Many network administrators would like to imagine that most of the threats to their organization’s data come from the outside. They daydream about a league of technological ninjas that can only be stopped by the IT staff’s superior computing skills and an array of Batman-esque paraphernalia.
Unfortunately, the hard truth is that the greatest threat of data loss normally comes from inside the house. What happens is that someone needs to work on a confidential document at home, and, to save time, e-mails the file to his or her personal account. There are many such opportunities for your own users to do more damage than an entire horde of techno ninjas.
BeyondTrust has been protecting against data loss for almost 30 years. One of the many tools it provides is PowerBroker Desktops DLP, which prevents unwarranted data from leaving a single computer.
We found PowerBroker to be easy enough to install on our Windows 7 test system. We downloaded two “.msi” files that needed to be run in succession — one for the program and one for the snap-in. After a reboot, we launched the snap-in manually through the “Run” dialog. This opened the Local Group Policy Editor, which controls what types of information are passed to the different types of computers that may connect to the local machine.
The interface of the Policy Editor was very intuitive. There is a graphical layout that shows the content sources, how they are tracked, and which policies govern them. Content sources could be defined by file type, context, and specific patterns of data such as credit card numbers. There is a huge section that allows control over database sources by login or specific SQL query.