Gartner Inc (IT)

[Eagle1]

Sensitive Military Data “In the Wild”

Looks like they need ExoDetect from Exobox Technologies!

http://blog.lumension.com/?p=393

Sensitive Military Data “In the Wild”

Author: C. Edward Brice Date: Tuesday, January 27th
Categories: Data Protection | Featured PostsToday, another incident involving sensitive military data was made known when a New Zealander bought an MP3 player at a thrift store. On the MP3 player were names and personal details of US soldiers, such as social security numbers and files containing equipment locations and schedules.


This is another example of how even our military cannot keep pace with the ubiquity of mobile platforms and management of data as well as individuals who could potentially download sensitive information onto these devices without any security in place. Australia, UK, Germany, Spain, NATO, etc., this story is as scary as it gets for the military. I’m sure that the military has a written policy in place that states that users are not to download data to unapproved removable media. The challenge is the ability of today’s government and commercial organizations to enforce these policies.

This story serves as a wake call not only to world governments but to every business that views its confidential information as valuable and confidential. What can be done? Here are three ideas:

1. Wake up and accept that there are risks associated with mobile devices, but understand that you cannot stop everyone from using them, as your productivity per employee would go down. Instead, adopt and implement controls and policies to enable the use of these devices securely.

2. Make yourself aware of the solutions that are available - from device and data protection, to automatic data encryption and group device policy management. This technology enables you to mange by exception which is the only scalable way to address this risk in today’s IT environments.

3. Encrypt your data flows. You must encrypt your data flows on and off your endpoints, by group, or even by individual. Simple encryption alone can reduce your risk overnight.

4. Realize that technology alone cannot solve this problem. It’s about marrying data protection technology, people and processes (policies). The best option is to embark on education and awareness programs for your users to inform them of the critical nature of data storage and transfer. Make your employees aware of the risk but ways they can securely use this.

Would love to hear how you’re dealing with the mobile device challenge. Share your thoughts and ideas.
« Two Silver Bullets Against Malware in a Down EconomyNew Insider Threat Emerges »