|
By Mel Duvall
To some, Tom Bennett represents the face of Big Brother.
Utilizing his company's software and network monitoring systems, corporations can tell when Bob in accounting attempts to email financial documents to someone outside the company. They can also tell when Deborah in legal is hunting for a new job on Monster.com, or if Nick in purchasing is looking at pornography over the Internet.
They can even tell if Barbara in engineering has attempted to thwart the monitoring system by disconnecting from the corporate network so she can load the latest designs for a new product onto a USB storage device.
In fact, the monitoring systems offered by Raytheon Oakley Networks, where Bennett is the vice president of marketing, are so sophisticated, they can play back in a movie-like session an employee's exact key strokes as they crossed the line and violated company policy or broke the law. Forrester research analyst Thomas Raschke says this TiVo-like ability is one of the product's main competitive advantages.
"If you put a monitoring solution in place, you will find out more than you ever expected - or perhaps wanted to know," says Bennett candidly. "But, at the same time, the majority of the policy violations that take place in a company are either not intentional, or committed by employees without any malicious intent.
"We've always believed 99% of employees are good, trusting people … they just might have some habits they need to break."
A wide range of studies have pointed to the fact that insiders are often a company's weakest security link. A survey by The Ponemon Institute, a security research institute based in Tucson, Ariz., found that as much as 69% of data security breaches at companies are the result of negligent, incompetent, malicious, or non-malicious employee activities. In fact, the No. 1 cause of data security breaches was attributed to employee error (39%).
And the cost of those breaches cannot be dismissed. In a subsequent study released in November 2007, The Ponemon Institute estimated data security breaches cost companies an estimated $197 per compromised customer record. The average per-incident costs suffered by businesses in 2007 amounted to $6.3 million, compared to $4.8 million in 2006.
But before blaming and penalizing the employee, perhaps companies need to spend a little bit more time looking in the mirror, says Eric Ouellet, VP of secure business enablement for research firm Gartner. Use monitoring systems to first find out why policies are being broken, then fix the process.
"Maybe users are being forced to take information from one database and send it by email somewhere else because that's what they have to do to get the job done," he says. "The real value of a content monitoring system is that it identifies business processes that are broken or inefficient."
Subhed: What Oakley's Product Can Do
Oakley is one of close to a dozen contenders in what Forrester defines as the Information Leak Prevention market. Other leading vendors include Orchestria, PortAuthority Technologies, Proofpoint, Tablus, Verdasys, Vericept and Vontu. The information leak prevention market is thriving, Forrester analyst Raschke notes, and this has led to a string of acquisitions.
Oakley was purchased by defense contractor Raytheon last October and merged into its Intelligence and Information Systems division. RSA, the security division of storage vendor EMC, purchased Tablus of San Mateo, Calif., last August, and Symantec completed an acquisition of Vontu of San Francisco in December.
Oakley was founded in 2001 and developed its systems to meet the demanding needs of the U.S. government, most notably the Department of Defense. "We cut our teeth solving huge problems for the country's most sensitive networks," Bennett says.
In 2005, the Salt Lake City company began selling its software to private enterprises, working its way into the networks of some of the nation's largest companies. Oakley will not reveal any of its customers other than the Department of Defense, but it says 10 of the Fortune 100 are among its users, including three companies in the Fortune 10.
The company's products sit on both the desktop and laptop as well as on the network, giving it the ability to monitor activities and traffic throughout the enterprise. The software provides security administrators with a visual console of the types of information traveling across the network. Using policy configurations, they can see in icon format, for example, whether someone is looking at Monster.com, or shipping a large number of CAD files across the network. The software can also alert administrators to the possibility that someone may be looking at pornography. Bennett says the software can pick up on the flesh tones in a nude photograph, and flag the incident for further investigation.
"We don't monitor everything," Bennett notes. "We only monitor what we're told to monitor."
While the software may prevent the loss of critical information or catch malicious users, the primary benefit for companies says Bennett is that it can find problems that need to be fixed and in turn, help employees stay out of trouble. As an example, Bennett demonstrated how the software can detect if an employee is attempting to email a financial document or download it onto a USB storage device. The software automatically creates a pop-up window on the user's screen notifying them that they are trying to attempt something that is against company policy. The software then asks for an explanation.
Bennett says in the vast majority of cases, companies do not want to fire or discipline an employee for violating policy. But they do want to prevent policies from being violated and have the ability to see why policies are being broken.
"For a CIO or CSO, context is everything," he says. "You can't just have a solution that spits out a bunch of log reports. You need to understand the context of why an employee was doing something against policy."
|
in CIO Conversations (Sponsored by IBM) by davidfcarr, 04-12-08 10:46
