Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 17 January 2017 11:54

Employees can steal company IP

By

Tell me something new – a person leaves the company with its customer list, intellectual property, designs, and more, walking out with a USB drive or simply emailing it. The fastest way to take down the competition is to work for them, or a close supplier.

Today’s Sydney Morning Herald tells the story of online fashion business Showpo suing a former employee now working for the competition Black Swallow, for the alleged theft of its 360,000-strong email direct marketing (EDM) list.

MailChimp manages the EDM and has provided activity history that allegedly shows the former employee’s password was used to access the EDM that was then exported to her home IP address.

Regardless of the event and the potentially expensive and lengthy legal outcome, the damage has been done. It is timely to remind readers that data loss protection (DLP) or alternatively a secure file management platform approach are becoming a mandatory part of business security – using another acronym it is DRM (Digital Rights Management).

It boils down to risk. If the risk of a competitor gaining your EDM would seriously affect your business, you need a DRM solution. If a competitor gets hold of your IP or sales/pricing documents – ditto.

There is the age-old problem – if you lock things down too tightly it affects productivity, if you use passwords for sensitive data or folders all it takes is one password leak and that is useless. What is worse is that passwords are often not changed quickly, if at all, when an employee leaves with the keys to the castle.

Two products come to mind – BlackBerry’s Workspaces (formerly WatchDox) and Symantec’s DLP (Data Loss Prevention). Both rely on establishing what constitutes sensitive data and policies for its access, distribution, and use. Both realise that mobile BYOD devices are now repositories of much sensitive corporate data. Both use different approaches.

Workspace is the rework of WatchDox that Blackberry acquired in mid-2015 and its part of BlackBerry’s metamorphosis from a secure smartphone company to a secure software company.

Moti Rafalin, WatchDox chief executive, said back in 2011, “WikiLeaks, as well as numerous smaller document leakage incidents, have raised awareness for the need to better secure documents as they are shared inside and outside of the organisation. Legacy enterprise digital rights management and data loss prevention products are failing to address the problem, and enterprises are realising documents need to be seamlessly protected and controlled wherever they go.”

Workspaces builds on the WatchDox raison d'être ‎(or should that be reasonable deterrent) to securely share documents among employees and other authorised individuals. When those files leave the corporate circle of trust — for example, to be sent to someone outside the organisation — the security goes with them.

Rebecca Bradburne, head of Asia Pacific & Japan, BlackBerry Workspaces, said, “Showpo’s security breach is not an isolated incident. Companies need to start recognising the danger that comes from within. We see that businesses have put systems in place to protect data inside an organisation, but as soon as data leaves the four walls they are powerless to stop a breach. This makes them a sitting duck to attacks."

“Now is the time for businesses to get smarter about the technology they use and the policies they have in place. BlackBerry Workspaces gives organisations the ability to maintain control over all corporate information in all circumstances. Workspaces allows companies to revoke access to data at any point, protecting information when it leaves the organisation. By implementing these type of technologies, Showpo could have avoided a breach and the implications it will have on the organisation’s reputation," she added.

Security is more than just IT and passwords – it needs to be viewed holistically by businesses. Without both a robust security policy and the right technology in place, these kind of high-profile breaches will become more and more common.

Symantec has been in DLP for a little longer (since 2006) and is a leader in Gartner’s Magic Quadrant.

According to Gartner, “Data loss prevention is currently experiencing a renaissance through a ‘second wave’ of adoption. What’s driving this need for data loss prevention? It is all about the data as organizations of all sizes and in all industries experience breaches. While DLP is not designed to be a silver bullet, it provides a key layer of data visibility needed to detect and respond to security incidents. And unlike other security controls, it can recognize the difference between a well-meaning insider and a malicious insider. This is why DLP is now considered a foundational technology that should be in every security leader’s toolbox.”

Symantec’s mantra is “data-aware defence” and wrapping tools around different data types and environments including the cloud for email, apps, and storage. It uses an extensive “discovery” process for file type detection (330 automatically recognised), content matching e.g. identifying things like credit card numbers, exact data matching and blocking, indexed document matching including a full file fingerprint (useful for unstructured data like documents, spreadsheets etc.) and machine learning.

Once done it monitors all use and builds a profile of policies that protect data in motion consistently across the whole environment including on-premise, cloud, and mobile. Its DLP covers application control, device control, automatic data classification, storage control and backup, sovereignty of data, ID management, malware/ransomware encryption protection, malware data exfiltration, and more.

Speaking with both BlackBerry and Symantec it appears that renewed interest in DLP is from small business like Showpo to enterprise level – all must put a value on the data they have, protect it and comply with new breach legislation and things like PCI-DSS.

Bradburne sums up for Workspaces: "Because it is cloud based — pay as you go — it is instantly available from one seat to thousands. It is part of BlackBerry's culture to inject a security first culture into every organisation, regardless of size."

Symantec sums up for its DLP, "Now we have a cloud offering our products are suitable from small business to enterprise - both on and off-premise."


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments