Ohio Business Gateway
ohio business gateway
Stopping data leakage: Making the most of your security budget
After years of battling intrusions, viruses, and spam, organizations now find themselves wrestling
with a relatively new but hugely significant security issue: data leakage. By March 2008, the inadvertent exposure of company confidential information was already being cited by analyst IDC as the number one threat, above
viruses, Trojans, and worms1. At the end of the year, 80 percent of respondents in another
survey agreed that data security was one of the biggest challenges facing them, with 50 percent
of respondents admitting they’d experienced a data leakage incident in 2008.2 IDC’s survey identified intellectual property as the most common type of information leaked and 81 percent of respondents saw information protection and control (IPC) – defined as monitoring, encrypting, filtering, and blocking sensitive information contained in data at rest, data in motion, and data in use – as an important part of their overall data protection strategy. The highest priority IPC solution was data leakage prevention (DLP) deployed at
the organization’s perimeter and on endpoint computers.1
Importance of monitoring employee use1
% choosing 4 or 5 on a 5-point scale
Corporate email 56%
Lost/stolen laptop 51%
Web email or web posting 37%
Instant messaging 33%
Lost/stolen mobile device 33%
Media devices 19%
Other 12%
The intentional or accidental exposure of information, ranging from legally protected personal information to intellectual property and trade secrets, is something that affects the IT environment in its widest sense, involving lost
or stolen laptops, USB keys and other devices, email, and Web 2.0 applications, such as IM.
Respondents to IDC’s survey demonstrate just how many points of exit there are (see figure 1).
The challenge now is not simply to protect data from the threat of theft or corruption from
malware, but to add a second security layer preventing data being accessed if it is lost.
The growing importance of DLP
There are several reasons for the movement of data leakage prevention to the forefront of enterprise security.
High-profile, reputation-damaging data leaks
Bad publicity from data leakage can result in damaged reputation, lost customers, and
sometimes even ruin for companies.
The number of well-publicized examples of data security breaches is growing significantly.
Government bodies, financial organizations, education institutions, industry giants and even presidential candidates – no-one is immune
. Recent high-profile incidents have included:
Secret government documents on al Qaeda and Iraq were left on a commuter train in the
UK. (Jun 2008)
The personal information of almost 1000 bank customers was lost by an employee of Bank of Ireland, after the data was copied onto an unencrypted USB memory stick which was then lost. (November 2008)4
Stopping data leakage: Making the most of your security budget
An email containing names, positions, salaries, and social security numbers of 192 faculty and staff members was accidentally sent to Ohio State University Agricultural Technical Institute students.
Hackers were charged with stealing more than 40 million credit and debit card numbers from nine US retail outlets by breaking into the wireless networks of major retailers.
An investigative reporter for MyFoxDC bought a Blackberry device during the McCain-Palin US presidential campaign’s sale of its used office inventory, only to find 50 phone numbers for people connected
with the campaign and hundreds of emails.
Regulations
Government legislation
Governments worldwide have introduced increasingly stringent data protection legislation,
such as the US’s Sarbanes-Oxley Act, HIPAA, and Gramm-Leach-Bliley Act, and the UK’s Data
Protection Act, to provide suitable controls over sensitive company information. Organizations found to be in breach of the legislation can be fined and forced to put solutions in place to prevent a recurrence. The California Senate
Bill 1386, introduced in 2003, was the first to require that organizations notify all affected individuals if their confidential or personal data has been lost, stolen, or compromised. This public disclosure is now required by 35 states.
Many regulations also require regular audits, which an organization may not pass if the right
controls are not in place.
Today, protection must focus on controlling access to the information, not on blocking the perimeter.
