• 03/15/2008
    4:02 AM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Your Data And The P2P Peril

Usher, 10,000 BC, and your company's confidential spreadsheets could all be out there for the world to grab. Here's how these data leaks happen and what you can do to

Tiversa conducts searches for customers to see if it can find their data on P2P networks, then shares what it turns up so they can take corrective action. In fact, one way it gets the attention of potential customers is to conduct a search for information related to those companies, then request an appointment with the chief security officer or CIO to present its findings.

Tiversa has about 20 business customers. That's not a lot, but they're blue chip accounts, some paying upward of $1 million annually for its services, which include conducting searches in a variety of languages, doing forensic analysis of its findings, and assigning risk levels to content. It has begun aiming at a wider range of industries and at midsize companies. Tiversa even offers a consumer version of its P2P-monitoring service for an annual fee of $24.95 to protect against identity theft.DANGER EVERYWHERE Cigna has been using Tiversa's services since last year. Cigna prohibits use of file-sharing software on company PCs, but CISO Shumard knows that's not enough to stop the problem. With 10 million health plan members and 550,000 partners, Cigna has to worry about file sharing outside its firewall as well.

Cigna used to do its own P2P monitoring, and Shumard's done a bit of the investigative work himself. "I was shocked by some of the information I've seen out there," he says. But Tiversa casts a wider net, and its search-term data can be revealing. Shumard was surprised to learn that an anonymous P2P user was searching for information on an obscure Cigna business interest. "Why would someone be searching for one of those names?" he says. "Somebody's obviously fishing for something." He suspects a competitor was trying to dredge up information on the company.

To better understand the movement of private data over P2P networks, Tiversa has conducted a series of "honey pot" experiments in which it exposed files, then waited to see what would happen. One test involved a $50 cash card with the file name creditcardnumbers.doc. Within a day, the file was grabbed 28 times and the funds depleted. Other honey pots were set up with executive documents, HR files, IT-related material, and consumer data. The end result was always the same--wide and rapid file distribution on P2P networks around the world.

Cigna's Shumard knows the danger of a P2P leak.

Cigna's Shumard knows the danger of a P2P leak
Researchers at Dartmouth's Center for Digital Strategies last year published the results of their investigation into inadvertent data disclosures on P2P networks, which involved a seven-week study of P2P search terms related to 30 major banks. The study was done with funding from the Department of Homeland Security and assistance from Tiversa. Factors influencing a bank's vulnerability included global brand recognition and number of employees and customers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments