Code Green Networks
Morrison & Foerster
Sidebar: Types of Content Leaks
PortAuthority has identified three main types of content leaks:
Unintentional or accidental: Someone sends an email by mistake to the wrong person and sensitive information gets into the wrong hands. He estimates that this accounts for 80% of all leaks.
Intentional: Somebody knows they are doing something wrong but still does it. For example, a loan officer at a bank sends private data about a loan applicant to a broker for a referral fee. This person knows he shouldn't be doing it. Other common intentional leaks may be an employee sending internal documents such as a customer list to his/her own email address before leaving the company, or an engineer downloading source code to a flash drive. He estimates this accounts for 15% of all leaks.
Malicious: The motivations are driven by profit and greed. The person uses sophisticated methods to steal information and take it with them. May use data manipulations to avoid being detected. He estimates this accounts for 5% of leaks.
Sidebar: Code Green and Signal Financial Federal Credit Union
Steve Jones, CTO of Signal Financial Federal Credit Union (formerly Washington Telephone Federal Credit Union) in Washington, DC, says his company is always concerned about protecting its member's private information and that's why he went shopping for a solution like the one he chose, from Code Green Networks.
"We definitely have concerns about our members' data," says Jones. "In our instance, the data we are protecting is actually people's money as opposed to trying to prevent general information from [leaking] out. What we are trying to do and strive to do is ensure that none of our members' personally identifiable information gets out to help prevent any occurrences of identity theft."
Jones says he looked at several vendors, but settled on Code Green because the founders were involved in developing another product he had used for a long time. "A big part of choosing Code Green is that I've used the SonicWALL product for years and I have a high comfort level of them bringing something to market and it evolving as the time goes on as they've done with their previous endeavor." He said he also likes the fact that it's an appliance and that means it's easier to install and maintain.
Jones says he has been very pleased with the results so far and that the Code Green product has done an excellent job of preventing data leaks, especially crucial information such as social security, credit card, and account numbers. When the system "sees" one of these data types, it proactively stops the transmission and effectively eliminates the accidental email or any other leak involving this data.
Code Green also enables Jones to define policies around these types of key data, so that it looks for any document or email that contains this specific type of information. "You can set up policies based on data types and destinations and you can require it be encrypted and password-protected and so forth. To maintain workflow, I can write policies to allow specific instances where a document can get sent." He says the policy writer is a very simple GUI interface.
Jones believes that as technology develops to help protect his network, he is under an obligation to try it out. As he puts it, "If you are ever going to be in the news, you want it to be good news." And when you protect your customer's private information, you won't be in the news for data leaks.