What Can We Learn from WikiLeaks? Date:   Tuesday , February 01, 2011 The WikiLeak issue has been all over the news lately, emphasizing organizations’ need for stronger information security. With this in mind, how can businesses reinforce their security posture and avoid future security breaches? It is not uncommon in the corporate world to see large data breaches occur because of a lack of security. The recent WikiLeaks incident, whereby hundreds of thousands of sensitive government documents were released to the public, is yet another reminder to businesses of the importance of data security, and should serve as a good warning for organizations - data loss can happen to anyone, anytime. Despite repeated examples of data loss the industry has witnessed over the past few years, and despite their disastrous consequences, many organizations still lack clear data security policies and fail to deploy the right security arsenal to prevent them. While they take all the necessary measures to protect their physical infrastructure and facilities – controlling and restricting access to their physical sites – they fail to protect their informational and digital assets. Yet, this is where a company’s innermost secrets, intellectual property and value resides – confidential files, financial documentation, acquisition plans, customer information, sensitive emails, exclusive product releases and other corporate records – are all ultra-capital assets that need to be shielded from the outside world. How to protect sensitive corporate information In order to protect corporate data, computers, devices and infrastructure, organizations need to deploy a holistic and multi-layered security approach. The first step is to define and implement strong data security policies. Businesses need to establish the appropriate privacy settings and clearly define who is entitled to access specific types of information, as well as what confidential data is visible and to whom. Second, businesses need to implement specific data security solutions that secure their sensitive data in multiple forms and throughout its lifecycle: data-at-rest, data-in-motion, and data-in-use. They must choose an approach that can effectively prevent data loss before it occurs, rather than just detect it, after it occurs. Below are few basic mechanisms and technologies that an organization can deploy to curb the risk sensitive data loss: Data Loss Prevention (DLP): The purpose of a data loss prevention solution is to help prevent sensitive data from being leaked out of the organization – regardless of intent. For instance, in case an employee inadvertently sends out a confidential email to the wrong recipient, or with the wrong attachment, the DLP solution can identify the fault, block the email and proactively prevent the data loss before it occurs. Encryption: Encrypting corporate data and devices will make it harder for unauthorized people to view or use the confidential information. Businesses need to deploy data encryption solutions to protect both “data-at-rest” and “data-in-transit” on all company’s endpoints, e.g. not only employees’ corporate laptops, but also the USB sticks, smartphones and other portable devices that can store sensitive information. Should the devices be lost or stolen, the data remains encrypted and inaccessible to an outsider. Document security: Document security can provide IT administrators (or end-users) with granular control over who can view, open, send or even print confidential information. This helps prevent the misuse, modification, loss or theft of sensitive information and adds an additional layer of protection throughout the data lifecycle. Virtual Private Network (VPN): A VPN solution provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. It turns any corporate network into a private, secure and encrypted communication channel, and efficiently protects all corporate data in transit. In an era where more and more information is becoming digital, the importance of data security is only growing. Luckily, data security technology, combined with proper use policies and compliance standards, can help corporations significantly decrease the risks of data disclosures. After all, it’s not too late to prevent the next Wikileaks. An event of such magnitude will hopefully help organizations understand the urgency, and push data security higher up on their agendas in 2011. Bhaskar Bakthavatsalu,Regional Director – India & SAARC, Check Point Software Technologies