Information security has matured in many ways though. Some good, some not so good. For starters, technologies such as firewalls and antivirus applications have become commoditized. There is often very little practical difference from one product to the next and they all have virtually the same success rate, so the perimeter is safe. Unfortunately, as mobile computing and portable storage devices have taken off, the perimeter has disappeared and the line between inside and outside the network has been all but erased.
The battlefront has moved now. Week after week there are stories of security breaches and lost laptops compromising millions of credit card numbers, social security numbers and other private information. Regulatory and private-sector mandates such as Sarbanes-Oxley, HIPAA, or the credit card industry’s PCI Data Protection standards require that companies control and protect sensitive or personally identifiable information. It is imperative that companies be aware of the data that is leaving their network.
Ben Rothke, a New York city-based security consultant with INS, notes that information leakage is a significant issue since we have a perfect storm of very curious people, ubiquitous high speed internet access, and overall poor security on the servers storing that information. “When you put those three factors together, they combine to create the situation where confidential data can be quickly leaked and shared with an enormous amount of information. Once the data is shared in such a manner, it is effectively impossible to get it back in a secure state."