Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with Ryk Edelstein

August 2007

 

 

Interviewee: Ryk Edelstein, Director of Operations, Converge Net Inc.

 

Subject: Monitoring data flows to ensure compliance

 

 

Nymity: Can technology monitor data flows for policy violations?

 

Edelstein:  Yes. As networks grow in complexity and the volume and types of communications broaden, automated data loss prevention technology is becoming more commonplace as a reliable way to monitor, identify and address policy-based violations in network traffic. This traffic may include e-mail messaging, chat and file transfers in an organization’s data communication infrastructure, whether it is local within a single office or a distributed network spanning many regions.

 

Data loss prevention tools pervasively monitor traffic flows, classify the type of information, and determine the source and destination; they can even identify the elements of policy that a particular communication violates.

 

Nymity: Is it possible to monitor network data flows to identify personal information?

 

Edelstein:  Data flows are one of the most reliable means to monitor communications and also ensure policy compliance within zones. In enterprise communications, information can be present in a number of states: data at rest, as would be stored on a work station or server; data in transit over a private network, such as communications within the limits of the corporate network; and data in transit over public networks.

 

In each state, established policy would determine the means to protect this information according to the level and type of potential risk. With automated data loss prevention technology, policy requirements can be programmed into the monitoring application so that it reacts to certain defined violations monitored anywhere specified on the network. The response could be as simple as reporting the violation to a designated compliance manager or it can invoke specific rules such as the forced encryption of confidential communications to the intended recipient so that only the sender and receiver are able to access the contents of the communication.

 

Monitoring activity at the network level is one of the most accurate ways to identify the source and destination of the data flow and deliver empirical evidence of a violation. Furthermore, as the monitoring for policy violation is automated, and no person is exposed to content, the content may become visible is policy is violated. Employing rules established when the policies are defined in the monitoring technology, typically only information specific to the event and the nature of the alert will be presented to general event management staff. The visibility of the content will only be made visible to specific parties who are authorized to view and manage such events.

 

Nymity: Once a policy violation is identified, can the usage or disclosure be identified?

 

Edelstein:  Once a policy violation is recognized, not only is the source and destination of the event identified, but the actual mechanics of the violation can be ascertained. This enables compliance managers to validate whether the occurrence was intentional or whether the violation was due to user or application error, a virus, malware, or other threat.

 

Automated data loss prevention technology includes multilevel reporting features which ensure that exposure of the information involved to unauthorized compliance or incident response staff is prevented as only the details of the violation is revealed, not the contents of the actual communications involved. Only compliance managers with proper clearance, as defined in the compliance policy, can view the contents of the communications involved.

 

Nymity: How do organizations monitor policy violations? What departments are involved? Is it labour intensive?

 

Edelstein:  The sheer volume of data traffic generated in an active IT environment requires precise monitoring of multiple, concurrent streams of communications to effectively and efficiently detect suspect traffic or specific communications in real time. The ability to monitor not only application-level traffic between work-stations and servers but internal and external messaging and file sharing as well requires the integration of probes at strategic points within the infrastructure to identify the target data. These intelligent probes are capable of identifying violations defined by the client’s compliance policy. The complexity of this policy and the actions taken reflect the client’s needs, the policies defined, and authorities of the parties involved in incident response.

 

The development of an IT-based compliance solution involves parties who are typically involved in policy development: Legal, Compliance, Security, Human Resources and Information Technology, each with a specific role and responsibility in developing an effective solution.  In cases where legislative or industry compliance requirements are to be monitored, many of the current data loss prevention (DLP), compliance, risk and vulnerability management technologies on the market provide “out-of-the-box” templates to assist in customizing these tools to achieve specific objectives. These features greatly reduce the time required to put a monitoring solution in place.

 

Typically, those involved in deploying these solutions will be a team comprised of IT-oriented compliance staff to customize the policies and IT networking and security staff to position and install the probes and related management components. The complexity and labour involved are dependent upon the breadth of the enterprise’s IT environment and the complexity of the policies to be supported. In many cases, the mean-time to be up and running using a predefined policy can be as little as a couple days for a single location involving a few hundred users.

 

Deployment of a monitoring solution in a large enterprise is best initiated at a single site where the initial base policy can be established and tested. Once regional policy variations have been incorporated, where required, a global deployment can be implemented and regional monitoring and management centers established.

 

The planning and deployment stages will require a moderate involvement by all parties involved. Guided by a clear vision of what needs to be managed, the most labour intensive stage will involve technical resources to configure the infrastructure for the accommodation of the probes and teams responsible for ensuring policies are reflected in the compliance management system.

