Nov 092012

If DLP ever rears its head keep these questions handy because they will direct the vendor in the
correct direction. I break DLP into two areas:
a) Network (inside the firewall) DLP
b) Untethered user DLP. Here are the questions that need examination in order to
craft the correct solution. I hope they will help you with your own.

  1. Total Users? Easy one
  2. Do you have users using Drop Box? and do you care that users are placing corporate data on Drop Box?
  3. How many of your users are untethered from the network? (Laptops,etc)
  4. Do you want to encrypt outbound email?
  5. Do you want your dlp system to work in conjunction with your encryption?
  6. Is DLP a contract requirement? Or audit requirement?
  7. How many sites do you offer direct internet access to users?
  8. Or do you backhaul internet to corporate?
  9. What data are you concerned about leaking? Strategy docs, credit cards, contract docs
  10. Where is the data? 1 central data base at corporate or distributed at each site? File
    systems, web systems etc?
  11. Do you want spam filtering and firewalling to complement your DLP system?
  12. What is most important to secure? Data in Motion or Data at Rest?
  13. Do you want consolidated reporting?
Nov 092012
  • Balancing Security Costs with user needs for ease of use.
  • Overlapping functionality of security vendors.
  • Locking down USBs and securing sensitive data at the core of the network. If the
    data is secured at the core.
  • DLP Vendors that focus on Network DL P like CodeGreen and vendors that are
    good with End Point DLP Device Lock for example. We discussed securing data
    at the source and understanding data types so that you can secure it with a DLP
    system. It was not necessary to block all data types with DLP but to make
    management aware of data types that may or may not be a security threat or a breach of
    highly sensitive information but are worth knowing about nonetheless. RedZone’s
    Data Security Analysis tool helps with this.
  • VDI Apps that are BAD – We discussed some Tricks with Microsoft App-V
    , Citrix Xenapp/Desktop, Application
    streaming using Vmware thinapp to support streaming an application to a virtual
    desktop or to a physical desktop for that matter.
  • VDI Reasons Why to Move? Most everyone was looking to move in 2013 to a VDI or Hybrid VDI environment for three reasons: 1) convenience of employees moving around, 2) Remote work capability, 3)Increase the performance of applications.
  • VDI is not Cheaper. Everyone agreed VDI is not cheaper, but there are good benefits!
  • Citrix XenApp/Desktop vs Vmware View5. Familiarity and convenience were the
    primary factors governing decisions on platform.
  • Member Suggestions related to the following : Wireless Security and light weight
    NAC, approaches using: Still Secure and areohive and Sonicwall Integrated Clean
    Remote Site/Branch backup VPN
  • Access to Specialized help
Nov 152011

As I have been travelling and visiting various CIOs around the country I have been struck by the impact of mobile devices, primarily because 10 years ago I would have been laughed at by the CIOES group to suggest topics related to phones and smart computing devices. Right now I am seeing a thirst among CIOs to understand and navigate the vast confusion that mobility presents to an organization. The risks are too great to simply assign this to a tech to go research on their own. Mobility impacts corporate culture and is infiltrating from the top of the organization. A seemingly simple decision about allowing a tablet device like an iPad to access corporate resources triggers all sorts of questions.

I see fear as the underlying factor. The fear that corporate data will leak. The fear of buying products that do a little but not everything. The fear that the correct infrastructure platform needs to be chosen. Here are the choices that my CIOs are seeing: Android tablets and phones, ‘i’ products like iPhone and iPad, Symbian phones, Blackberry phones and playbook tablet, MAC laptops and Intel based laptops. Work at home PCs. Is the business giving you more people to chase down mobility security and manage non-Microsoft devices? What I have seen is that these waters can be navigated. Some of the following questions spawn the most vigorous and worthwhile debates that I have seen:

• What if you could stop caring about the end point and invest in DLP technologies to ensure your data and more importantly the correct data makes it to the endpoint?
• Are my remote users un-tethered or connected to persistent connections? What impact does this have on your decision making?
• What if you knew exactly who was entering your network?
• A strategy for Mobile Workspace Virtualization is needed. Untethered users are the bain of IT’s existence. How can you rein this in?
• What strategy for Mobile device backup is needed?
• What strategy for Firewalling outbound data is needed?
• How do you approach data at rest versus data that is moving? Enabling data at rest Data Loss Prevention is different than data in motion.
• Board packets can be accessed securely during meetings without needing to print out 5 inch thick board presentation packets.
• How can you turn iPads and tablet devices from consumption devices to devices that support creativity? What about being able to access Microsoft applications, and edit, share, and save documents on non-Microsoft operating systems?

Technologies that will be discussed in our upcoming educational session are:
SharePlus – to make SharePoint usable on tablets
Quick Office Pro to make Office docs usable on tablets
Code Green for DLP
Bluecoat Proxy SG – for DLP
MokaFive for Workspace Virtualization
VMWare Viewpoint – VDI
SonicWALL – Email Inspection and DLP Engine
ZIX – Email Encryption and DLP
Sonicwall NSA – SSL cracking