Co3 Offers New Approach to Data Loss Management

Let’s face it -- at some point the tools you’re using to prevent data loss won’t be enough and your data will be breached. It’s not if but when, and it can occur because of a concerted hacking attack or because an unsuspecting user responds to a Facebook message from a “friend.”

Co3 Systems has released a new service that helps your enterprise prepare for such events and better manage incidents when they occur (and they will).

“To date, most enterprise security approaches look at guarding against breaches in the first place, what we call a ‘pre-incident’ approach,” Ted Julian, chief marketing officer at Co3 Systems told me. “Now there’s an emphasis on regulatory compliance -- doing what you have to do when the breach occurs. It’s a ‘post-incident’ solution.”

Compliance regulations are growing more complex. You must use different letter templates to disclose credit card exposure depending on what state the customer lives in. Julian points out that there are 46 states, three commonwealths, and 14 Federal agencies that you may have to deal with. Even for most enterprises with a bevy of lawyers or compliance officers to steer them though the crisis, compliance can be daunting.

Co3 Systems has introduced an automated way to handle data loss. Using the Co3's software-as-a-service application, an enterprise answers a few simple questions about a potential data loss event (for example, a lost laptop) using an online wizard. The systems maps the event characteristics to its knowledge base and generates a report on the potential exposure and impact so you’ll know what you have to do. It can also estimate the liability of such a situation, which may be the jolt your executives need to increase their security investment.

In the event of an actual breach, the program can generate a detailed incident response plan that lists the tasks your enterprise must complete. These aren’t generic “contact your customer” directives. Instead, the system will explain that you must "notify the CEO" to "send consumer notification letters to Massachusetts customers." It provides a link to the regulatory language that triggered the task, explains the contact information, provides a template of the notification letter -- whatever you need to do to stay in compliance. The Co3 system includes a lightweight project manager for assigning tasks and tracking progress.

A press release from the company claims that “early engagements suggest the time savings and resource focus alone can save as much as $50,000 per incident.” Whether that’s a reasonable estimate or not, it certainly can eliminate the “What do we do now?” panic many organizations experience when they’re attacked.

The company is offering a free 90-day trial version, with initial pricing for the service at $450 per month; this includes unlimited events and one full incident. Other plans allows for more incidents per year.

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 09/13/2011