Nick's Blog

Personal opinions. Aggressively stated.

Tying the Business Problem of Data Leakage to IT Processes – recovering from the deer-in-the-headlights moment

Over the past several weeks, as I have been speaking at several conferences (The Security StandardCSO InterchangeInstitute for Applied Network Security and others), I’ve gotten lots of mileage out of the talks I’ve given saying that ADL can reduce noise by filtering out the stupid. In the process, I’ve managed to media-whore quite a bit, getting the concept of ADL as stupid-stopper picked up by lots of mainstream and trade media.

I’ve been kind of surprised, though, to find a kind of general end user acceptance of the idea that sticking an anti-data-leakage box in one’s network is a ’solution’. For so many, it’s not just not a solution, it actually can make things worse. It can readily highlight that not only can’t you control where your corporate data goes, but the facts that (unless you’re in the military and really good),

  • You don’t know what your corporate data is;
  • You don’t know where it comes from;
  • You don’t know where it is now;
  • You don’t know where it’s going; and
  • You don’t know where it’s been…

And I’m just getting into speaking about that truly important, deer-in-the-headlights moment just after that first demo of an ADL product. That’s when you realize just how widespread is the problem of data leakage and loss in your business that some sober person (or your lawyer) ultimately says, “Shut it down! Shut it down, now!”

It’s like, “Yeah, wow. Lookie there. Boy that’s just awful. Now what?” A friend of mine at a services provider that was trialling ADL boxes and software about a year ago said the same thing – lots of “Golly!”, not a lot of follow-through or deployments.

There are three upcoming speaking gigs at which I will delve into just this dynamic. I’m touching on it (and the rapid consolidation in the ADL space, of course) at the second annual 451 Group Client Conferencein Boston next week, where I’ll also be talking about enterprise IT security between now and 2011.

In early December, Aaron Turner and I will be at the San Francisco Marriott to repeat the day of presentations we recently did in Chicago – part of the Pacific Information Security Forum.

The next day, I’ll be speaking solo at the SANS WhatWorks in Stopping Data Leakage and Insider Threat 2007 summit in Orlando, FL.

The presentation there is, in a nutshell:

  • Most ADL boxes tell you more than you want to know;
  • An ADL box without a cogent plan to manage the findings is begging your lawyers to tell you to stop;
  • Strategies to get IT and business leaders speaking about ways to frame the problem;
  • Rolling out: starting with the lowest of the low-hanging fruit, then working up from there;
  • Justifying ADL in the IT budget; and
  • Building the IT processes to cope with the business problem of leaked or stolen data

I’d love to hear from more end users of ADL products about how they went about accomplishing these things, or how they’re doing it now.

Leave a Reply