Cost of a data breach
Up 11 percent since 2006
Average cost per breach – $6.6 million
Average cost per record – $202
for heathcare – $282
for retail breach – $131
Cost of lost business
Up 40 percent since 2005
69 percent of overall cost (compared to
65 percent in a similar 2006 study)
Source: Ponemon Institute8
PCI DSS
Alongside government legislation sits PCI DSS (Payment Card Industry Data Security
Standard). Created by multinational corporations, it is enforced on merchants as a part of their terms of being allowed to accept credit card transactions. Organizations that cannot demonstrate PCI-compliance at an
audit are subject to sanction even if no actual data leak has occurred. PCI’s reach across international boundaries and its ability to respond quickly to change – it last extended its scope in October 2008 – makes it as important
a security standard as any local or national legislation.
Cost
In addition to legal costs, organizations have to deal with the less tangible costs of recovery and
commercial fallout, such as lost business, or withdrawal of credit card merchant status. All
these costs have been rising steadily.
The dissolving perimeter and Web 2.0
As business has gone online and become vastly more mobile, the 20th century security strategy
of protecting the organization’s perimeter with firewalls, intrusion detection, and other similar
tools has become insufficient. There are simply too many points of data entry and exit. While
blocking the perimeter remains important,
protection must focus on controlling access to the information.
Stopping data leakage: Making the most of your security budget
This need is growing exponentially with the totally different perspective introduced by Web 2.0 users. This new “employee 2.0” workforce brings a mindset that is highly tuned to sharing information on social networking
sites, posting to blogs, and emailing and IMing friends, with little or no regard to whether this is
appropriate in a business context.
The challenge for today’s DLP solutions
Several enterprise-focused DLP solution vendors, have developed innovative solutions for preventing the leakage of sensitive company information. Many of these products focus on identifying and categorizing all company data and then implementing corporate DLP policies to track sensitive information across the enterprise, applying controls where necessary.
These solutions make a lot of sense in concept, but in practice they run up against several
implementation roadblocks.
Too much data, too little time. For many organizations data is so dispersed, disorganized, and voluminous that classifying it comprehensively is just too burdensome and resource-intensive a task for most IT
departments to undertake.
IT resistance. Many available DLP products are relatively new and still suffer from issues such as frequent false positives. IT departments can be reluctant to invest their increasingly stretched resources in
deploying another complex enterprise level infrastructure at the expense of delivering
strategic value to the organization.
User resistance. There is a wariness about deploying yet another agent on each
desktop and laptop that might interfere with legitimate business by hogging processor cycles, requiring frequent updates and slowing down the performance of other user applications.
Complexity of scope. Devising and implementing a comprehensive, viable policy
to be supported by the DLP solutions can get in the way of regular business practices, requiring the involvement of not just IT but also human resources, finance and legal teams, and business unit managers.
The wrong focus. Many of these solutions focus to a large extent on intentional data leakage, when in reality data leakage is hard to stop. For example, people can deliberately alter files to avoid detection or there is the
more mundane problem of people simply sharing information inappropriately in conversation.
Organizations’ real requirements
The truth is that, with the exception of the largest enterprises with the most stringent security requirements, most organizations simply don’t have the funds, staff resources, and need to implement large-scale DLP efforts. Their most
pressing and immediate needs fall into three categories.
Stopping the stupid
98 percent of data leakage incidents are actually due to accident or stupidity.9 Lost laptops and USB keys, inadvertent misuse of email, the unthinking sharing of information on IM, webmail, social networking sites, and peer-to-peer file sharing sites are a much more significant threat to organizations than hackers.
Meeting regulatory requirements
The most pressing need for most organizations is to implement an effective solution that will satisfy auditors that they are providing the protection and control required to meet current regulations without the need for a huge amounts
of funds, staff, and resources in implementation and management.
Stopping data leakage: Making the most of your security budget
Maximizing IT investment
IT departments want to ensure that the budget available to them – which is being asked to do more and more – is spent in the most efficient and cost-effective way. Solutions that integrate DLP with other security features are best placed to do this (as discussed more fully below).
Enabling DLP
Enforcing an acceptable use policy
Creating and enforcing an acceptable use policy (AUP) should underpin any attempts to stop data leaking from an organization. Because of the changing nature of both the organizational infrastructure and the expectation of employees that information should be freely available to access and share, an AUP’s success depends heavily on creating ongoing employee buy-in to the fact that the threat is internal, overwhelming accidental, and in their hands to avoid.
