Corporate Espionage via iPod, Keeping it Confidential

It always amazes me how clueless the average corporate management is about the safety of their proprietary data. Little do they know that anyone with an iPod, a smart phone, or even a thumb drive can walk out the door with all of the corporate and sensitive personnel files Security policies built into Windows Server OS fall far short of what is really needed in today’s environment of tiny high capacity data devices. One iPod plugged into a user's workstation can suck in almost 40 gigs of any type of files, and go completely unnoticed and undetected, in someone’s pocket, and right out the front door. It’s rather unnerving as a network administrator. As more devices hook to a PC, and more people have laptops, it’s very difficult to manage and maintain control of data and documents.There are however, some software and hardware solutions that go beyond the limited Windows security.. One that comes to mind is Prolaw software, which is used in some mid-sized to large law offices. If any company needs to keep things confidential, it’s a law firm. In simplistic terms, Prolaw allows an office to categorize and store documents of various formats in one place. It provides a neat and orderly user-defined filing system. It also provides an audit trail of who opened which documents and when. Importantly, it “locks” a document so that 2 users cannot open and change the document simultaneously, unbeknownst to each other (that can be a huge mess). Another piece of software called NetSight® enterprise management platform from Enterasys Networks http://www.enterasys.com/ takes a similar approach to Prolaw, but it also locks down the file server so that only virtual shares exist. The documents are stored on unshared directories on the server, in an encrypted format based on encryption certificate keys created at the location. If the user does not have the certificate on his hard drive, or on an e-token, he cannot access or read the documents. It also has a feature similar to Prolaw's, so that if a user opens a document, other authorized users can’t get the document because it’s “checked out”. So even if someone gets into the server, they can’t read the documents unless they have the encryption key. Plus there is logging of any document activity. These softwares can even be tied in with intelligent network switches (like the HP Procurve series) to not only track document activity, but provide security so the documents can’t leave through certain ports via email or plain old copying. Some systems like this can even provide read-only access and prevent copying, pasting and emailing. The user needs a special client on his machine to access, open, read or copy files. Additionally, the client software can be tuned so that it only allows editing, and not local storage. If the client software isn’t on their machine, they can’t see the files and folders. These are the kind of security solutions that are completely necessary in today’s business climate. No company is safe anymore, especially if you are hooked to the internet. Corporate officers need to wake up and realize that what they did in 2004 is obsolete. Strict corporate policies on bringing in various data storage devices is helpful, but largely ineffective. The world of data is changing, and it’s hard to keep it confidential. Jeff Gross