It’s here, CIP v2… De Do Do Do, De Da Da Da

By Dr. Guy Bunker @guybunker

Critical Information Protection product line

Some of you will recognise the song from The Police, from 1980... Others of you will have to ask your parents! However, what I really want to talk about is DAR (I was disappointed that the song uses ‘Da’, but hey-ho.)

Our Critical Information Protection (CIP) v2 solution became generally available at the end of February 2015 (and the Japanese version, v2.1, is available in the next couple of weeks)... and it’s all about the DAR functionality – Data-At-Rest scanning, finding the smokin’ guns in an organization’s sea of information. For many organizations (I would say all), they have no idea what documents they have in their environment which could cause them problems should it be lost, stolen or leak out. The purpose of DAR is to find that information before it becomes a problem and then take action. This is all about reducing the risk to an organization that its information poses. What sort of action? Well, it’s driven by policy so you can do things like move it to more secure storage but for most just a report to show the size of the problem is enough to drive the next step of a strategy to deal with it.

DAR is a new option for our Critical Information Protection product line, rounding out our complete Adaptive-DLP solution, with DIU (Data-In-Use) being the functionality we delivered in CIP v1 last year. The idea is simple, we use the same DLP polices that we can use with DIU (and on the gateways for DIM, Data-In-Motion), but we scan the local file system and/or network drives looking for files which would break policy. If the files do break policy, then we log the file, so it can be reported on. Organizations with DLP on the gateways can easily reuse the policies they use to scan storage – reducing the time and operational cost usually associated with set-up. As DAR can be completely non-intrusive (as no actions are performed) it is a popular first step to protecting critical information on the endpoint.

The first version of DAR is only available on Windows devices, but there are plans to increase the coverage to other platforms later this year, including Linus and Mac OS/X. Windows is still the predominant platforms for most enterprises, and laptops contain 95% of organizations’ critical information. The ability to scan network shares is also extremely useful as many organizations encourage users to back their information up to a central server rather than have full endpoint backup. This means that the servers, over time, can become a toxic dump of information – which frequently doesn’t have any real security around it. People come and go, but their data remains – DAR will inform and then enable a risk reduction program to be put in place.

Of course, once a scan has been done, the story isn’t over. Despite the best intentions of an organizations security policy, “Don’t store critical information on your laptop”, people do – so while the initial report and action plan is extremely important, there is an ongoing need to continue to watch what users store on their laptops or their network drives. This can also be expanded to directories which are synchronised with the cloud. Furthermore, what you consider non-critical information today might become critical tomorrow and so the ability to rescan at any time is important. DAR does not take up much space on the endpoint as it is not attempting to carry out full-content indexing (which can create a whole raft of other security issues), but is driven on-demand. Today lightweight adaptive security solutions are critical for the enterprise of tomorrow.

CIP v2: Forewarned is forearmed.