Solved

Data Leaks

Posted on 2009-07-10
5
154 Views
Last Modified: 2012-05-07
Can anybody recommend a good solution to ensure nothing meant for private eyes gets published on your corporate website. Commercially sensitive docs, personal docs, passwords etc etc.

Basically in our setup we have numerous authors for the main corporate website for each compnay department. Using googles site operator and the google hack db I have noticed some stuff has been published on our corporate site that should never been seen by anyone except internal staff. Our web authors use  a CMS to edit pages, and there is an author and approver level permission, so once someone developes a page the author scans through its content and agrees to it publish. However either the approvers arent doing there job or the authors can approve there own page, but sensitive data is being published out the world and we need a solution to make it stop?

What tools are out there for this problem? Do they scan the site for keywords or something?
0
Comment
Question by:pma111
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 125 total points
ID: 24822079
I think this is one task that needs human intervention, no automated tool can be trusted to perform it fully. They can, however, be used to support the process and act as an additional control.

What you need is an information classification policy, which defines the levels of data confidentiality (such as public/confidential/private/secret), defines what data belongs to which class, and the appropriate regulations regarding the storage, publication, transport, retention, disposal etc. for said data. This policy needs to be communicated to the users and they need to approve to abide by it. After that all relevant processes, such as in this case the process for publishing data on the public web pages, needs to be revised (or created) to reflect the policy. This process, while not making data leaks impossible, at least makes them less likely to happen by accident, and someone will be directly responsible if something does happen.

Make sure the configuration of the CMS supports the process, for example all publications and changes have to be reviewed and approved, the author must not be able to approve his own data etc.
0
 
LVL 3

Author Comment

by:pma111
ID: 24822157
Thanks CoccooBill I agree with you. I'd like the tool to act as a secondary review mroe than anything to check they are abiding by the approval stages and not approving their own styuff. Are there any tools out there you know of?
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 24822194
I'm not aware of any separate products for this exact purpose. The best option would probably be if this functionality could be integrated with your CMS product, and prevent approval if certain keywords are found. Which CMS are you using?
0
 
LVL 3

Author Comment

by:pma111
ID: 24822219
The old version of Microsoft CMS
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 24822853
This is the first line of most DLP solutions, "catching stupid" it's called.
http://en.wikipedia.org/wiki/Data_loss_prevention_products
You'd need to set the DLP up to know what doc's or keywords shouldn't be displayed, it can look to the the disclaimer at the bottom "this memo is confidential and should not be viewed by..." Or if there is a certain place non-public memo's are stored or made, the DLP can scan to see if anything in those locations appears on the public side of your network or if someone is sending it out in an email. Nothing is fool-proof but you can "catch stupid" with most DLP's.
-rich
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 104
shd and spl analysis 3 93
Office 365 setting for security 4 64
Dashlane password manager suddenly won't accept my master password 20 49
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now