As well as stressing the importance of commonsense, the AUP should set out
exactly how an employee is expected to use an organization’s information, containing prescriptive advice on best practice and clearly defining prohibited behavior.
It should cover issues such as:
What information/files must not be emailed
The company policy on posting to web message boards or downloading from the web
The policy on use of USB keys and CDs for storing sensitive company information
The policy on altering security settings.
The repercussions of not adhering to the policy should also be spelled out.
Integrated solutions
The key to achieving successful data leakage prevention within constrained budgets is to see
it as part of your overall security picture, not as a separate entity. In fact, you might already
have security tools with features that address your most pressing DLP requirements.
As DLP grows as a corporate concern these features are likely to be upgraded in much
the same way that spyware prevention, spam detection, and intrusion prevention all started as separate security categories and infrastructures, but were quickly subsumed into other categories, such as anti-virus protection
and firewalls.
As you go forward, the inclusion of up-to-date DLP features is something you need to ensure in order to make the most of your budget. The two key requirements can be summed up as:
Protect your data against accidental loss or deliberate theft
Secure your data so that if it is lost or stolen, it cannot be read.
Protect your data
Endpoint protection
Endpoint protection goes far beyond the imperative not to leave laptops on trains:
Use powerful anti-malware solutions to block spyware that can steal financial and other confidential data.
Organizations need to implement products that combine DLP features with other security functions to provide an integrated solution.
Three steps to AUP success
Create the policy
Educate users about the policy
Enforce the policy
Stopping data leakage: Making the most of your security budget
Block the use of non-essential applications such as P2P file sharing, IM, FTP clients, unauthorized email clients, wireless network connections, and smartphone and PDA synchronization tools. All of them can be subverted by criminals to get hold of information. Even more easily, employees can – usually unthinkingly – send out and share company data via these applications.
Manage write access to portable storage devices such as USB keys. Because these are so easy to lose, these devices are a high security risk.
Ensure that every computer connecting to the network – whether office-based or remote, company-owned or belonging to guest users – is compliant with the organization’s security policy.
Gateway protection
Much of the functionality available in email and web products can prevent sensitive or inappropriate data being sent outside the organization or to unauthorized users inside the organization. Features include:
Content scanning of email messages and attachments to control and block sensitive information, by identifying, for example, social security numbers, or keywords relating to confidential corporate information.
Content scanning of web traffic to ensure spyware Trojans and other malware are not downloaded onto the user’s computer.
Preventing the download of particular file types and preventing users from disguising and obfuscating unauthorized file types in emails.
Controlling access to particular websites and applications and to webmail sites such as
Googlemail and Yahoo! Mail.
Controlling and blocking the unauthorized use of IM and FTP traffic.
Protecting against “drive-by downloads” which secretly place spyware on the user’s computer when they visit a website.
Secure your data
In spite of having the best policies and the best solutions, you might still find your data has been
stolen or lost. So it is essential to have a second layer of defense – encryption. In a survey by the Identity Theft Resource Center, 82 percent of respondents who had lost data, said that if the data had been encrypted, the risk to the company would have been far reduced.2 With this being the case, you should: Perform full disk encryption of laptops and notebooks.
Encrypt data on removable storage devices, such as USB drives, CDs and DVDs. Encrypt emails to prevent unauthorized users from reading them. Encrypting your data and devices in this way means that your information is safe, even if it gets into the wrong hands.
Summary
Data leakage has become one of the most pressing security issues facing organizations today. The most effective solution to the problem is to see DLP as part of your overall security problem, integrating it into a comprehensive
strategy. You also need to create an AUP, enforce it with technology and ensure that both are monitored for compliance with corporate policies.