 

Once a monitoring solution is in place, alerts will be issued to designated compliance managers, based upon the risk severity level, the parties involved in the violation, and the departments involved in the policy. These alerts can be issued as a ticket to a support desk or to specific individuals by e-mail, instant messaging services, or SMS. The resources required to manage low level alerts can typically be added to an existing support desk environment. Higher level incidents, typically being less frequent, involve response by assigned management staff.

 

Nymity: What are the main business drivers for implementing data flow monitors?

 

Edelstein:  With heightened attention to the need for better compliance policy management, many organizations are seeking cost-effective ways to effectively deploy solutions at the network level which encompass all modes of communication, except voice and postal mail. IT-based monitoring solutions are essential as the complexity of monitoring data communications in real time goes well beyond human capabilities. The technologies employed to keep an eye on data flows incorporate automated, hands-free, pervasive and real-time monitoring of events, where alerts and human involvement are only required when a violation occurs.

 

Businesses which are serious about establishing and maintaining compliance achieve a number of tangible benefits through the use of a recognized compliance technology:

 

  • Reduced audit complexity resulting from an established and recognized monitoring platform;
  • An ability to set out long term compliance management budgets designed to meet predictable management needs;
  • Peace of mind for shareholders and management; and
  • Reduced risk of public exposure.

 

We often see clients seeking PCI compliance or Sarbanes –Oxley compliance in order to satisfy the requirements of US trade partners. Other organizations wish to comply with industry compliance requirements designed to protect trade secrets.

 

Nymity: Do organizations implement data monitoring by department? What are some examples?

 

Edelstein:  Monitoring can be implemented based upon the privacy requirements of specific departments or class of user. In some environments where different classes of content are being monitored, the incident response manager will be presented with details of the event, yet will not be able to view the subject content except where the manager has the authority to view the content. Typically, departmental management is able to view the content, providing care is taken to ensure that the data is not made available to parties that are authorized to view such content under the terms of the compliance policy.

 

In an environment comprised of Legal, Human resources, Accounting, Administration, and other user types, it is normal that the network hosting these classes of users will incorporate a logical segregation of these classes of data traffic. Compliance management requirements for Legal may be different from that of Accounting or Human Resources. By the same token, legal and compliance teams may not have the same monitoring requirements for information flowing between authorized, internal team resources which may contain content that would normally trigger an event alert, yet be entirely normal and legitimate for the type of work being conducted.

 

Nymity: What is the process for implementing data flow monitors?

 

Edelstein:  Once it has been established what policies need to be managed, that these objectives have been aligned to the organization and an incident response structure established, the technical phase is ready to be addressed. As with any project, planning is key to successfully establishing a compliance monitoring and management program. One of the most important stages in planning an effective deployment is the review of the physical and logical diagrams of the network, followed by an analysis of the network using packet level traffic analyzers to validate the documentation. Once the collected data has been analyzed, communication flows can be identified and the information necessary to implement the monitoring points can be established.

 

Once all the elements of the planning process are collected and reviewed, and the monitoring points have been established, a compliance model can be developed specific to the type of data to be monitored. With a clear evaluation of the dynamics of the IT and communication models, we would then be in a position to discuss what can be managed, how it can be managed, and identify the technologies necessary to achieve the client’s compliance objectives.

 

The technology is then procured and applied. Policy is then incorporated into the equation, and the incident response structure is created. Once established, the technology is tested and, when operating as desired, the response desk is trained. The model is evaluated under live conditions with Converge Net staff present to ensure that both the technology and the response model are meeting the required objectives.

 

Nymity: In closing, how does Converge Net help organizations interested in monitoring data flows to ensure compliance?

 

EdelsteinConverge Net leverages its experience as network specialists; more specifically, our expertise as network analysts to help clients eliminate the guesswork when implementing compliance and data loss prevention initiatives. Our approach is founded on the philosophy “You cannot manage what you cannot see.” Our ability to “see” into data communication streams reassures our clients that they are using the right technology for the right job; and, in the case of the deployment of compliance and traffic management projects, we ensure that the positioning of their monitoring probes are strategically installed to provide an accurate and complete solution.

 

In short, we design effective monitoring and compliance solutions that are based on empirical data, and not on assumptions.

 

No other company that we know of has effectively adopted this analysis model. Most solution providers do not have the analytical expertise that Converge Net has; many consider the analytical process as far too complex. Add to this a severe shortage of packet-level analysts and their ability to successfully emulate our approach is difficult at best.

 

 

For More Information

 

To learn more about Converge Net, visit www.Converge-Net.com

 

Ryk Edelstein

ryk@converge-net.com

514.939.2163

 

  

 

 

 

 

 

 

 

 


Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY