Offending data highlighted

By Cameron Sturdevant  |  Posted 2008-03-17 Print this article Print

In fact, rather than making it hard to see protected information, Code Green highlights in context the offending information. For example, the credit card numbers that I used in my test data were highlighted in the file in which they were found. So, as Robert Heinlein so aptly put it in "Space Cadet," the question for any organization that uses Code Green's product and others that don't hide this type of data is, "Who will guard the guardians?"

The CI-750, like almost all DLP tools, uses a combination of data fingerprinting and pattern matching to identify protected data.

I went through the process of registering my data by telling the CI-750 to look for confidential content in files in repositories. I was also able to upload specific files for the identification of confidential information, although this is hardly practical for most organizations because it adds a time-consuming step to the data protection process. 

Check out these five steps to secure development.

Data can be either structured data stored in Microsoft SQL Server or Oracle databases, or a file or unstructured data stored in a CIFS, SMB or NFS file share. Confidential data can also be fingerprinted from one of several content management systems, including Documentum's and Stellent's.

I could also register patterns against which to match content moving across my network and could use new data tags to link registered confidential information to policy templates. This did reduce the amount of time I needed to spend when registering data.

New in this version is an effective tool that allowed me to monitor for resumes, earnings press releases and patents without having to register the content beforehand.

The CI-750 can also monitor content for U.S. tax forms and source code in the same manner.

The appliance's Web console is sluggish, but it provided reporting adequate for seeing what was happening in my network transmissions.

Most shops will get the Code Green appliances from a reseller, so here are some issues you should include in an RFP to ensure that you'll get a competent implementation and configuration.

First, the CI-750 comes with about 20 default policies. Ask the reseller if it has experience creating policies and which ones apply to your business.

Next, the CI-750 is only for content inspection. It must be integrated with either Cisco's IronPort PXE or Voltage Security Networks' appliances for e-mail encryption. And, companies that want to block Web and network traffic will need to get an additional ICAP (Internet Content Adaptation Protocol) proxy from a provider such as Blue Coat Systems. If your company needs these kinds of capabilities, ask the reseller if it has experience putting the whole package together.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel