In a previous post I had discussed how security professionals can benefit from WikiLeaks. Today we we will take a look at how the security industry can benefit from WikiLeaks. Physical security procedures can help prevent sensitive data from leaving a secure facility; however, tracking and auditing your data is equally important. The category of software that can help us out in this case is called Data Loss Prevention (DLP). Most of these solutions involve a discovery component that finds all of your files on servers and workstations/laptops. This is useful provided you know what you have and who should have it. For example, the spreadsheet with employee salaries should probably be in payroll and HR only. If someone in engineering has the complete list, that is probably a bad thing. Government organizations can benefit from this more easily since workers are given security clearances and checking the document contents for a security classification, then matching it against a worker profile can be a quick way of checking for leaks. This does not prevent personnel with access to the data from misusing it. Some DLP products work by monitoring files traveling across the network for content that has been flagged by an administrator. Copying files to removable media or printing can also be flagged for an alert.
Enterprise Rights Management (ERM) software is similar to the Digital Rights Management (DRM) copy protection that was found on MP3 music in the early days of the iTunes store, and what you find on eBooks from Amazon and other retailers. ERM can be applied to Microsoft Office documents and email. It works by encrypting the documents and only decrypting them if an authorized user or computer accesses them. If someone were to steal an ERM protected document it simply would not open on an unauthorized computer. It is also possible to restrict documents by department within a company, but that involves fully understanding the complexities of who should have access to what. ERM can also prevent printing, copy & paste, and print screen if needed. Several reference customers I have talked to simply setup their ERM to prevent opening their files on computers not owned by the company. Employees could carry documents on USB drives, but could only access them from company computers. ERM and DLP might have prevented WikiLeaks from happening. Oracle has a nice video of an ERM product they acquired.
Most of the companies in the DLP and ERM space are privately held and the larger ones have been absorbed by other companies in the security space. Oracle & Microsoft are also companies that make many software products other than just their ERM offerings. Intel acquired McAfee who also had an ERM product. Most of the examples below are from Gartner’s Magic Quadrant research on the DLP space and have and upward trend in the 50 and 100 SMA. Will DLP and ERM become an important market in 2011 and will these companies be able to take advantage of increased data loss awareness caused by WikiLeaks? Traders may want to keep an eye on these companies if DLP or ERM take off. Well diversified companies such as EMC or Oracle may see some additional revenue from their acquisitions of other companies.
SYMC – Symantec
WBSN – Websense
ORCL – Oracle
INTC – Intel