Solved

Data Leaks

Posted on 2009-07-10
5
162 Views
Last Modified: 2012-05-07
Can anybody recommend a good solution to ensure nothing meant for private eyes gets published on your corporate website. Commercially sensitive docs, personal docs, passwords etc etc.

Basically in our setup we have numerous authors for the main corporate website for each compnay department. Using googles site operator and the google hack db I have noticed some stuff has been published on our corporate site that should never been seen by anyone except internal staff. Our web authors use  a CMS to edit pages, and there is an author and approver level permission, so once someone developes a page the author scans through its content and agrees to it publish. However either the approvers arent doing there job or the authors can approve there own page, but sensitive data is being published out the world and we need a solution to make it stop?

What tools are out there for this problem? Do they scan the site for keywords or something?
0
Comment
Question by:pma111
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 125 total points
ID: 24822079
I think this is one task that needs human intervention, no automated tool can be trusted to perform it fully. They can, however, be used to support the process and act as an additional control.

What you need is an information classification policy, which defines the levels of data confidentiality (such as public/confidential/private/secret), defines what data belongs to which class, and the appropriate regulations regarding the storage, publication, transport, retention, disposal etc. for said data. This policy needs to be communicated to the users and they need to approve to abide by it. After that all relevant processes, such as in this case the process for publishing data on the public web pages, needs to be revised (or created) to reflect the policy. This process, while not making data leaks impossible, at least makes them less likely to happen by accident, and someone will be directly responsible if something does happen.

Make sure the configuration of the CMS supports the process, for example all publications and changes have to be reviewed and approved, the author must not be able to approve his own data etc.
0
 
LVL 3

Author Comment

by:pma111
ID: 24822157
Thanks CoccooBill I agree with you. I'd like the tool to act as a secondary review mroe than anything to check they are abiding by the approval stages and not approving their own styuff. Are there any tools out there you know of?
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 24822194
I'm not aware of any separate products for this exact purpose. The best option would probably be if this functionality could be integrated with your CMS product, and prevent approval if certain keywords are found. Which CMS are you using?
0
 
LVL 3

Author Comment

by:pma111
ID: 24822219
The old version of Microsoft CMS
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 24822853
This is the first line of most DLP solutions, "catching stupid" it's called.
http://en.wikipedia.org/wiki/Data_loss_prevention_products
You'd need to set the DLP up to know what doc's or keywords shouldn't be displayed, it can look to the the disclaimer at the bottom "this memo is confidential and should not be viewed by..." Or if there is a certain place non-public memo's are stored or made, the DLP can scan to see if anything in those locations appears on the public side of your network or if someone is sending it out in an email. Nothing is fool-proof but you can "catch stupid" with most DLP's.
-rich
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question