As an analyst, I get a truckload of vendor email trying to convince me how great various security products are. The DELETE key often serves me well, but today I got a message that caught my interest:
“Ultimate Data Loss Prevention for SAP: www.DLP4SAP.com”
Having recently done a fair amount of data leakage prevention research, I thought to myself, “There’s a DLP tool for SAP?”
Looking more closely, it turns out the technology in question is a biometric authenticator. Basically, they’re claiming that better authentication will thwart leakage.
NO, NO, NO!
Talking with clients, the number one concern with leakage is employees inadvertently (or intentionally, in some cases) causing data to go to the wrong place. This is information the employees work with each and every day. In other words, these are authorized users either doing bad things or just making mistakes. But in either case, they’ve already been vetted, authenticated, authorized, etc. The problem isn’t to do a better job of figuring out who they are, but controlling how they use the information. Authentication has nothing to do with it.
I refuse to believe that bioLock doesn’t understand this. Which means they are blatantly (mis)using the DLP tag to get attention for their solution.
That really annoys me!
(By the way, I’ll freely admit that lots of vendors do this – bioLock just happened to catch my attention today.)
Comments