About the Author
This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
|
|
BUSN $13.99 Student tested and faculty approved, BUSN breaks new ground in the Introduction to Business market, delivering a riveting design that captivates students and powerful resources that save instructors valuable time. Written by longtime Intro to Business instructors who know firsthand the needs of today’s instructors and students, this unique first edition provides a more student-focused–less linear… |
|
|
Ohio business gateway open for business. (Capitol Access).(Ohio Business Gateway online reporting and payment center used by four state departments): An article from: Catalyst (Dublin, Ohio) $5.95 This digital document is an article from Catalyst (Dublin, Ohio), published by Ohio Society of Certified Public Accountants on May 1, 2003. The length of the article is 517 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser… |
|
|
Business District, Youngstown, Ohio $39.99 Business District, Youngstown, Ohio – Giclee Print |
|
|
Small Business Pro SPA3102 Voice Gateway with Router – VoIP gateway $68.99 Cisco Small Business Pro SPA3102 Voice Gateway with Router – VoIP gateway – Ethernet Fast Ethernet |
|
|
Ohio State Buckeyes Red Just Gateway Hooded Sweatshirt $31.99 Ohio State Buckeyes Red Just Gateway Hooded Sweatshirt Size XX-Large Red |
|
|
Ohio State Buckeyes Red Just Gateway Long Sleeve T-Shirt $21.99 Ohio State Buckeyes Red Just Gateway Long Sleeve T-Shirt Size X-Large Red |
|
|
Nortel Business Services Gateway BSG8ew 6FE 2x GE Ports NT5S21AAE6 $1028.55 Nortel Business Services Gateway BSG8ew 6FE 2x GE Ports NT5S21AAE6 |
|
|
Adtran Total Access 908e IP Business Gateway 4240908L1 $928.25 Adtran Total Access 908e IP Business Gateway 4240908L1 |
|
|
Small Business Pro SPA8800 IP Telephony Gateway – VoIP phone adapter $439.99 Cisco Small Business Pro SPA8800 IP Telephony Gateway – VoIP phone adapter – Ethernet Fast Ethernet |
|
|
Gateway Hyderabad $27.55 Gateway Hyderabad is located in Hyderabad, close to Yusufian Dargah, State Museum, and Lal Bahadur Shastri Stadium. Nearby points of interest also include Birla Venkateshwara Temple and Salar Jung Museum. Hotel Features. This 3.5 star property has a business center and offers secretarial services. The hotel serves a complimentary breakfast. Room service is available during limited hours. Guest parking is complimentary. Additional property amenities include dry cleaning/laundry services. Guestrooms. All guestrooms at Gateway Hyderabad feature air conditioning. Wireless Internet access is available for a surcharge. Televisions have satellite channels. |
|
|
Starting and Operating a Business in Ohio $11.98 This book is in New – Excellent condition |
|
|
ARR Chennai Gateway $39.14 ARR Chennai Gateway is located in Chennai, close to SDAT Tennis Stadium. Additional area points of interest include Valluvar Kottam and Apollo Hospital. Hotel Features. ARR Chennai Gateway features a restaurant. Room service is available. Those traveling on business have access to a business center at this hotel. High speed Internet access is available in public areas. Guestrooms. All guestrooms at ARR Chennai Gateway feature air conditioning. High speed Internet access is available. |
|
|
Adtran Total Access 908e IP Business Gateway $1644.99 1 x DB-9 Craft Management 1 x RJ-21 1.72″ Height x 17.20″ Width x 10.50″ Depth 10 Year 120 V AC 128 MB 1U 2 x RJ-45 10/100Base-TX LAN 32 MB 4 x RJ-48C T1/FT1 4242908L1 6.50 lb 7 8 x RJ-11 900e 908e CLI Telnet DHCP Syslog n-Command SNMP v2, v3 IEEE 802.1p QoS IEEE 802.1Q VLAN Web-based Management PAP CHAP VoIP Protocol: SIP MGCP (FXS interfaces only) Voice Codecs: G.711 G.729a G.168 ADTRAN offers a wide variety of solutions for converged voice/data services. The Total Access 908e is a T1 and Multi-T1 IP Business Gateway designed for carrier SIP/MGCP Voice over IP (VoIP) networks. This product features all of the same robust routing and voice features of the widely deployed Total Access Integrated Access Devices (IADs), along with a host of new features and functions that enable cost-effective, reliable IP service delivery. This device uses the ADTRAN Operating System (AOS) to simplify management and administration. This model offers flexibility for varied applications from PRI delivery and trunking services to Hosted IP PBX offerings. Adtran Desktop Gateway Appliance Power Supply Rack-mountable Total Access Total Access 900e Total Access 908e IP Business Gateway Wall-mountable Yes www.adtran.com |
