When it comes to personal or corporate data security, generally we think about using an antivirus and avoiding navigation on websites which are likely to have viruses. It is not wrong to do so, but the context in which we use data and the evolution of technology have determined the emergence of new threats. If, in the past, the most frequent cause for a data breach was an external attack, today, the weakest link is represented by the members of the organization and the information owners, through the accidental and rarely intentional errors. The consequences can be disastrous, from loss of customers' confidence, image prejudices, to data breach remediation costs and downtime, etc.
Cloud computing has had the greatest impact in data security solutions development. In the last few years, the number of cloud applications and their developers has grown substantially. According to Wall-Street.ro, cloud computing services market in Romania will grow with 20% in 2015, for both personal and company use. Applications such as Google Drive, Dropbox, OneDrive, Box, etc., are the most popular, thanks to the ease of use and great storage capacity. Of course, the fact that these apps can be used on any operating system, web-browser, or mobile device with Internet connection, is also a big drive.
But what are the data security threats in this case? A research conducted by CoSoSys on our customers revealed that 7 in 10 employees have access to corporate confidential data and they use them in their daily tasks. A simple example is uploading customer data bases on Google Drive, an environment where the company has no control. If Google Drive suffers a data breach, like it happened to Dropbox in 2012, the stored data is exposed to the risk of being stolen or leaked. Data security experts see cloud data storage apps like public containers and they recommend individuals and companies to avoid saving or transferring through these financial data, customer data, marketing plans, and other confidential data, if they want to have control over what happens to them. They have the same recommendation for personal data. Remember the 2014 iCloud breach that exposed Hollywood stars naked pictures?
As methods to prevent data loss and theft, organizations must ensure that employees and collaborators have the required knowledge on data security best practices, like using a strong password and avoiding the use of the same password on multiple accounts. Also, the data security staff or the IT Manager should indicate clearly what data is confidential and should regulate its use. Usually, employees sign a non-disclosure agreement when they are hired, but this doesn't correspond to the actual context and, more importantly, very few people read it. It is just a formality that they know they must fulfill.
A solution that complements employee's education is the Data Loss Prevention (DLP) technology. This is a technology which has been developed since 2007-2008 to control and block portable storage devices, like USB sticks, to prevent transfer of confidential data. Meanwhile, it has evolved simultaneously with the emergence of cloud applications and other online applications like e-mail, instant messaging, file sharing apps, etc. We, at CoSoSys, Romanian - German company headquartered in Cluj-Napoca, develop data security software since 2004, and entered the DLP market in 2008. Our product, called Endpoint Protector, is the only one of its kind developed in Romania. It allows IT administrators to control, through a server-client architecture, what files can be transferred through portable storage devices and through various online applications, including those previously mentioned. A clear example would be to define a policy that blocks the transfer of documents containing confidential information by unauthorized people. The filters can be defined depending on the type of confidential data, like credit card numbers, e-mail addresses, personal identification numbers, keywords, and even certain file types like office, programming files and others. It is an effective way of ensuring business continuity and that company secrets are safe. Moreover, in the event of data loss or theft, the administrator can detect the responsible person in the software detailed reports. He / she can find out exactly who transferred what data and from which computers.
Demand for Data Loss Prevention is constantly rising due to current threat landscape and increased number of breaches caused by insiders. In the era of cloud computing, organizations and individuals should value data security more, they should be aware of the consequences of a data breach and they should implement data security strategies. Their business success and personal safety and reputation depend now more than ever on their capacity of protecting data against loss or theft.