How many touch points? Some of the many touch points on the pathways through which protected data must sometimes travel include Message Transfer Agents (or MTAs, such as Sendmail or Microsoft Exchange); Web proxies; FTP servers; file shares; and data repositories on data center servers and laptops, memory keys, and other media.Cost of Protection Figuring the cost of security is almost always a speculative act of balancing the cost of the barricades against the potential destruction that could be averted by them. In the still highly competitive emerging market for data protection tools, we advise IT managers to bargain with vendors for price breaks, extra training and extensive proof-of-concept installations. However, there are other ways to derive value from a data protection system. Click here to read a review of patch management solution BigFix Enterprise Suite 6.0. Data protection tools can be used as a competitive differentiator. If the organization depends on customer trust, one way to stand out from a crowd is to do a better job of protecting private data than the competitors. Data protection tools also may reduce what we call "audit friction." The effort to comply with an audit can be reduced by automating controls and reports that show the organization is meeting its obligations under the law. IT administrators who effectively assist business-line managers in surviving an audit are indirectly contributing to the bottom line. Data protection tools also can help IT and business-line managers more easily make what are traditionally thought of as tough choices about IT infrastructure. For example, data protection tools usually need an authoritative source of data. To be authoritative, a data source should be unassailable in the face of questions regarding the freshness, correctness and completeness of the collected data. This usually means consolidating databases, directories and file shares. Also keep in mind that these tools should be integrated with help desk or other workflows to ensure that any corrective action that requires human intervention is carried out. For example, a data protection tool can block sensitive information from being sent through company e-mail. A data protection tool can even display a warning message, log a note that an inappropriate use of data was blocked and display a report that documents all these actions. However, at the end of the day, a person is going to be involved in making sure that the end user who initiated the problematic transmission is corrected. This is likely one of the reasons that the data protection arena will remain a quickly changing and ever-challenging field: At the heart of nearly every anomalous data usewhether for good or badis a human being. Technical Director Cameron Sturdevant can be reached at email@example.com. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Some of these pathways, including the movement of data onto physical media, require policyoften in the form of group policy or physical controls to block data from being placed on unauthorized storage locations. IT managers must consider all possible touch points when evaluating a data security tool to see how well it can interpret and block commonly used network protocols to protect data.