Laid-off Workers Stealing Data or Negligence by the CISO?

This knee-jerk, Patriot Act-like response is an excuse for not doing your job to this point.  You should be one of the ones heading for the exit.  The data you now seek to protect has been leaking from your code repositories, gushing from your employee-owned PCs with corporate VPN, flooding over the dam of mobile devices, and walking out the door on a daily basis on thumb drives, CDs, DVDs, and portable hard drives.  What you plan to do now is to put a plug the crater in the dike after all the water has emptied.

Regardless, you still need to do it.  The controls that are being recommended and discussed should be implemented.  You should use this opportunity to press the need to purchase DLP solutions.  I’d take a good look at the McAfee suite of DLP solutions. It covers the gamut and provides centralized management and control that can be used with many of their other solutions.  If you couple this with their Endpoint Encryption and you really start to get broad coverage with management simplicity.

So, as you go above making your case to compartmentalize your data by classification and access requirements, remember, you really should have done this a few years back to say the least.  Shame on you; think before you DLP but just go and get it done.

http://twitter.com/jsbardin

Copyright © 2009 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.