The data discovery and identification aspect of data loss prevention (DLP) capability is just the beginning. Once you know what data you have and where it lives, you’re finally in a position to accomplish two crucial things:
Data loss prevention (DLP) is a powerful security tool. So powerful that it’s tempting to try a broad, pervasive implementation. But this can backfire into a flood of false alerts — unless you first think through your DLP strategy:
The first part of a data loss prevention (DLP) implementation involves inventory. Of your data, that is — because, quite simply, you can’t protect it if you don’t know it’s there.
So the first thing DLP does is discover where your sensitive data resides. The right DLP capability can sift through file servers, databases, documents, email, and Web content to discover sensitive data wherever it resides and tag it so it can be tracked wherever it goes.
As I described last time, data loss prevention (DLP) technology discovers and identifies sensitive data in order to monitor, control, and secure it. This occurs on three fronts :
On the network (data in motion). These types of DLP solutions are installed at network egress points and analyze network traffic to detect transmission of sensitive data that violates corporate security policy.
In storage environments (data at rest), where the DLP solution discovers the presence of sensitive data in the wrong places, notably unsecured locations (e.g., open file shares).
At endpoints like desktops, notebooks, or other end-user systems (data in use). Endpoint DLP can control the movement of sensitive data between users and the transmission and storage of email and instant messages. They can also monitor and control access to physical devices, such as mobile device data stores, and provide application controls that will block attempted transmissions of sensitive data.
Don’t underestimate the threat to your business posed by insider data theft. The risk is real and you are not being paranoid if you worry about it.
Consider, for instance, these disturbing factoids from a Symantec-sponsored 2011 study ominously entitled Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall, which closely examined 50 insider thefts:
Combine Fear, Uncertainty, and Doubt — and you get FUD, which has been on my mind lately because it so often involves attempts to thwart adoption of newly-emerging, better solutions. Consider these two tales of FUD:
The first tale, from the late 1880s, is often referred to as the War of Currents. It’s about a powerful group of direct current (DC) supporters who fought fiercely against the new, more cost-effective alternating current (AC) with a range of FUD stunts, from electrocuting animals to building the first electric chair. DC’s supporters eventually lost — because FUD can slow, but not stop, real progress.
