Firm touts easier, more secure access to IP data

By Shamus McGillicuddy, News Writer 31 Oct 2007 | SearchCIO.com

IT news and analysis for CIOs Digg This!     StumbleUpon     Del.icio.us

Experts say mapping out a company's intellectual property and the relationships between the people who are sanctioned to access it is a long and laborious process -- and not necessarily foolproof.

More on intellectual propery CIOs overconfident about protecting intellectual property CIOs take heat for security snafus

Tom Bowers, who once worked in information security at a large pharmaceutical company, said he has sat through many meetings, trying to understand what information the company needed to protect and who should be allowed to access it.

"I've physically been on site in Sicily and Singapore, trying to figure out what their IP [intellectual property]and data streams look like," said Bowers, who's now managing director of the consultancy Security Constructs LLC. "They don't know where the intellectual property is. You've got these big global enterprises that don't have a clue. They've got an idea generally. 'We know in R&D we've got IP, but we don't know what kind. ... We know that's where the information is being created and stored, but we don't know the type and the size of it.'"

Faizel Lakhani, vice president of marketing at Reconnex Inc., a Mountain View, Calif., vendor of data loss prevention technology, said data is often unstructured and passes freely in electronic communication until IT is able to control it with data loss prevention technologies. But since most data loss prevention technologies rely on IT to set the policies and controls for access and transmission of sensitive data, that lack of knowledge can be a problem.

Reconnex's latest product should help overcome this knowledge gap. Version 7.0 of the Reconnex iGuard DLP appliance includes a new content analytics engine that sniffs data as it moves through an enterprise's systems. It determines what information is sensitive and watches how that information is generated and shared within the company, then develops policies for who should be allowed to access it.

Lakhani said the appliance needs to know only some very basic information and then it can crawl a company's systems to discover sensitive information and understand who is accessing and communicating with it.

You've got these big global enterprises that don't have a clue. Tom Bowers managing director, Security Constructs LLC

"This is the first product I've seen as an information security professional that can actually do data mining," Bowers said. "It's not quite the Holy Grail, but it's getting pretty close."

Eric Ouellet, research vice president at Stamford, Conn., consultancy Gartner Inc., said, "It will take a look at data sent over the wire and it can analyze that over real time. It's not a self-starting system. You have the ability to fine-tune the rule set so that it can find stuff that might not be apparent just from a rule definition."

Ouellet said many data loss prevention systems rely on rules for identifying easily recognized forms of data, such as Social Security and credit card numbers.

"These are only two rules," Ouellet said. "There are a whole lot of things you would miss. [Reconnex has] got this very, very large archive, this forensics-based database with all this information. They're mining that so you can find this information and identify this information more easily."

Bowers said this type of tool changes the way information security interacts with business stakeholders. In meetings, information security professionals will no longer ask the business to describe intellectual property. Now information security can tell business users what the technology has detected as intellectual property and identify who is accessing and using that information.

"You're still doing content monitoring, but you can provide a business benefit back to the business by telling them what kind of content, intellectual property and private information is in the system and say to them, 'Here's what's going out and do we need to change business processes [to protect this information].'"

Version 7.0 of Reconnex iGuard DLP is now available. The starting price is $35,000.

Tags: Tools and Technologies: Keep risks at bay,  Enterprise data security and privacy,  Enterprise information security management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Tools and Technologies: Keep risks at bay Web services gateway solution offers security, compliance benefits Managed security services stop spam, deliver ROI Enterprise data security and privacy GPS devices, geolocation data create privacy, security risks Health care security, HIPAA compliance on deck for CIOs in Obama era Network access control: Security advice for enterprise CIOs Data protection in the cloud: What's good enough? Healthcare IT standards still not clear Avoiding gotchas of security tools and global data privacy laws CIO turns to identity and access management to solve business problem Data protection quiz for enterprise CIOs Seven tips to improving enterprise data protection Employee layoffs pose security risk if systems access not disabled Enterprise information security management Information security and risk management guides for CIOs Talking swine flu and Conficker with the CIO of the CDC Network access control: Security advice for enterprise CIOs Evaluating network access control: NAC policy enforcement matters Enterprise risk management quiz for CIOs Network access control now addresses multiple needs Enterprise risk management solutions for CIOs Gartner: Future IT security jobs to focus on risk management strategy Avoiding gotchas of security tools and global data privacy laws Security standards to help manage compliance for those federal funds

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary