Monitor and restrict movement of data off the local network or managed devices using peripherals and removable data storage.

2. Message and File Content Analysis (via integration with Zgate)

Monitor and restrict movement of data off the local network or managed devices using network communications channels (email, instant messaging, etc.)

3. Complete Device Access Control

Control access by any connectable device including USB, hard drives, flash memory, CD/DVD drives, COM and LPT ports, local or network printers, PCMCIA, IEEE 1394 (Firewire), etc.

4. Policy-Driven Access Management

Control use of peripherals and pluggable devices by creating and applying policies with different access privileges (full access, read-only, denied access). Implement “online”, “offline”, “VPN”, or time-driven policies.

5. Access Request Handling Process

Manage device access requests sent by users via email or called in by phone using a built-in workflow.

6. Integration with Windows Active Directory (AD)

Use native Windows authentication. Assign Active Directory (AD) users or groups to Zlock policies.

7. Shadow Copy

Take a snapshot of data that was accessed or moved to/from a connected device–even if it was printed as hard copy using a local or networked printers.

8. Real-Time Monitoring and Reporting

Monitor use of devices and run reports against event logs in real-time.

9. Centralized Installation and Management

Remotely install and update software components, settings, and policies across the enterprise from a single location.

10. Self-Checked System Integrity

Self-monitoring of Zlock integrity, preventing unauthorized changes to the system settings or policies.

11. Proven Technology

Utilize a robust, highly-available DLP system capable of handling the most demanding security requirements.

12. Integration with Other Zecurion Security Products

Manage all other aspects of data security, including encryption of operational data stores, file servers, and backups, and lock down email and instant messaging communications.

Transparently encrypt data on servers using the latest adaptive multithreaded encryption (AME) patent-pending technology.

2. Disk Access Control

Control applications and systems allowed to access your encrypted data store.

3. Backup Data Encryption

Apply AME protection to backup tapes and other backup storage media.

4. Integration with Prominent Backup Systems

Encrypt backup media using your current backup systems such as BrightStor, ARCserve, Veritas, Backup Exec, and others.

5. Persistent Encryption Algorithms

Protect data using strong AES with 256-bit keys, loading keys only in RAM memory (never written to a hard drive).

6. Encryption Key Quorums

Split encryption keys into multiple fragments and set a minimum number of fragments required to reassemble a key.

7. Enterprise Key Management Server (EKMS)

Generate, store, auto-load and manage keys across the enterprise.

8. Security in Cloud Computing

Use EKMS to load your keys to “cloud computing” servers.

9. Integration with Windows Active Directory

Use native Windows authentication. Assign Active Directory users (groups).

10. High Performance Support of Clustering

Perform data encryption using adaptive multithreaded encryption technology. Utilize your clustered CPU power.

11. Easy Installation and Management

Install and update software components using Installation Wizard. Remotely manage using a single console.

12. Integration with Other Zecurion Products

Manage all other aspects of data security including lockdown of perimeter endpoints, email and messaging communications from one source.

For the first time in the seven years Ponemon has been tracking this data, the average cost of a data breach has declined. The total impact went down from $7.2 million to only $5.5 million, and the average cost per compromised record dropped from $214 to $194. The decline in financial impact of a data breach can be largely attributed to customer apathy. Data breaches are so common that users are jaded and less likely to pack up and take their business elsewhere. It’s good news for the affected companies, but for the wrong reason.

Here are some other key findings from the report highlighted in a Symantec press release:

Negligent insiders and malicious attacks are the main causes of data breach. Thirty-nine percent of organizations say negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker.

Certain organizational factors reduce the overall cost. If the organization has a CISO with overall responsibility for enterprise data protection the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response also can save as much as $41 per record. When considering the average number of records lost or stolen, all of these factors can provide significant and positive financial benefits.

Specific attributes or factors of the data breach also can increase the overall cost. For example, in this year’s study organizations that had their first ever data breach spent on average $37 more per record. Those that responded and notified customers too quickly without a thorough assessment of the data breach also paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.

Detection and escalation costs declined but notification costs increased. Detection and escalation costs declined from approximately $460,000 in 2010 to $433,000 in 2011. These costs refer to activities that enable a company to detect the breach and whether it occurred in storage or in motion.

More customers remain loyal following the data breach. For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach.

A manager of an H&R Block tax preparation office in California was arrested for stealing the identities of H&R Block clients and filing fraudulent tax returns on their behalf. A post on AccountingToday.com about the incident states, “He prepared bogus tax returns in their names designed to obtain tax refunds and credits, according to prosecutors, and then used H&R Block Emerald Cards to withdraw the fraudulently obtained refunds from automated teller machines.”

