KENSINGTON, Md. -- Ask Steve Jones what kind of ROI he expects on the $30,000 or so his CU is plunking down for a data-leakage prevention system and his answer is simple.
"I just point to the newspaper and say it's priceless," says the CTO at Signal Financial Credit Union in Kensington.
The $254 million CU has invested in a set of three CI-750 content-inspection appliances from Code Green Networks Inc. of Santa Clara, Calif. Signal Financial is one of the first users of the new devices, a downsized version of the CI-1500 first released last year by the Silicon Valley startup.
Like all hardware/software inspection systems, the Code Green solution is aimed at stopping account details, Social Security numbers and other potentially compromising or identifiable information from leaving the scene.
The smaller units are scaled to handle real-time scanning and blocking of ingoing and outgoing data traffic, whether it be wireless, through flash drives or over the Internet and in hundreds of file formats, ranging from CAD drawings to e-mail.
"E-mail, of course, is the big concern for us. It's so easy to inadvertently send out something you shouldn't, especially when you just hit 'reply' or just even start typing, the way Outlook remembers names and just finishes typing them for you," Jones says. "You can easily send something you shouldn't, and to the wrong recipient."
While they're hardly alone in the field, the data security experts at Code Green found something new to put in their appliances: the ability to also scan mail in the popular Web mail services from such services as Google, MSN, AOL, Yahoo! and Microsoft, the company's marketing chief says.
"That one is a big challenge," says Brian Czarny, Code Green's vice president of marketing. "Right now there's not a lot of option for most organizations beyond taking draconian measures such as simply cutting off access to all Web mail services."
Czarny says his company's device can scan mail going out on those services and save them for future discovery and auditing purposes, and also stands alone in its ability to prevent identifying information from being posted on blogs and wikis.
"We're the only ones doing that right now that I'm aware of," he says.
Czarny says his company, created by the founders of Sonic Wall, has about 100 deployments out right now, mostly of the larger units, including at several credit unions. Compliance issues and concerns about the negative impact of data leaks are driving business, he says, as organizations see the need to integrate content inspection into their IT security arsenal.
At Signal Financial, Jones says he's had no integration issues with his core processing system from USERS Inc. once the devices recognized the home banking security certificate, and that the system has been intuitive, allowing him to do such things as customizing alerts and excluding from routine examination such things as an internal subnet and data transfer to trusted entities like the Federal Reserve and the CU's payroll vendor.
Jones currently has one of the appliances deployed on the CU's main network, one on its backup system and a third at its disaster recovery co-location.
He says no real threat or incident prompted his recommendation to go with the content-inspection system, "but it was just something I've had in the back of my head for a while."
"And we're not mandated yet for data-leakage prevention, but I think we will be in the near future when technology like this becomes more prevalent and affordable. I think the NCUA will then take the same path with this as it did with intrusion detection rules.
"Besides, it's the right thing to do."