Data loss is something that every organization has experienced for years. In the 80's there was the infamous trash picking case of the janitor at Chrysler’s data center who picked up a green-bar print-out of the salaries of all Chrysler executives just when Lee Iacocca was negotiating major concessions from the unions. That incident set back his re-org efforts and caused a change to staffing procedures at Chrysler’s computing centers: no more union laborers.
But in recent times, thanks in large part to California 1386, we have been treated to the disclosure of dozens of high profile data loss incidents. From Lexis-Nexis to ChoicePoint to Card Services. The direct costs of these incidents is mounting. OhioUniversity paid over $77K to notify its alumni of a hacking incident that exposed their Social Security Numbers. And the fall-out from the incident appears likely to impact future donations from those alumni. According to this article one alum said:
"You incompetent f---ing a--holes. I will never donate a penny to you."
"I am disgusted with you and will NEVER do anything to help you financially."
And my favorite:
"How could this possibly happen without utter rank incompetence and a carefree attitude toward data security?... I hope your IT staff was fired."
OhioUniversity has more headaches in front of it as they deal with the discovery that at least two more data breaches have occurred.
I interviewed John Amaral - Vice President of Research and Development for Vericept for this week’s ThreatCast. He shed some light on what data protection solutions do. Basically they monitor the network to identify when things like SSN’s are leaving the network. Most solutions can block the leakage as well. John told me they see all sorts of issues when they do evaluations for prospective customers all the way from customer lists being sent to personal email accounts to a prostitution ring that was being run from servers at one company.
I am on the lookout for leading indicators in the data protection space. The primary indicator that this space is going to grow is that the vendors tell me most of their customer wins come from organizations that have experienced some sort of data loss incident. In other words the industry is looking for a solution to an existing painful problem.
This ThreatCast interview can be delivered directly to your desktop or MP3 player if you're subscribed to my ThreatCasts. (See ZDNet's podcasts: How to tune in.)
Theme music for IT-Harvest ThreatCasts used with the permission of Hyperion Records