Data protection strategies are coalescing around three general areas: preventing unauthorized access to, or misuse of, information stored in databases; preventing information from leaving the enterprise through common communication channels; and addressing the security of laptops and removable media.
All good ideas, but each has its limitations. For instance, database monitoring products from companies such as Applications Security, Guardium, Imperva and IP Locks raise the bar against a malicious insider looking to get access to valuable data. Administrators can create rulesets to limit the activities of authorized users and applications, alert security staff about suspicious behavior, and in some cases halt unwanted activity. Database-monitoring products also provide an independent auditing mechanism that is outside the control of the database administrator.
On the downside, however, these tools and techniques add a monitoring burden to the IT security staff, require training, can generate false positives and, depending on the architecture, may miss malicious behavior entirely.
ILP (information leak prevention) systems monitor content being sent outside the enterprise through common methods such as e-mail, Web mail and FTP. They are useful for protecting sensitive information that resides in Word documents and spreadsheets, and can be configured to detect information such as Social Security numbers. These products are useful for enforcing corporate policies about the kind of information that can be transmitted outside the organization. They can also help discover where sensitive information resides throughout the enterprise--a key feature in the age of distributed data.
However, these systems aren't foolproof: An insider could simply bring home sensitive data on a laptop, or copy it to removable media. And, the system will only be as effective as the data profiles it's configured to look for. Finally, a human analyst is required to investigate when the system detects information being sent out of the enterprise, which will require IT resources.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.
Amid ongoing regional uncertainties, telecom infrastructure in the Middle East has expand to include terrestrial low-latency network infrastructure, which offers resilience and agility in navigating political complexities without relying solely on undersea networks.
