Information Leakage Prevention: how to set up a security level for enterprise data?

As I emphasized in the previous two articles: Information Leakage Prevention should be intercepted as many channels as possible to form a complete and comprehensive management system to reduce the possibility of leaks from the source. Therefore, in addition to document ERP, PDM, OA and other systems, if the security protection of application servers is taken lightly, it may cause huge losses. Some enterprises have been "hurt. In addition to permission management and outgoing sending management, data protection cannot be ignored by enterprise information managers. Most of the company's core secrets, such as design drawings and sales data, are stored inCase Analysis:D. Enterprise D is a manufacturing enterprise. The massive amount of internal information is stored in such enterprises as ERP, PDM, and OA. After the event, enterprise E sued Company M for illegal intrusion into the Intranet, however, the loss of some markets and huge potential benefits have become an indisputable fact. After this incident, E's managers no longer dared to remain indifferent to the Data Protection event. Enterprise-level management system. During normal work, internal staff can upload and download data freely, and even foreign visitors can access some data. It is no exaggeration to say that "Information Security Protection" is just a slogan in Enterprise D that is pasted on the wall. The company's interests have finally suffered a heavy hit by the fluky mentality and preventive behavior of information managers. This is the case. E employees downloaded an important sales data from ERP to their computers and shared it with B, a friend who served M Company. Since the document did not carry out any control settings, the sales data was transferred to the M senior management. M's senior management then attempted to access D's enterprise application server to obtain more data information. The access was successful! Subsequently, company M strictly analyzed the collected data, quickly adjusted its sales plans, and launched a violent attack to the weak market area of Enterprise E. E enterprises suddenly realized that half of the region had been occupied by M companies.Solution:Data protection on application servers has always been a major event, so we must pay attention to it in terms of consciousness. When implementing specific measures, you can consider deploying them according to the management philosophy of the IP-guard security gateway. The IP-guard security gateway controls the computers that access the server to prevent leakage of confidential information on the server. D. The problem occurs on the application server, so it has a good reference significance for the enterprise. First, the IP-guard security gateway, in conjunction with the client, implements automatic decryption when user documents are uploaded to the server, and downloads them to the local for automatic encryption, prevents important documents from being leaked on the server while ensuring the normal operation of application system functions. The employee downloaded the encrypted document and could not use it even if it was illegal. In addition, identity authentication is performed on the computer accessing the application server. Only authorized users and programs can access the server to obtain data and cut off the leak channels of external visitors. Finally, the enterprise's application management systems are different. Apart from ERP, PDM, OA, PLM, SVN/CV, CR, and so on, the archive and security conflicts should be resolved, it is best for CSG to support multiple types of servers. In this way, the internal and external prevention measures are combined to hold the big camp of Information concentration and firmly control the confidential information of enterprises. D. The above tragedies of enterprises can be avoided, and the interests of enterprises can be protected from harm.Event reflection:D. Leakage events of enterprises are enough to attract the attention of enterprises with the same or similar problems. This not only indicates that the data protection consciousness should be strengthened from top to bottom, but also indicates that data protection should be implemented quickly. Although enterprise information leakage prevention management is a multi-faceted topic, there may be different answers in different enterprise environments. However, its main management line will not change, that is, starting from the internal and external dissemination of documents, application servers, and mobile office, with permission classification and encryption technology as the means, include internal and external personnel in the scope of control, so as to establish a triple protection system that combines audit, control and encryption. This is my personal opinion I have summarized from numerous case studies. It is also the idea of Information Leakage Prevention that I have always advocated and the core principle of IP-guard.