vicariously through me. I am also going to do something that few people who are in my position are willing to do, while simultaneously do something no author should ever do. I am going to admit I was wrong and I am going to quote myself.

“I was wrong” – Me

blog_ottawa
(more…)

3 Steps to Prevent Information From Just Walking Out the Door

Wednesday, January 6th, 2016

We put a lot of resources into data loss prevention, information classification and cyber security projects in an effort to ensure our information is safe. We have developed sophisticated methods of detecting sensitive information and stopping it from being copied over the network, uploaded to the cloud, copied to USB sticks and even burned to DVDs. But there is still one (low tech) leak that seems unstoppable: paper. What is to prevent someone from printing out sensitive information and then taking it out the door or losing control of it in some other way?

blog confidential doc

At first glance it may seem there is nothing we can do, but there are steps that can be taken.
(more…)

What is “Suggested Classification”?

Wednesday, November 25th, 2015

Last week my colleague Libby Robinson wrote about the enhanced automated classification capabilities of the new TITUS Classification Suite 4.4. While TITUS can automate classification better than ever, Libby nonetheless concluded that: “it is best practice to deploy a combination of user-driven, system suggested and automated classification.” If you read the TITUS blog regularly, I’m sure you are familiar with user-driven classification and its importance to the organization. But what is “system suggested classification” and when would an organization use it?

With “system suggested classification,” the TITUS policy engine runs the same evaluation policies as are performed during the automated classification process (based on content, context, the user, the recipient, etc.). The key difference is that a user is prompted to confirm the automated classification results and is able to quickly adjust the classification if the automated process was deemed incorrect.

Robot-blog_image
(more…)

Secure Cloud Sharing with the New TITUS Classification for Mobile

Thursday, November 19th, 2015

While they offer incredible advantages, cloud sync and share services like Box and Dropbox also come with risks. As usual, one of the top risks isn’t from the technology itself, but the user. What guarantees do you have that your users are safely sharing information in the cloud? Unlike folders on the network, cloud folders are easily shared with users outside of your organization, and it is not always easy to tell which folder was created for sensitive content and which was not. As a result, users are more likely to make a mistake and overshare information.

While you can drill down to see with whom a folder is shared or examine the content of the folder to determine its sensitivity, this is time consuming and slows the speed of business. This inevitably means some users will fail to take those extra steps. It is also easy for a user to simply create a new folder on the run, forget the access details over time, and assume it is safe to use for another document at a later date. Folder names rarely convey the sensitivity or collaborative nature of the folder. So, when users share via the cloud do they know if the folder is shared externally? Can they easily tell if the folder is meant for public or internally facing documents? And, are your users always going to double check to make sure they know the answers before they upload a file? Unfortunately, when it comes to using a cloud service mobile app, ease of sharing information often takes priority over security. TITUS Classification for Mobile considers user experience, ease of use, and data protection all as equally important.

(more…)

Corporate Security and the 2-in-1 Device

Friday, November 13th, 2015

Microsoft seems to have fallen into a pattern where one release of Windows struggles in the market but then the next one succeeds, and back and forth. Windows 8 was one that struggled. Windows 8 came with a new class of Apps, and a new UI called Metro. Unfortunately, people didn’t like it much and they switched to desktop mode fast. True to form, Windows 10 seems to be much more successful. But before we completely dismiss Windows 8, it’s worth thinking about what Microsoft was trying to do with that release and why.

Like a lot of office workers I had a Windows laptop when Windows 8 came out, and I also had an iPad. I was experimenting with leaving the laptop at my desk and only taking the iPad with me when going to meetings or was otherwise away from my desk. After all, it seemed silly to carry two devices when I could present from the iPad, takes note on the iPad, and answer email on the iPad, right?

Corporate_Security_2in1_Device_blog_image
(more…)

When the Privileged Insider Goes Bad – 5 More Ways to Tackle Insider Threat

Wednesday, October 21st, 2015

Last week Stephane Charbonneau, TITUS CTO, laid out 5 steps to help tackle insider threats. These tips focused on user training, user involvement and fostering a culture of security in order to prevent accidental user leaks and to [hopefully] prevent users from crossing the line into malicious behaviors. But what if the user is committed to abusing their internal access privileges for their personal gain?

Undoubtedly there are departments or data within your organization where a zero trust model might need to be enforced because the risks posed by a rogue employee are too high. There are likely areas where users have access to data so important and valuable that they are motivated to steal, sell, or otherwise leak data. For those who have access to this data stronger measures need to be in place.

DLP
(more…)

Protect Your Intellectual Property: Forrester Playbook Overview

Thursday, August 6th, 2015

Wouldn’t it be great to say there is one product, from one vendor, that can protect all of your data? The reality, however, is that you need a security ecosystem and framework to protect your most valuable data assets. Forrester Research Inc. has developed a Data Security And Privacy Playbook which helps organizations build the framework they need to protect sensitive information. (more…)