Skip to main content

The Dutch Boy and the Data Leak

by Mike Pittenger on Tuesday March 21, 2017

Contact Us
Free Demo
Chat

Home Depot, Healthcare.gov, and Goodwill all announced data breaches in September. They will all now investigate how these leaks occurred and build defenses to prevent those particular attacks from repeating.

It brings to mind the story of the little Dutch boy attempting to stop a leaking dike with his finger. When a hole is discovered (through testing or an attack) we work to plug the leak quickly, and then wait for the next leak.

The problem with this approach is obvious. It focuses on defending against the last successful attack, and requires organizations to anticipate all possible weaknesses and attack vectors. We see proof every month that this strategy will eventually fail.

A better approach starts with a simple threat modeling exercise: For your organization, what are the likely goals of an attack? In the vast majority of cases, the answer is stealing data. It may be personal information or credit card numbers for criminals interested in financial gain, or source code, design documents, and trade secrets targeted by nation-states or competitors.

Rather than enumerate every possible attack vector and build a corresponding defense (and there are probably some you won’t think of), a better solution is to protect the data itself. A data-centric approach applies protection to the data and enforces usage policies based on the sensitivity of the data, the user, and the intended action (e.g. email, move, copy, print).

At its core a data-centric approach focuses on three things: identifying your most sensitive data, continuously monitoring that data so you know what’s happening to it at all times and locations, and protecting that data through the right level of usage controls and encryption. Protection that travels with the data simplifies the security challenge.

Or, like the little Dutch boy, we can continue to plug holes, hoping not to run out of fingers…

Tags:  Data Centric Security

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.