By Dee Bower
Deputy Director, Product Delivery
Say the words “data spillage” and many assume the reference is data lost to hackers. While data compromised by outside forces is certainly a problem, true data “spillage” also includes accidental and/or unintentional loss of all manner of data, whether classified, unclassified or sensitive.
Ironically, when spillage occurs, the source of this problem typically lies within the impacted organization itself: reliance on manual procedures that raise the risk level of mistakes that inadvertently release sensitive data to the outside world.
It is critical to have an automated system to classify, label and protect data across an agency through enterprise policy enforcement that reduces the risk of spillage.
The average cost of rectifying any such spill: $4.35 million according to the Poneman Institute, an independent research and education organization dedicated to advancing the security of informationon assets and IT infrastructure.
ManTech provides a solution to this challenge: SentrisTM, a Microsoft Windows application deployed by multiple government agencies and put to work every day by over a thousand customers, Sentris holds the power to put potential data spillages where they belong: in the past.
The Sentris Security Paradigm follows three steps that help ensure ironclad security of any and all types of data within an organization:
- Confirmation that the user has approved access to the requested data
- Verification that the network the request originates from is approved
- Proof that the precise location of the requestor’s location is authentic
At the outset, ManTech walks customers through the process of using Sentris. From that point, Sentris takes over and the process of accessing data throughout the organization is fully automated to follow those three rules. Whenever an individual begins to access data from an organization, the Sentris process kicks in, looking for and identifying any anomalies to ensure that the request meets all three criteria – and that the data is not accidentally spilled. Sentris can protect any data and even enforce concepts such as the General Data Protection Regulation (GDPR).
In the realm of data classification, accomplishing such assurance is no small feat when the organization relies on dated or manual processes. Classified information might be made available to a credentialed person even though the transaction occurs on a potentially vulnerable network and/
Compared to classified data, the task of protecting sensitive such as controlled unclassified information (CUI) is a challenge due to the wide span and variety of CUI designation. For example, while personal information is not classified per se, any leakage of data can cause problems. The same may apply to CUI such as human resources information on salaries and benefits, or other internal data that could be highly sensitive if revealed to the public.
Compounding this challenge, CUI might vary significantly from one government agency to another. There is no standard blueprint for CUI that is applicable to each and every government organization. Yet all share the same nightmare scenario: the moment a perfectly honest, but unqualified user’s fingers touch the keyboard, and sensitive data is suddenly in the wrong hands or goes public.
With Sentris on-board, an agency can prevent any such instance from ever happening. Sentris puts the “Controlled” back in CUI.
Want to learn more about Sentris and get started? Go to [email protected]