Had a very interesting call today with a client in the pharma research space. They would like to protect clinical study data as it moves to researcher’s computers, but are struggling with the best approach. On the call, I quickly realized that DLP, or a content tracking tool like Verdasys (who also does endpoint DLP) would be ideal. The only problem? They need Windows, Mac, and Linux support.200902241153.jpg

I couldn’t remember offhand of any DLP/tracking tool (or even DRM) that will work on all 3 platforms. This is an open call for you vendors to hit me up if you can help.

For you end users, where we ended up was with a few potential approaches:

  1. Switch to a remote virtual/hosted desktop for handling the sensitive data… such as Citrix or VMWare.
  2. Use Database Activity Monitoring to track who pulls the data.
  3. Endpoint encryption to protect the data from loss, but it won’t help when it’s moved to inappropriate locations.
  4. Network DLP to track it in email, but without the endpoint coverage it leaves a really big hole.
  5. Content discovery to keep some minimal tracking where it ends up (for managed systems), but that means opening up SMB/CIFS file sharing on the endpoint for admin access, which is in itself a security risk.
  6. Distributed encryption, which *does* have cross platform support, but still doesn’t stop the researcher from putting the data someplace it shouldn’t be, which is their main concern.

While this is one of those industries (research) with higher Mac/cross platform use than the average business, this is clearly a growing problem thanks to the consumerization of IT.

This situation also highlights how no single-channel solution can really protect data well. It’s the mix of network, endpoint, and discovery that really allows you to reduce risk without killing business process.