The problem of content routing | InfoWatch

You are here

The problem of content routing

One of the problems in protecting an information system is the monitoring of almost-legitimate transactions. One document, sent over two different channels to the same user, or even to two users using the same channel could be a difficult case to tell apart.

For example, suppose I am a client with Bank A. I see some odd charges to my account that I would like to discuss with the bank, and I get in touch with their customer service. Customer service operator number 117 gets in touch with me, and I ask him to send me my most recent statement of account. The operator sends it to me by email, going through the DLP system monitoring the transaction. Now, if the system ignores the letter based on the fact that he is an operator and such a transaction is legal, the operator can send my statement of account to anyone else, so long as he is using email. If the system blocks it, however, the operator is unable to do his job.

Therefore, the system must focus on the recipient, as well as the content. But let us take our example further. We have agreed that our operator is able to send only my statement only to me. However, the system is still insecure. What happens if the operator sends me the statement by posting it on my facebook in plain-text format? The bank’s security is compromised, their reputation tarnished and all hell generally breaks loose. As such, we must monitor the channel as well as the recipient and the content.

Yet, we have missed one step in our example. We are monitoring the right channels, the right recipient is chosen and the right document is sent. However, our system still does not check a significant part: the sender. Should someone but my operator be able to send me my statement, the system has been compromised and someone without proper authorization has had access to my account.

Therefore the message should only go through if all four sections are confirmed: the sender, the recipient, the channel and the content. This is what is meant by content routing.