Best Practice Guide to Minimizing Your Insider Risk

Executive Summary
In todays increasingly collaborative and always-accessible working environment, organizations are challenged to balance the need to put information at the fingertips of productive workers with the responsibility to preserve the privacy and integrity of sensitive data stores. Balancing productivity with security is a fine line, but by taking advantage of the right best practices, your organization can go a long way toward minimizing insider risk and protecting data.

February 2010
WP-EN-02-24-10

Best Practice Guide to Minimizing Your Insider Risk

Best Practice Guide to Minimizing Your Insider Risk

With the average data breach costing organizations $202 per record, a better way to strike that balance must be determined1. Unfortunately, at the moment, most data transfers off the network remain uncontrolled and unmonitored. In fact, the most recent survey data shows that only 25 percent of organizations currently use data leak prevention tools, just 25 percent encrypt portable media and less than 50 percent encrypt laptops 2 . Data still flows freely through unsecured endpoints, USB storage devices, P2P networks and Web 2.0 applications. And this fast-and-loose atmosphere has bred uncertainty about and antipathy toward organizational data policies, emboldening malicious insiders to steal and allowing well-meaningbut-clueless ones to use unauthorized and illegal applications that open endpoints to external risks and expose them to performance issues that drain support resources.

place to keep the bad seeds honest and the good ones from slipping up. Because the fact of the matter is that security awareness training alone is not going to mitigate the risks. The most recent security research conducted by Ernst & Young found that though many organizations have some sort of awareness training, the bulk of these programs were missing important elements, and less than a quarter of organizations even had any kind of metrics in place to track their success anyway. And thats not even considering the fact that no amount of awareness training will stop a malicious insider who knows hes not being monitored.

Why You Should Mitigate Insider Risk

Borderless Enterprise
Data has become decentralized through dispersed and heterogeneous supply chains, outsourcing and a mobile workforce. Meanwhile, workers require collaboration and productivity technology dependent on corporate data access.

Are Your Insiders Truly Risky?

Though many executives dont want to believe that their trusted employees and partners would ever put them at risk, the truth is that 75 percent of organizations report experiencing a data breach due to insiders .
3

Insider Mistakes Cost More

A whopping 88 percent 4 of organizations report losing or exposing sensitive information due to negligent insiders. Innocent mistakes like losing removable devices cost organizations a mint in breach cleanup. And downloading rogue programs can open endpoints up to malware and external threats.

No matter how much trust rests with a great team, responsible organizations need to put controls in

1. 2. 3.

U.S. Cost of a Data Breach Study, Feb. 2009, Ponemon Institute Ernst & Youngs 12th annual global information security survey Uncertainty of Data Breach Detection, Ponemon Institute

Best Practice Guide to Minimizing Your Insider Risk

Theft Incentives High, Deterrents Low

Approximately 30 percent of organizations have experienced data loss due to malicious insiders 5 . Its no wonder, considering the attitude of todays typical employee. A recent study of laid-off or otherwise outgoing workers found that 59 percent of
6

media, unwanted applications and introduction of malicious threats.

Manage the data flowing to and from network

endpoints.

Enforce encryption when data is copied to

removable devices and media.

Define and enforce security policies with

global and user- and/or machine-specific rules.

employees who leave or are asked to leave a company walk out the door with customer information. Only 15 percent7 of former employees reported any kind of audit in place to track their possession of data before leaving.

Provide a detailed audit trail of all application

execution and device usage attempts.

Consumerization of IT
Workers bring their own tools and toys to work, such as USB devices and Web 2.0 applications, that may improve productivity but also introduce new threats to your network. A recent study found that 40 percent 8 of organizations reported that employees are able to connect personal devices to the network unchecked, due to non-existent or unenforced policies.

The Cost of Data Leakage

The latest data suggests that the average cost per lost record is now $202, while the average cost per data breach incident is about $6.6 million, twothirds of which is due to lost business 9. In the U.S., even though many states require businesses to notify only people whose personal identity information they lost, new state data security laws are becoming stricter than past regulations. These new laws establish a standard that can be used by plaintiffs in civil suits to argue that a business that lost data was negligent. Organizations that dont comply are subject to unlimited civil penalties under proposed enforcement plans.

How to Mitigate Insider Risk

Endpoint security solutions from Lumension help organizations protect against data breaches and losses by ensuring the confidentiality and integrity of sensitive data.

Protect against data theft and data loss via the

use of unauthorized removable devices and

4. 5. 6. 7. 8. 9.