|
|
Adtran Total Access 916e IP Business Gateway $1945.99 1 x DB-9 Craft Management 1 x RJ-21 1.72″ Height x 17.20″ Width x 10.50″ Depth 10 Year 120 V AC 128 MB 16 x RJ-11 1U 2 x RJ-45 10/100Base-TX LAN 32 MB 4 x RJ-48C T1/FT1 4242916L1 6.50 lb 7 900e 916e CLI Telnet DHCP Syslog n-Command SNMP v2, v3 IEEE 802.1p QoS IEEE 802.1Q VLAN Web-based Management PAP CHAP VoIP Protocol: SIP MGCP (FXS interfaces only) Voice Codecs: G.711 G.729a G.168 ADTRAN offers a wide variety of solutions for converged voice/data services. The Total Access 916e is a T1 and Multi-T1 IP Business Gateway designed for carrier SIP/MGCP Voice over IP (VoIP) networks. This product features all of the same robust routing and voice features of the widely deployed Total Access Integrated Access Devices (IADs), along with a host of new features and functions that enable cost-effective, reliable IP service delivery. This device uses the ADTRAN Operating System (AOS) to simplify management and administration. This model offers flexibility for varied applications from PRI delivery and trunking services to Hosted IP PBX offerings. Adtran Desktop Gateway Appliance Power Supply Rack-mountable Total Access Total Access 900e Total Access 916e IP Business Gateway Wall-mountable Yes www.adtran.com |
|
|
Adtran Total Access 924e IP Business Gateway $2316.99 1 x DB-9 Management 1 x RJ-21 1.72″ Height x 17.20″ Width x 8.50″ Depth 10 Year 120 V AC 128 MB 1U 2 x RJ-45 10/100Base-TX LAN 24 x RJ-11 32 MB 4 x RJ-48C T1/FT1 WAN 4242924L3 5.50 lb 7 900e 924e CLI HTTP Telnet DHCP Syslog n-Command SNNP v2, v3 IEEE 802.1p QoS IEEE 802.1Q VLAN Call Waiting Do Not Disturb Distinctive Ring PAP NAT NAPT CHAP Packet Filtering Access Control Lists Stateful Inspection Firewall Application Level Gateways Denial of Service (DOS) Protection ADTRAN Operating System (AOS) ADTRAN offers a wide variety of solutions for converged voice/data services. The Total Access 924e of T1 and Multi-T1 IP Business Gateway is designed for carrier SIP/MGCP Voice over IP (VoIP) networks. This product features all of the same robust routing and voice features of the widely deployed Total Access Integrated Access Devices (IADs), along with a host of new features and functions that enable cost-effective, reliable IP service delivery. This device uses the ADTRAN Operating System (AOS) to simplify management and administration. Multiple models offer flexibility for varied applications from PRI delivery and trunking services to Hosted IP PBX offerings. Adtran Desktop Gateway Appliance Power Supply Rack-mountable SDRAM Total Access Total Access 900e Total Access 924e IP Business Gateway Wall-mountable Yes www.adtran.com |
|
|
Ohio $19.99 Ohio – Masterprint |
|
|
AT&T VoIP Gateway System $173.99 1 5.50 lb VoIP Gateway System is a device designed for use with AT&T DECT 6.0 Digital Business Phone System that runs on your existing Ethernet network and connects to traditional analog outside phone lines. Device features four phone line connections and one Ethernet connection. Use the gateway to connect up to four outside phone lines using standard analog connections. Combine up to four gateways for up to 16 outside lines. Use automated attendant for customized call handling and the ability to record on-hold messages. AT&T AT&T Corp SB67010 VoIP Gateway VoIP Gateway System www.att.com |
|
|
Ohio Bobcats Business Card Holder $25.99 Add elegance to your desk with our new walnut finish accessories- accented with a solid brass medallion featuring your team or college logo in beautiful painted enamel. This business card holder displays your personal card and your personal loyalty at the same time! A functional gift that will be used and appreciated! |
