This post is by Roger Klorese, WatchGuard’s Director of Product Management.
When we talk about security and compliance requirements, the discussion is usually about keeping bad stuff out — protecting the network from threats, in the form of intrusions, malware, phishing spam, or others. And that’s the view most organizations take to the problem. But they’re only thinking about half the problem. Protecting the network is not just about keeping the bad stuff out, but also about keeping the good stuff — confidential information and other valuable assets — in.
This is why today we are announcing the upcoming availability of WatchGuard Data Loss Prevention, which will be available as part of our growing Unified Threat Management solution. Right out of the box, it recognizes information from many countries (18 at first, with more to come). It can find the information you need to protect — credit card numbers, home addresses, health information, and lots more — not only in your email and web pages, but in 30 of the most common document types you might be sending (including Microsoft Office files and more). It recognizes confidential documents not because you magically tagged them with a special program, but because you used your normal “Confidential” marker in them.
And if selecting from the more than 200 rules included in the product still sounds like a lot of work, how about a single check box to enable checks for the most popular compliance regimes such as PCI DSS and HIPAA? Are you ready for Data Loss Prevention?
Accidental Data Loss a Top Priority
We recently surveyed more than 2,100 security experts around the world about the regulations that govern their operations, the types of information they need to protect, and whether or not they currently do take any actions to protect it. Here are some of the most interesting things we’ve learned from our customers and from industry analyst sources — and how we’re going to help you follow through on your data loss prevention concerns.
The information that most companies told us concerned them the most about losing was financial data, as one might expect. But personally identifiable information (PII) such as national ID numbers followed close behind, as did credit card numbers.
While about a third of companies surveyed each said Payment Card Industry (PCI), Personal Health Information (PHI) and other regulations governed them, more than half said the regulations that affected them were regional data privacy concerns. With the recent high-profile PRISM news, it’s easy to see why this concern would be even more on people’s minds than ever.
About a third of the companies surveyed reported that they did business in more than one country — making their need to protect different types of data under different regulatory regimes even more complex.
Surprisingly, only a little more than half of the companies even had a policy that made it clear to their employees what information could be shared and what needed to be protected. You might think it’s a common-sense issue, but without clear guidance, employee judgment carries too much of the responsibility for decision-making. And only a third of the organizations had any technological solution for data loss protection (DLP).
Protecting from accidental disclosure
Why do so few companies use DLP technology to keep their information safe and their behavior in compliance? More than half say it’s not a high priority for them. (Which is likely to be true until they suffer the costs of a breach, including the regulatory fines that can hit them.) Many others say it’s too expensive or too complicated. They’re right about standalone DLP solutions — but those products, which often cost in the millions of dollars, are meant to block everything from an accidental leak in email to a disgruntled employee walking out the door with a flash drive full of the corporate assets.
For the accidental data loss that can occur over the network via web or email, though, companies should be able to leverage the same sorts of systems that help them keep the bad stuff out — unified threat management (UTM) systems. But until now, these products have come up short. Either they’ve been limited in their ability to recognize global data — for instance, with only one or two built-in rules for national ID detection — or they’re delivered with no rules at all built-in, requiring you to roll your own! How many of you would be driving your car today if you’d had to build it yourself?! Some products even require you to tag the documents you want to protect with a special “watermark” — if you missed a valuable one, or you accidentally pasted the wrong information into an email message, your loss. (Literally.)
Just as WatchGuard offers with all the security services our UTM platform offers to keep the bad stuff out, we use best-of-breed technology to help you keep the good stuff in. And we let you manage it from a single pane of glass, for one UTM appliance or hundreds.
We’ve looked at security from both sides now — from outside in and from inside out — and the choice is clear: the powerful UTM capabilities of WatchGuard XTM. Request your demo of WatchGuard Data Loss Prevention now! The product will be available in September.