In our last post we finished our review of DLP content discovery best practices by discussion rolling out and maintaining your deployment. Today we’re going to focus on a couple of use cases that illustrate how it all works together. I’m writing these as fake case studies, which is probably really obvious considering my lack of creativity in the names.
Chris Pepper, Master Editor, pointed out something I missed. If you memorize an encrypted network, your iPhone won’t connect to an unencrypted one with the same name, or one with a different password. Thus unless the bad guy knows your WPA passphrase (you’re not dumb enough to use WEP, are you?), you can memorize your home network and not worry about accidentally connecting while wandering around, even if it’s still called “tsunami”.
In Part 3 of our series we finished our review of the technical architecture and selection; now we’re going to delve into best practices for deployment. We will focus on setting expectations, prioritization, and defining your internal processes. The main obstacle to successful deployments isn’t a technology weakness, but rather the failure of the enterprise to understand what to protect, decide how to protect it, and recognize what’s reasonable in a real-world environment.
Update: See Update To The iPhone Security Tip. Encrypted networks are safe to remember.
The other day I was wandering around San Francisco on a work trip, and I freaked out when I noticed the WiFi indicator on my iPhone was showing an active connection to some random network. I never have my phone set to connect to unknown networks, so I quickly jumped into the settings to see what the heck was going on.
Had another one of those real world experiences today that was just begging for a blog post. A couple hours ago I was driving down the highway on my way to my physical therapy appointment when I saw a rollover car accident on the side of the road near an on-ramp. There were a bunch of bystanders, but the first police officer was just pulling up and there was no fire or ambulance in sight.
I was driving around listening to Car Talk on NPR this weekend, and it was an incredibly insightful lesson on risk tolerance and risk perception. I tend to do a lot of errands over the weekend around that time, so I usually catch 20-40 minutes of it every week as I’m in and out of stores. Pretty much every week you’ll hear things like:
It took a little longer than expected, thanks to me being totally swamped post-surgery until now, but let’s congratulate our winners of a free year of Debix identity theft protection: myemailisvalid, Jay, and Brett.
I was reading one of Alan’s posts over at StillSecure, based on the Lending Tree debacle. He starts with a bit I totally agree with:
I know what’s running through your head right now.
“WTF?!? Mogull’s totally lost it. Isn’t he that data/information-centric security dude?”
Thanks in large part to the Attrition.org data loss database, there’s recently been some great work on analyzing breaches. I’ve used it myself to produce some slick looking presentation graphs and call attention to the ever-growing data breach epidemic.