How hot is the data leakage prevention market? Well, if the big boys like Cisco, Symantec, McAfee and Trend Micro are snapping up DLP start-ups to the tune of $1.6 billion in 2007, there must be a reason.
And the reason is that data leak prevention products plug a gaping hole in most company’s security systems. The problem is that most security products are outwardly focused. They try to block external attacks. That’s all well and good, but it doesn’t address an entire spectrum of security vulnerabilities that occur when data moves from inside the network out.

Firewalls and intrusion-prevention systems (IPS) are the basic building blocks in a sound security policy, but they don’t do you any good if a laptop is stolen out of a hotel room. They don’t help if insiders are transmitting confidential information via e-mail. They don’t come into play if somebody uses Web. 2.0 technology, like a blog or a mashup, and inadvertently spills company secrets on the Internet. And they don’t address intentional data theft by disgruntled or inept employees.

Data leakage prevention products – also known as anti-data leakage or data-loss prevention – inspect content as it moves across the network and enforces policies so that confidential information doesn’t escape the walls of the enterprise.

Much of the focus is on e-mail because e-mail is considered the biggest conduit for data leakage. In fact, a recent survey by Proofpoint found that 20% of outbound e-mails contain content that poses some type of legal, financial or regulatory exposure

DLP products also address data-in-motion (for example, data being FTP’d or IM’d), data at rest, and data being moved to portable media devices. (Compare data leak prevention products.)
These days, the No. 1 fear, when it comes to security, is not having a hacker deface your Web site, or take down your servers with a distributed denial-of-service attack. It’s not getting hit with a virus or a worm. It’s ending up on the 11 o’clock news because of a data breach that you had to report publicly.

If that’s what’s keeping you up at night, then you need to seriously consider a data leakage prevention product.

The events of the hurricane season of 2005 have once again made disaster preparedness a topic of much discussion. Along with insurance, facilities, and human resources issues, business leaders are discussing information systems. How quickly could information systems be fully restored in the event of disaster? How much data might be lost? What would be the costs, direct and indirect? How would the business cope with the effects of downtime and data loss?

My Data is safe and backed up, right? So why worry?

Most managers now know the basics of preparedness: vital data should be processed on reliable computers in a safe, clean environment. A full copy of data should be backed up to tape or other media on a regular basis, and incremental or differential backups should be done daily (or more often if needed). A recent full backup should be kept off site in a secure place. Older media should be replaced. Any error messages that occur during backup should be resolved. Data restore should be tested quarterly.

Despite increased awareness and training, companies still suffer data loss. In a recently concluded survey of IT executives, 75% of respondents indicated that their companies suffered unrecoverable loss of corporate data – data that they thought had been successfully backed up to tape – due to unreadable, lost or stolen media.

Even if data backup procedures are followed, restoration of information systems after disaster can be a long and costly process. Data cannot be restored until damaged facilities, servers, network infrastructure and connections have been replaced. Clearly a more expedient solution is needed to assure business continuity.

Redundancy: a better solution

Large corporations have addressed the need for business continuity by building redundant platforms, maintaining their applications and data on identical computer systems in different locations. This redundancy provides continuity with minimal interruption and data loss if one data center is damaged or destroyed. The cost and complexity of this approach, however, are considerable.

New technologies make redundancy affordable

A better alternative is now available. Leapfrog has designed a business continuity platform for small to mid size organizations. Using a combination of effective new technologies and best practices, this platform provides the versatility and reliability of redundant data centers without the high cost. It enables businesses to recover quickly if servers are damaged. Information Systems operations can resume in alternate locations if primary facilities are destroyed. Low implementation costs and monthly fees make this solution a good fit for small to mid-size businesses and professional firms that cannot risk prolonged interruption of information systems or data loss. For details, see the Business Continuity Services page of our web site.

Leapfrog provides other facets of disaster preparedness, too:

Tape backup monitoring, management and error resolution

Online backup of critical data to a remote data center

SecureMail Plus for email retention, archiving, redundancy and continuity

CTO-On-Demand for assistance with strategic planning, implementaion and oversight

Are you at risk?

How do you know if you need business continuity platform services? It simply comes down to this: If downtime or data loss would cost you revenue, clients, or competitive advantage, then you should consider this solution seriously. The need for disaster preparedness applies to businesses of all sizes, even those far removed from natural disasters and terrorism. For information and statistics, see the business continuity services page of our website.

If you feel that your business is at risk, contact Leapfrog Services at 404.870.2122 or at www.ribbit.net. We can help you assess your level of risk and present findings and recommendations. In addition to disaster preparedness, we can discuss options for managing your computer network, email, and technical support for your staff. Sleep better starting tonight – call Leapfrog.

This article originally appeared in the December, 2005 issue of FrogTalk.

Cookies are messages that a Web server transmits to a Web browser so that the Web server can keep track of the user’s activity on a specific Web site. The message that the Web server conveys to the browser is in the form of an HTTP header that consists of a text-only string. The text is entered into the memory of the browser. The browser in turn stores the cookie information on the hard drive so when the browser is closed and reopened at a later date the cookie information is still available.
Web sites use cookies for several different reasons:

To collect demographic information about who is visiting the Web site. Sites often use this information to track how often visitors come to the site and how long they remain on the site.

To personalize the user’s experience on the Web site. Cookies can help store personal information about you so that when you return to the site you have a more personalized experience. If you have ever returned to a site and have seen your name mysteriously appear on the screen, it is because on a previous visit you gave your name to the site and it was stored in a cookie so that when you returned you would be greeted with a personal message. A good example of this is the way some online shopping sites will make recommendations to you based on previous purchases. The server keeps track of what you purchase and what items you search for and stores that information in cookies.

To monitor advertisements. Web sites will often use cookies to keep track of what ads it lets you see and how often you see ads.

Cookies do not act maliciously on computer systems. They are merely text files that can be deleted at any time – they are not plug ins nor are they programs. Cookies cannot be used to spread viruses and they cannot access your hard drive. This does not mean that cookies are not relevant to a user’s privacy and anonymity on the Internet. Cookies cannot read your hard drive to find out information about you; however, any personal information that you give to a Web site, including credit card information, will most likely be stored in a cookie unless you have turned off the cookie feature in your browser. In only this way are cookies a threat to privacy. The cookie will only contain information that you freely provide to a Web site.
Cookies have six parameters that can be passed to them:

The name of the cookie.

The value of the cookie.

The expiration date of the cookie – this determines how long the cookie will remain active in your browser.

The path the cookie is valid for – this sets the URL path the cookie us valid in. Web pages outside of that path cannot use the cookie.

The domain the cookie is valid for – this takes the path parameter one step further. This makes the cookie accessible to pages on any of the servers when a site uses multiple servers in a domain.

The need for a secure connection – this indicates that the cookie can only be used under a secure server condition, such as a site using SSL.

Both Netscape and Microsoft Internet Explorer (IE) can be set to reject cookies if the user prefers to use the Internet without enabling cookies to be stored. In Netscape, follow the Edit/Preferences/Advanced menu and in IE, follow the Tools/Internet Options/Security menu to set cookie preferences.