|
|
Cisco Unified Communications 500 Series For Small Business VoIP Gateway 0 / 1 16 Users UC52016U2BRIK9RF $2576.77 Cisco Unified Communications 500 Series For Small Business VoIP Gateway 0 / 1 16 Users UC52016U2BRIK9RF |
|
|
Cisco Unified Communications 500 Series For Small Business VoIP Gateway 48 Users UC52048UTEFK9 $6048.96 Cisco Unified Communications 500 Series For Small Business VoIP Gateway 48 Users UC52048UTEFK9 |
|
|
Gateway Hotel $167.69 Located in Nadi, Gateway Hotel is connected to the airport and close to Garden of the Sleeping Giant and Wailoaloa Beach. Hotel Features. In addition to 2 restaurants, Gateway Hotel offers a coffee shop/caf? and a grocery. A poolside bar and a bar/lounge are open for drinks. Room service is available 24 hours a day. The hotel serves cooked to order breakfasts each morning (surcharges apply). Recreational amenities include 2 outdoor swimming pools. Also located on site are a children’s pool, an outdoor tennis court, and a spa tub. This 3.5 star property has a 24 hour business center and offers a meeting/conference room, secretarial services, and business services. Wireless Internet access (surcharge) is available in public areas. This Nadi property has 60 square meters of event space. The property has a complimentary airport shuttle (available 24 hours). Concierge services, tour/ticket assistance, translation services, and tour assistance are available. Self parking is complimentary. Additional property amenities include multilingual staff, gift shops/newsstands, and laundry facilities. The property has designated areas for smoking. A total renovation of this property was completed in November 2011. Guestrooms. 95 air conditioned guestrooms at Gateway Hotel feature laptop compatible safes and coffee/tea makers. Rooms are all accessible via exterior corridors. All accommodations have furnished balconies or patios. All rooms include separate sitting areas and desks. Bathrooms feature showers with handheld showerheads. They also offer makeup/shaving mirrors, complimentary toiletries, and hair dryers. Wireless Internet access is available for a surcharge. 32 inch LCD televisions have satellite channels. Rooms also include windows that open and blackout drapes/curtains. Housekeeping is offered daily and guests may request wake up calls. Guestrooms are all non smoking. Notifications and Fees:A resort fee is included in the total price displayed No pets, including service animals, are allowed at this property. The following fees and deposits are charged by the property at time of service, check in, or check out. Fee for high speed Internet (wired) in business center: FJD 8 (for 15 minutes, rates may vary)Fee for wireless Internet in public areas: FJD 8 (for 15 minutes, rates may vary)Fee for in room wireless Internet: FJD 8 (for 15 minutes, rates may vary)Continental breakfast fee: FJD 18 per person (approximate amount)Onsite credit card charges are subject to a surcharge The above list may not be comprehensive. Fees and deposits may not include tax and are subject to change. Notifications and Fees:A resort fee is included in the total price displayed No pets, including service animals, are allowed at this property. The following fees and deposits are charged by the property at time of service, check in, or check out. Fee for high speed Internet (wired) in business center: FJD 8 (for 15 minutes, rates may vary)Fee for wireless Internet in p |
|
|
Ohio Bobcats 10K Gold ”OHIO” Bobcat Pendant $189.99 Show your team spirit everywhere you go with this Ohio Bobcats pendant. Officially licensed Made of Solid 10K Gold Custom made when ordered. Ships in 7-12 business days. |
|
|
Ohio Bobcats Sterling Silver ”OHIO” Bobcat Pendant $39.99 Show your team spirit everywhere you go with this Ohio Bobcats pendant. Officially licensed Made of Solid Sterling Silver Custom made when ordered. Ships in 7-12 business days. |