U.S. Cost of a Data Breach Study, Feb. 2009, Ponemon Institute Ernst & Youngs 12th annual global information security survey Cyber-Ark Software, Ltd. Data Loss Risks During Downsizing, Ponemon Institute, 2009 State of the Endpoint, Ponemon Institute, 2009 U.S. Cost of a Data Breach Study, 2009, Ponemon Institute

Best Practice Guide to Minimizing Your Insider Risk

Best Practices You Can Implement to Minimize Insider Risk

Best Practices 1. Endpoint, Application and Device Discovery: Identify and categorize all How Lumension Helps
Identifies all endpoints, such as servers, desktops, and laptops on the network, as well as all devices ever connected to these endpoints.

applications and removable devices used across the organization.

2. Data Protection Security Policy:

Define a proactive policy that balances legitimate data access needs with proper risk management controls at any level of the organization.

Define a security policy with global and user- and/or machine-specific rules based on specific organizational needs using a whitelist approach. Force the encryption of any data being transferred onto removable devices (such as USB flash drives) and/or media (such as CDs/DVDs). Removable Device/Port Control: Implements forced-encryption policy using 256-bit AES standard ciphering for data flows onto removable devices and media, including USB sticks, CDs, DVDs and more. Controls inbound and outbound data transfers to removable devices and media, including port access such as USB, FireWire, WiFi, Bluetooth, etc. Prevents malware introduction via removable devices and media. Gives power to apply data transfer policy elements, including copy limits, scheduling per user or user group, and file type. Offers flexible enforcement by user or user group, machine or machine group, device or media type, file type, time of day and more. Delivers a whitelist of allowable devices at any level of granularity by device class (e.g., all USB flash drives), device group, device model and/or even specific ID levels. Application Control/Whitelisting: Allows only authorized applications to execute, preventing the execution of unwanted software that your users may download onto endpoints (intentionally or accidentally). Antivirus and Behavioral Analysis: Detects and removes malicious software that users may download onto endpoints and prevents zero-day threats from wreaking havoc.

3. Security Policy Enforcement:

Automate enforcement of your data, device and application usage policies across your entire network, and force encryption of sensitive data flows onto removable devices/media.

4. Audit and Compliance: Automate

logging of all network events related to your data protection policy to provide visibility into policy compliance and violations.

Logs all network events related to data protection policies automatically, including endpoint status, device connection, user activity (e.g., data transfers) and file tracking (including full content shadowing). Automatically generates and sends standard and customized reports for auditing, compliance and forensics purposes, including tracking of administrative activities. Scalable client-server architecture with a central database facilitates load balancing and distributed control. Kernel-level, tamper-proof agents install on every endpoint on the network, and protect themselves against unauthorized removal. Fully supports both Windows Active Directory and Novell eDirectory/NDS structure.

5. Flexible/Scalable/Secure Design:

Control and enforce endpoint policies throughout the organization using tamperproof agents on every endpoint on the network and integration with existing directory services.

Best Practice Guide to Minimizing Your Insider Risk

Key Lumension Solutions

Lumension Data Protection

For More Information

Visit our Minimizing Insider Risk Resource Center, which is designed to help your research efforts and guide you through key strategies to ensuring the protection of your vital information without impeding productivity.

Policy-based enforcement of removable device use to control the flow of inbound and outbound data from your endpoints.

Discover every removable device ever

connected to your network

Assess the risk of unauthorized devices and

data flows across your organization

About Lumension
Lumension Security, Inc., a global leader in operational endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Compliance and IT Risk Management offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Ariz., Lumension has operations worldwide, including Virginia, Utah, Florida, Texas, Luxembourg, the United Kingdom, Germany, Ireland, Spain, France, Australia and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at www.lumension.com.

Protect your information by defining and

enforcing user, device and data control policies; forcing encryption of data being transferred to removable devices/media; and preventing introduction of malware

Monitor device and data usage practices, and

adapt to changing business needs

Generate reports that prove policy and

regulatory compliance

Lumension Endpoint Protection

Combines proven antivirus technologies and innovative application whitelisting to establish a trusted endpoint environment to stop unwanted change, neutralize security threats and prevent sensitive data from escaping.

Scan for and remove all known malware Define and enforce a trusted application
environment throughout the organization

Protect against known and unknown threats Reduce IT support volume and increase enduser productivity by eliminating unapproved applications

Show proof of compliance by providing a

detailed audit trail of all application execution attempts
4