Data Protection is Impossible

Laptops are the biggest threat because they contain all of the files, emails, and data that an individual has ever worked on. Full disk encryption is becoming more and more feasible but few organizations have effectively enforced this. Besides, what if the owner of the laptop is the one stealing information?

So here you are. You have found all of the critical information that needs to be protected, you have encrypted it everywhere it is “at rest” or stored. You have installed gateway filters at every network connection point. You have encrypted every hard drive on every laptop. You encrypt all of your back up media. You control USB devices. You control and record every print job. You have deployed industry best practices for data protection.

Along comes a disgruntled employee set to leave your organization. He wants your customer list which resides in a convenient spread sheet format. He cannot print it out, he cannot email it to his gmail account, he cannot put it on his iPod. So, he simply brings it up on his desktop and uses the camera on his phone to take screen shots and send them instantly to himself.

How do you stop that level of determination? You don’t because you can’t. Data protection is impossible.

Now a consultant, Richard Stiennon was most recently chief marketing officer for Fortinet, the largest privately held security vendor. Prior to that he founded and served as chief research analyst at IT-Harvest. Before IT-Harvest, he was VP of Threat Research for Webroot Software.

He is holder of Gartner’s Thought Leadership award for 2003 and was named “One of the 50 most powerful people in Networking” by NetworkWorld magazine.