Verizon Business report targets partners as a major source of data loss
By Simon Thorpe on Jul 08, 2008
A fairly controversial report from Verizon Business released last month looks into the data of over 500 security breach and data compromise engagements between 2004 and 2007. The 2008 Data Breach Investigations Report goes into detail about the source, size and cause of the data breaches. The following statement from the report summarizes the problem nicely...
Information is everywhere. It should come as no surprise then that data breaches are without question a worldwide phenomenon. The Verizon Business Investigative Response team handled a marked increase in the number of forensic engagements outside North America during the time frame of this study. Though related to caseload, this fact is surely reflective of a broader trend. As the world becomes more interconnected through information technologies, as enterprises aggressively seek global partnerships, and as the laws governing the handling and disclosure of such incidents mature, it is likely that this trend will continue.
|The report looks at the different sources of where breaches occurred, finding that external attacks are the most likely to be the source (73%), with partners (39%) and then internal users (18%). In sales situations I am often listening to customers who are intent on building barriers internally to protect sensitive information being shared across business departments. Whilst this requirement is valid in many cases, I believe that IRM is most useful when protecting your sensitive information from illegitimate access from outside your organization, this is reinforced by the numbers in this report. However, protecting information from internal groups is still a very valid use case.|
|Looking at their data for internal breaches shows it is obvious here that the technology which protects your data needs to be managed by IT but without giving them the access to the data itself. Oracle IRM does this perfectly with its distributed rights model. For example the VP of corporate development managing the company’s mergers and acquisitions should be in charge of deciding who has access to sensitive documents regarding M&A activity. Assistants are armed with the tools to act on those decisions without the IT department having visibility of the secret documents and classifications existing. IT does however continue to manage the IRM server, ensuring its availability and monitoring performance. True separation of duties.|
The second large group in the report is employees. IRM again here excels in avoiding such incidents. Firstly the non-malicious incident where an employee accidentally forwards sensitive documents via email or loses data on a laptop or USB device. If these documents and emails are protected using IRM then no matter where they end up, only those with rights are able to open and access the data.
Secondly, and harder to control, are the employees who intend to cause the breach in the first place. IRM helps in several areas.
- Rights controlling the access to content functionality ensures information cannot be copied, printed, screen grabbed or otherwise replicated outside the protected IRM environment. Limiting the options an employee has to redistributing the data.
- Simply by opening the content an audit record is generated detailing when, where, how the content was accessed. Making it harder for an employee to claim, "I didn't look at those records, it wasn't me!"
- Finally if an employee is planning to mass copy sensitive information before they leave the organization they will find once out the door, they have just a pile of encrypted documents to look at.
One area the report highlights that is very intriguing is that the risk of a data breach is most likely to come from a partner. They state a “back of the napkin” calculation of risk (likelihood x impact) finds that partners represent the greatest risk for data compromise. The following shows how this source breaks down.
You have no control over your partner’s networks or security, so it comes as no surprise that this is a major area of concern. The methods used for sharing information with your partners often lack the same security applied to other areas of the business. Because surely your partners are trusted, no? You have all sorts of NDA's and contracts in place...
One big reason customers have been purchasing Oracle IRM is to maintain much greater control over their valuable information once it is shared outside of their controlled enterprise perimeters. Changing partners? No problem, revoke access to the thousands of emails and documents with your companies intellectual property and grant it to the shiny new partner.
The report also breaks down the method and pathway used for the data breach. Although IRM doesn't protect your file servers or website from attack, it is useful to note that no matter what method is used to gain access to your systems, if the content is protected using IRM it is safe. This brings up an interesting point of the ROI for IRM. It is possible to deploy one solution to protect against the loss of sensitive documents and emails from all of the mentioned methods of attack/loss.
One Oracle IRM customer had the requirement to provide access to sensitive documents for their field sales and support staff. They used a web site to host the content and placed it on an internal network only accessible via a VPN. Staff complained the VPN often didn't work from hotels and remote customer locations, preventing them from accessing important information right when they needed it the most. After purchasing Oracle IRM they made the decision to remove the VPN and host the content on a publically facing internet site with the confidence that IRM was protecting their valuable information. Whilst I am not advocating IRM should always replacement other security technologies, it can often provide a secure and alternative method. I would always recommend, where possible, IRM is used to compliment existing security practices and infrastructures.
Finally the conclusions of the report highlight more areas where IRM can be applied. It states that you should Align process with policy. In 59 percent of data breaches, the organization had security policies and procedures established for the system but these were not enacted through actual processes.
Many times I hear customers say they have spent valuable time working on their corporate protection policies and once complete realize they actually need technology to implement them. Oracle IRM makes this alignment and enforcement simple. The easy to use classification model in IRM allows for easy representation of any policies and the ability to pre-seal Microsoft Office document templates means that end users can easily create new secure documents without knowledge of the classification.
You should also Achieve “essential” then worry about “excellent”. Eighty-three percent of breaches were caused by attacks not considered to be highly difficult. Eighty-five percent were opportunistic. These statistics are important because they remind us that criminals prefer to exploit weaknesses rather than strengths.
One conversation I used to have a lot when deploying Oracle IRM, is to consider just one big classification for the entire organization, "All Company Sensitive Data" for example, to which everyone in the company has the ability to seal and access content. This provides a catch all mechanism which ensures that if anything, your sensitive content is at least protected against a "simple breach" such as wrongly emailing a document to someone or losing a USB flash drive.
Secure business partner connections. Partners, whether intentionally or unintentionally, contributed to 39 percent of data breaches in the study. A large proportion of these would likely have been avoided through the implementation of basic partner-facing security measures.
Simple... use IRM to secure all your sensitive documents and emails when sharing them outside the organization with partners.
With reports like these, information rights management will start to play a bigger role in helping organizations protect their most valuable content. Technologies like Oracle IRM will not only provide the security to do this but also ensure usability is maintained for the end user whilst allowing the entire system to be manageable and scalable across the entire enterprise.