You should have tools and policies in place to guard your data against unauthorized access from the outside. But, don’t forget that authorized users are in a position to intentionally steal or compromise data, or inadvertently share or expose it. You need to make sure you have tools in place to monitor and defend against data leaks from the inside as well.

What all of this fails to address, though, is that if you take that same sensitive information and print it on paper, it still poses a data loss risk and needs to be monitored and protected. There seem to be an alarming and escalating number of incidents involving information being exposed or compromised through improper handling or disposal of hard copy printouts. Just recently, a prison in Scotland, and a county government office in Arizona have made the mistake of exposing sensitive data by tossing it out without regard for its confidentiality.

Make sure you have policies in place that dictate how printed sensitive data should be handled and disposed of. You should also have tools in place that monitor the sensitive data that is sent to printers within the organization so you at least have a record of what information might be exposed.

Schneier explains, “This shouldn’t come as a surprise. One of the hardest parts of cryptography is random number generation. It’s really easy to write a lousy random number generator, and it’s not at all obvious that it is lousy.”

Schneier goes on to address the issue of what impact  this has in terms of real-world security, and the encryption keys being used today:

What is the security risk? There’s some, but it’s hard to know how much. We can assume that the bad guys can replicate this experiment and find the weak keys. But they’re random, so it’s hard to know how to monetize this attack. Maybe the bad guys will get lucky and one of the weak keys will lead to some obvious way to steal money, or trade secrets, or national intelligence. Maybe.

The random number generator (RNG) forms the foundation for creating keys, so any RNG that is in any way predicatble weakens the security of the whole system.

While it is understandable to be upset, and sympathize with the cause, the actions of Anonymous can’t be excused. Compromising personal information of law enforcement officers doing their duty to protect their communities in retaliation for the actions of a sick rogue officer, or even the seemingly tepid response to his alleged crimes crosses the line no matter how you slice it.

That said, this also isn’t the first time the Texas Police Association has been targeted, and there is also no excuse for why sensitive information like the personal addresses of police officers is not better protected. The Texas Police Association needs to take a close look at its network and data security measures. It should have tools in place that encrypt and protect the data stored there even if hackers manage to compromise the server itself.

So, what sorts of things should your data protection policy cover?

• A designated role responsible for maintaining the policy
• A system for defining the classification of data based on its sensitivity or criticality
• Provisions for conducting a risk analysis to identify where sensitive data is stored, how it is used, and where it travels to
• Established guidelines for data handling and protection procedures for employees
• Defined disciplinary measures for violations of the policy
• Restrictions on physical access to the servers that store and process sensitive data
• A plan for backing up critical and sensitive data, and ensuring that the backup data is secure
• A system for monitoring and periodically reviewing data access to ensure it is safe
• Define data breach incident reporting requirements and incident handling procedures
• Establish a periodic review of the data protection policy to modify or update it as needed

This is just a baseline, but it’s a start. If you don’t have a written data protection policy that your employees are aware of you can’t expect them to follow it. Develop an effective data protection policy, then support and enforce that policy with the award-winning tools from Zecurion.

Zecurion is offering special discount pricing on our award-winning data loss prevention and encryption products through the end of the year. Is your data adequately protected? Do you have the right tools in place to enable you to exercise some control over how and where your sensitive data goes without getting in the way of productivity?

You simply purchase the one-year support agreement, and we’ll throw in the product license for free. It is an 80 percent savings off the normal price. You owe it to yourself — and the employees, customers, vendors, and others that trust you with sensitive data — to take advantage of this offer before the ball drops at midnight on December 31.

Your 2012 will be much happier if you have the peace of mind that comes with knowing your data is protected. Happy New Year!

Security vendor Sophos recently bought a number of USB thumb drives at auction that were left behind on trains. Sophos found that two-thirds of the USB thumb drives contained malware–possibly suggesting they were intentionally “left” behind to be found and used by an unsuspecting victim. But, the 50 USB drives comprised nearly 140GB of potential lost data.

None of the USB keys was encrypted, and none of the USB keys contained any encrypted data. None. Sophos found all kinds of interesting data on the USB keys, including lists of tax deductions, minutes of an activists’ meeting, school and University assignments, autoCAD drawings of work projects, photo albums of family and friends, a CV and job application, and software and web source code.

Don’t let that be your data. Make sure you have policies and security controls in place to control what data is allowed to be stored and transported on portable storage media, and make sure your data is encrypted so it is protected even if that media is lost or stolen.