Real world deployments

How a company uses data-leakage prevention products is unique to the internal culture of the organization, the industry it plays in and what it ultimately hopes to gain from using these products.

MedAvant, the nation's second-largest provider-based healthcare technology company, uses PortAuthority Technologies to ensure that data for more than 450,000 healthcare providers, 30,000 pharmacies, 500 laboratories and 100,000 payer organizations is secure within the MedAvant network. MedAvant's most important use of PortAuthority is monitoring and enforcement for compliance, and it is using the product to block the sending of sensitive information. According to a MedAvant spokesperson, a key factoring in choosing the PortAuthority product is that it can block the sending of sensitive information via any communication channel with false positives of less than 1 percent.

Boston College went with Fidelis's DataSafe product. "It gives us the ability to implement granular policies to protect our sensitive information without compromising the information sharing critical to an educational institution," says David Escalante, director of computer policy and security at Boston College.

Mark Moroses, senior director of technical services at Maimonides Medical Center in Brooklyn, N.Y., says that its built-in features to help the hospital comply with HIPAA regulations and its ability to do pixel analysis for identifying pornographic content were deciding factors for the hospital's choice of the Reconnex suite of products comprising iGuard, iController and iManager. Moroses says the choice was also an economical one as Reconnex representatives priced the product within the hospital's budget. In addition, the Reconnex 48-Hour e-Risk Rapid Assessment network-monitoring evaluation provided Moroses with an assessment of the insider risks and exposures that might require additional investigation.

Sharon Finney, information security administrator at DeKalb Medical Center in Atlanta, says a deciding factor for her choice, ProofPoint, was that its tool ships preconfigured with a specific set of current procedural terminology codes for the healthcare industry.

Audit logs and the courts

Extrusion-prevention technology should be one component of an overall internal and external auditing process, as it keeps an eye toward improving operational efficiencies by identifying internal policy violations; providing more accurate financial reporting; limiting exposure to class-action lawsuits; and complying with applicable industry, local and federal regulations.

But can the audit logs generated by these products help in legal situations involving employees who criminally violate company policy?

While noting that the privacy laws have not really been tested in the courts yet, Gartner's Proctor says the logs and reports generated from these data-leakage products indicate that a corporation is taking effective, efficient actions to maintain privacy practices required to avoid the courtroom.

Kit Robinson, Vontu's director of corporate communications, notes that while Vontu's product logs may trigger an investigation into suspicious activity, its real purpose is to prevent data from being leaked. For real forensic analysis on the data collected by Vontu's product, Robinson points to his company's relationship with Guidance Software, a leading forensics tools vendor.

To illustrate her belief that these products help with the audit process, Vericept spokeswoman Nina Piccinini points to one Vericept customer that faced a sexual-harassment case brought by one of its employees. The employee claimed her boss was leaving pornographic material on her desk and sending her sexually explicit e-mail. By using Vericept's 360§ Risk Management Platform, this customer was able to determine the employee doctored the evidence herself. When the captured information was reviewed with the employee, she dropped the suit and left the company, says Piccinini.