Reserve your copy >
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Be notified of Websense news, product information, industry events and more.
we want to hear from you >
in my previous two posts we talked a little about the ramifications and risks
that this incident has brought to light within your business. Now I’d like to speak on a practical level,
things you can do to prevent just this sort of thing from happening to you.
may come as a surprise to some that legacy controls aren't enough. And,
as this incident showed, it's not just email that data is being lost through: the Web is four times more
likely, and USB is a large vector too. However, a myopic approach
to solving the problem can be dangerous. Shutting down access - a natural, gut
reaction - will only create more obstacles and impede an organizations ability
to operate at their peak capacity.
Now, I’m a realist. Every vendor is going to jump up and say,
"You need my technology to solve this problem." The difference is
that lots of organizations are already using Websense DLP to protect themselves,
including businesses like Cellcom, Zim Shipping and Reliance Capital, while legacy
systems are failing. Let’s look at this situation analytically and see how
legacy security controls map to this type of data theft:
The key to protecting these assets and establishing effective
security is to keep it simple and map to three primary points:
What is the data you want to protect?
What are your use cases for protecting it (in this case, removable
What is the value to you to protect it (to help determine
investment and priority level)?
Remember, not all DLP solutions are created equal, not all will
address these needs. In addition, most are too costly and complex, and lead you
down an endless path of discovery. And remember, discovery in this case
wouldn't have solved anything.
DLP, like every technology, needs to be mapped to your needs and
be applied in a holistic approach to security in order to be effective. But if
this incident proved anything, it is that there is a demonstrable incentive for
you to investigate your needs and the information you need to protect and begin
securing your sensitive assets.
Let me know what you think about the past few posts. Also, feel
free to comment below if you have implemented DLP and want to share your story
of determining your needs and successfully protecting data within your
organization. And, of course, if you’re
interested in trying out DLP you can download Websense at