Data Leaks

Can anybody recommend a good solution to ensure nothing meant for private eyes gets published on your corporate website. Commercially sensitive docs, personal docs, passwords etc etc.

Basically in our setup we have numerous authors for the main corporate website for each compnay department. Using googles site operator and the google hack db I have noticed some stuff has been published on our corporate site that should never been seen by anyone except internal staff. Our web authors use  a CMS to edit pages, and there is an author and approver level permission, so once someone developes a page the author scans through its content and agrees to it publish. However either the approvers arent doing there job or the authors can approve there own page, but sensitive data is being published out the world and we need a solution to make it stop?

What tools are out there for this problem? Do they scan the site for keywords or something?
LVL 4
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoccoBillCommented:
I think this is one task that needs human intervention, no automated tool can be trusted to perform it fully. They can, however, be used to support the process and act as an additional control.

What you need is an information classification policy, which defines the levels of data confidentiality (such as public/confidential/private/secret), defines what data belongs to which class, and the appropriate regulations regarding the storage, publication, transport, retention, disposal etc. for said data. This policy needs to be communicated to the users and they need to approve to abide by it. After that all relevant processes, such as in this case the process for publishing data on the public web pages, needs to be revised (or created) to reflect the policy. This process, while not making data leaks impossible, at least makes them less likely to happen by accident, and someone will be directly responsible if something does happen.

Make sure the configuration of the CMS supports the process, for example all publications and changes have to be reviewed and approved, the author must not be able to approve his own data etc.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Thanks CoccooBill I agree with you. I'd like the tool to act as a secondary review mroe than anything to check they are abiding by the approval stages and not approving their own styuff. Are there any tools out there you know of?
0
CoccoBillCommented:
I'm not aware of any separate products for this exact purpose. The best option would probably be if this functionality could be integrated with your CMS product, and prevent approval if certain keywords are found. Which CMS are you using?
0
pma111Author Commented:
The old version of Microsoft CMS
0
Rich RumbleSecurity SamuraiCommented:
This is the first line of most DLP solutions, "catching stupid" it's called.
http://en.wikipedia.org/wiki/Data_loss_prevention_products
You'd need to set the DLP up to know what doc's or keywords shouldn't be displayed, it can look to the the disclaimer at the bottom "this memo is confidential and should not be viewed by..." Or if there is a certain place non-public memo's are stored or made, the DLP can scan to see if anything in those locations appears on the public side of your network or if someone is sending it out in an email. Nothing is fool-proof but you can "catch stupid" with most DLP's.
-rich
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.