‘Discovering’ Critical Data Stored On The Endpoint

<a href='/blog?tag=Compliance'>Compliance</a> <a href='/blog?tag=Internal Threats'>Internal Threats</a> <a href='/blog?tag=Information Governance'>Information Governance</a>
‘Discovering’ Critical Data Stored On The Endpoint

Ever wondered exactly how much data you have stored on your laptop?  It doesn’t take long to amass a gazillion files, some are ones you have authored, some have been sent by email, some are from the Intranet, some are from file shares, some are from the cloud, some are… well, they can (and do) come from everywhere.

You may also have multiple versions of the same file; from work in progress through to the final version… and you never deleted the old versions.  In fact, this is the problem. These days, no-one likes to throw anything away “just in case”.  Whether it’s a personal laptop or a company laptop, there will be a mass of data stored on your machine, much of which may contain sensitive information that needs to be appropriately protected in order to comply with regulatory compliance standards.

Files contain information, and many (or most) of the files you work on from your company will be considered company assets. Some files will be public, some will be private, some will be confidential, some will be for customers and some for business partners or suppliers.  The reality is, certain types of information poses a risk should it fall into the wrong hands. Even ‘old’ information has a value and if nothing else, could cause embarrassment, reputational damage or worse if it was exposed unauthorized. The solution is to understand what data you have stored, where it is stored and then put a plan in place to deal with it.

Clearswift’s Endpoint Data Loss Prevention (DLP) solution leverages the same Deep Content Inspection Engine (DCI) which is used in its core SECURE Gateway products. The DCI can be used to scan saved files (referred to as data at rest (DAR)) on various endpoints, to identify potential data breach risks or non-compliance with company policy.  For example, there may be spreadsheets containing PCI or PII data, or documents containing confidential company Intellectual Property that needs to be stored in a specific location or secured in a certain way.  Once critical information is ‘discovered’, there are options as to what can be done next.

In the first instance, organizations tend to run the data at rest scan to understand what is often referred to as an ‘unstructured data’ issue that exists within the organization.  It is possible to use all the usual tokens, such as Credit Card, Passport and Social Security Numbers and expressions, such as regular expressions, user-defined expressions and Boolean operations which are used in the Clearswift Gateway products, enabling identification and classification of multiple different types of files in one pass.

The most common action that is applied once critical information is discovered, is to set the system to move files containing critical information to a more secure location. For example, to a file server share with restricted access, leaving behind a ‘breadcrumb’ (a file with the same name) behind to inform the user of the action taken and where the file has been moved to. The policy can be very granular so as not to move files which are currently being worked on – which would effectively be a hindrance to business operation.

Searching for unstructured data doesn’t just apply to local drives on laptops. It can also be carried out on network and cloud file shares. For an organization to really get to grips with an unstructured data risk, it needs to leave no stone unturned in its quest to discover critical data at rest.

Due to the nature of critical information, there is some which is ‘standard’ over time, such as a credit card number, while other items, for example, project code names, evolve. Unlike backup, where once the file has been backed up, it need not be backed up again, DAR scanning can happen to the same files over and over again, as different things might be looked for.  Optimizations in the solution ensure that DAR scanning can be effectively done in the background so as not to impact the users’ productivity, and even when the laptop is disconnected from the network, the results are fed back the next time the device connects.

The Clearswift DAR scan functionality is fully integrated with its data-in-use (DIU) DLP functionality, ensuring that search criteria can be common, whether the data is stored on the disk or in use, for example, being copied to removable media. The integrated solution creates consistency, which is one of the key criteria when looking for an effective DLP solution.

The critical information on your computer, even if it is several years old, can create a business risk.  By undertaking regularly DAR scanning and moving it to a more secure location, the risk is minimized, keeping the business and the user safe.

By Dr. Guy Bunker


*** This is a Security Bloggers Network syndicated blog from Clearswift Blog authored by Bianca.du.Plessis. Read the original post at: