Data loss prevention addition to CIBIL's security arsenal

By Yuga Chaudhari, Principal Correspondent 27 Oct 2009 | SearchSecurity.in

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

"Since we are in the information business, we provide Internet access to our employees. However, the introduction of Internet usage has brought in newer data theft and data leakage issues," says Sudesh Puthran, the chief information officer of CIBIL. "So the challenge for our IT team is to create a scenario which will discourage employees from sharing the company's confidential data. We have to give Internet to our employees since they need to access information. But how do you regulate and monitor that usage? Content filtering on official mail is a very obvious measure, which is already in place," says Puthran.

With the DLP module in place, CIBIL's IT team can perform random checks on employee chats. The objective is to search for confidential data being shared — intentional or unintentional. The team also goes through social networking sites browsed by employees to evaluate patterns and conversations for possible data leaks. It also provides a mechanism to restrict employees from downloading and uploading attachments.

After evaluating the DLP technology for a month, the project went live in October 2009. The company uses a UTM from Gajshield, which was deployed four years ago.

CIBIL has been ISO 27001 compliant for the last four years. It started off with being BS 7799 compliant, and then upgraded to ISO 27001. "As an ISO 27001 certified company, we have a clear-cut security policy and user guidelines which necessitate Internet usage only for official purposes. So it's an open fact that it's a sensitive corporate issue, which will be monitored. Hence we did not have any post-deployment challenges," Puthran says.

CIBIL is evaluating various technologies to help identify inappropriate database usage. "We have massive amounts data which need to be protected. We plan to deploy another UTM to monitor the database. Evaluations are currently underway," says Puthran.

Tags: Data loss prevention technologies,  Enterprise risk management strategies,  Business compliance management,  Network and endpoint security tools and technologies,  Hacking countermeasures,  Risk Management Strategies,  Network Security Tactics,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data loss prevention technologies Information rights management helps L&T protect its knowhow Interest in data leakage protection, event log management rises Considerations for buying and implementing DLP solutions Data classification as an insurance to protect information Security trends for Indian organizations: The 2010 edition Leveraging DLP to gain customer confidence: The Cognizant way IT (Amendment) Act, 2008 has information security market on toes Using data loss prevention software to comply with new HIPAA policies Basic Database Security: Step by Step How Windows servers get hacked Enterprise risk management strategies Contingent controls complement business continuity, DR How to address HIPAA data encryption security challenges Vulnerability management gets in-house treatment at AXA Business Services Gartner's server virtualization security risk list Noted cryptographer on SSL, encryption and cloud computing What's a risk management strategy worth to your S&P credit rating? ISO 27001 certification: Preparation in four steps Two factor authentication gets token agnostic at Central Bank of India Considering two-factor authentication? Do cost, risk analysis PCI tokenization push promising but premature, experts say Business compliance management How to address HIPAA data encryption security challenges Vulnerability management gets in-house treatment at AXA Business Services Noted cryptographer on SSL, encryption and cloud computing What's a risk management strategy worth to your S&P credit rating? ISO 27001 certification: Preparation in four steps Two factor authentication gets token agnostic at Central Bank of India PCI tokenization push promising but premature, experts say Information rights management helps L&T protect its knowhow Voice data security risks on the rise, say experts Firewall audit tools aid compliance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary knowledge process outsourcing (KPO)  (SearchSecurityIN.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary