Can data breaches be stopped, really? This was the question posed by Larry Ponemon, chairman and founder of the Ponemon Institute, at the start of a panel discussion I attended at the RSA Conference last month. Experts on this panel seemed to agree on one answer – No.

The tongue-in-cheek response from James Christiansen, Evantix CEO and CISO, brought a room full of laughter when he said, “Yes, you just need to put the computer in a safe and bury it 30 feet underground.”

Jon Oltsik, an analyst at Enterprise Strategy Group, equated the situation to the war on drugs, “Border control may be able to capture some on the borders, but the problem continues to escalate and keeps getting bigger.”   John Townsend, Manager of Information Protection and Security, DTE Energy commented, “If we use the wall analogy, rather than having a brick fence what we now have is a chain link fence. While we have made some inroads, people are still not taking security seriously enough.”

In the past few days, we’ve heard a surge of customer requests on how best to manage the risk of data-breach from malicious insiders or well-meaning insiders.  The latest data breach events making headlines are an obvious driver behind much of this concern. Security practitioners today are confronted with a large complex threat surface of exposure of confidential information: data left on laptops, information copied to USB devices, stored on smartphones, posted on blogs, burned to CDs and DVDs, and sent via IM and e-mail.  The consequences for loss of this data are already quite severe including regulatory fines/sanctions, brand damage, and customer attrition.  For many practitioners, the recent press indicates a further escalation in the consequences of breach of sensitive data.

Conversations with customers on this topic have been quite interesting and in this post I’d like to share the broad outlines of the countermeasures we’ve discussed with them.  The primary defenses we’ve worked out with our customers include: