12 November 2009

Securing information within an organisation

Submitted by: CubicICE
{pp}Following the global trend of data protection, South Africa is slowly realising the need for and benefits of information leak protection (ILP). According to Paul Meintjies, Product Manager – Security Products, Blue Turtle Technologies, there has been a shift from mere network protection to ILP.

“Previously, the focus was very much on protecting your organisation’s network from threats from the outside, like hackers, getting into the system. Now with ILP or data leak protection, the emphasis has shifted to include preventing data and information from leaking out of the organisation. This is especially relevant to large organisations, such as government and its departments, that deal with a lot of sensitive information.”

Locally this shift can be attributed to the Payment Card Industry Data Security Standard (PCI DSS), an international standard adhered to by credit card companies to ensure the safety of customer information and eliminate credit card fraud. “We’ve also seen interest in ILP over the past six months from organisations, initially promoted by the PCI DSS, but quickly realising other applications. ILP encompasses the complete protection of both an organisation’s intellectual property, as well as customer data throughout the life cycle of that information.

While ILP is most popular in the retail and banking environment, it is finding popularity in government and industries such as pharmaceutical applications where the use of intellectual property is a fundamental part of business.” ILP is crucial to business as any information leak can damage the organisation’s reputation and image, result in legal issues and penalties, as well as loss of competitive advantage.

Locally, Meintjies notes that the new Protection of Personal Information (POPI) Bill currently under consideration is also driving companies to adopt these solutions. “While there is more interest in the market place, it is a lengthy process as implementation involves more than just installing software and hardware. “To begin the process, the entire organisation needs to be audited to identify all the important information and then classify it accordingly. The information needs to be found and assessed in terms of who is looking at it and who may have access to it.

“Installing the hardware and software is relatively easy. The challenge is setting up the system or actual business process behind the solution and educating the client. This can typically be part of the software, such as warning messages alerting the user that the document they are working on shouldn’t be sent unencrypted. But mostly the education element involves helping staff understand what not to do.” Meintjies says that the majority of data leaks are not malicious or intentional but more so come about as a result of social engineering. “This is not a technical issue. It involves humans who try to be accommodating and helpful, and end up sending documents or revealing information that they shouldn’t.”

From a technical point of view software can be used to combat information loss from both outside the network, on the gateway, and within the network itself. Positioned on the gateway, a solution monitors any information or data going into and coming out of the organisation, while a solution based inside the network works to find critical documents, identify users and set user levels, such as ability to print, read or email.

Blue Turtle Technologies provides solutions for the entire process from auditing of information to installation of software and building systems within the business processes, as well as staff training. “Once the need for an ILP solution has been recognised, it is important to get started as soon as possible, not only from a compliance point of view, but because for large organisations especially it is a large task that requires building the processes, budgeting for it and obtaining buy-in from the entire organisation,” concludes Meintjies.

About Blue Turtle Technologies
Blue Turtle Technologies provides and supports best-in-class software solutions that optimise, enhance and leverage existing IT investment and assist in the cost-effective delivery of new technology. The company offers an extensive product range, sourced through its strategic partnerships with leading local and international software providers, augmented by best-practice implementation services.

Contact information:
Blue Turtle Technologies
Enquiries: Martyn Healy
Tel: 011 206 5600
Fax: 011 206 5606
www.blueturtle.co.za