Monday, July 16, 2012

Honeytokens being used in real world

Very interesting case of honeytokens deployment in  this Network World article today. Here's what they did:

Here's what happened. We use as the single repository for information about all of our current customers, potential sales opportunities, sales forecasts and more. It's all highly sensitive material and not anything we'd like our competitors to get their hands on.

That's why one of our marketing executives was worried when she called me into her office earlier this week. She had received a marketing email from one of our competitors. The interesting thing about this email was that it was sent to all of the dummy, or "honey token," email accounts that we had set up in Salesforce for testing purposes. The implication was that the email had also gone to all of our legitimate customers and that this competitor somehow had gotten access to the information in our Salesforce deployment.


XaaS, cloud services in general are a fertile terrain for honeytokens deployment. Don't forget them as tools to complement your DLP strategy!

No comments:

Post a Comment