Demystifying the Complexities of Data Loss Prevention
Data loss prevention can be defined as the strategies to prevent employees from accidentally or unknowingly sending sensitive information outside the corporate network. In an increasingly connected world, there are multiple ways for confidential data to leak outside the confines of the enterprise. Gone are the days when communication within an office was limited to hardcopy, phone or fax. Preventing sensitive information from leaving an organization has always been a major problem but the proliferation of online communication channels and mobile devices has made it easier for data loss to occur, either maliciously or accidentally.
While some incidents are caused by external threats (hackers), others occur because internal users carelessly trusted third parties with sensitive information. Organizations across industry verticals all over the globe have experienced their critical data being stolen, leaked or lost to the outside world. Aside from insider threats, DLP is also being driven by rigorous privacy laws, most of which have strict data access or protection components.
The threat mostly comes from within
Despite the multiple security procedures, policies and tools put in place by enterprise IT, employees still engage in risky behaviors that endanger both corporate and personal data. Business networks have become key components of communication, collaboration and data access. Organizations are integrating business operations with network communications in order to boost the productivity of their workforce. Aside from putting more data at risk, businesses today are likely to suffer greater consequences if their data is compromised or lost. Loss of intellectual property such as financial data, product blueprints and merger plans, can not only damage a company’s reputation and brand image, but also result in direct or indirect damage in the tune of millions of dollars.
In order to mitigate insider threats to data loss, tech savvy companies train employees on the risks associated with data loss after instituting strict security policies. However, the effectiveness of these actions remains questionable. The best way to curb data leakage is to understand how employee behavior increases risks and take further steps to foster a security-conscious corporate culture where employees hew to the established procedures and policies.
The tools required to mitigate data loss
The enterprise faces multiple security threats on a daily basis, and although the technology is not habitually deployed as firewalls, DLP is without doubt a key security control against the threats faced by the enterprise. There is a general lack of concurrence among IT professionals as to what constitutes a DLP solution. While others limit it to complete product suites, others also consider USB port control or encryption. Research and advisory firm Gartner, defines DLP solutions as:
Technologies that as a core function, perform content inspection of data at rest or in motion, and can execute response – ranging from simple notification to active blocking – based on policy settings.
From the above definition, in its simplest form a data loss prevention solution must be able to:
- Perform Deep content analysis on data in motion, at rest and in use
- Offer central policy management
- Invoke policy enforcement on sensitive content
DLP solutions utilize contextual analysis and content awareness to ensure end users don’t maliciously or accidentally share data whose disclosure may put an organization at risk. DLP suites typically rely on file watermarks, regular expression-based string matching, fingerprint analysis, meta-data matching and storage point/type based logic to pinpoint critical and confidential data and what the established enforcement of the configured policy is. DLP prevents data from leaking to external drives, unauthorized emailing of confidential information and unauthorized upload cut/paste of critical corporate data to external sites among others.
DLP vendors mainly aim to address endpoint, email and network security; however, the environment DLP seeks to protect is undergoing radical changes as cloud and mobile technology become integral parts of the enterprise. This gives rise to the need of additional DLP features such as mobile security suites as well as web and email security gateways. Below are some of the top DLP vendors.
Symantec is a popular player in the security market and remains one of its most reliable vendors. In its most recent release, Symantec extended DLP to cloud email and storage in order to provide clients with the visibility and control required to secure their critical data while fully utilizing the cloud. Its DLP solution has three main modules: Storage DLP, Network DLP and Endpoint DLP. The solution is capable of monitoring and preventing users from syncing corporate data from their computers to personal cloud services such as Dropbox, Google Drive, and Microsoft OneDrive.
Symantec’s DLP solution is highly favored for its ease of installation, configuration and administration. The DLP team also offers vendor service and support and works with clients to share insights into the best practices for data security. Its Data Insight solution tackles the problem of unstructured files by allowing administrators to view usage patterns and access permissions for unstructured data.
The McAfee Data Loss Prevention solution is available via a series of virtual and physical appliances that facilitate the various DLP capabilities. There are appliances for data discovery and general DLP management of data copied to external storage. The Discover appliance is capable of spotting confidential data in an enterprise setting and can apply the configured policies to data both in transit and at rest. Discover also scans specific repositories and network resources for violations. The Prevent appliance can lock down data that is not being transmitted through an approved method.
McAfee’s DLP product has features that are specifically geared towards emerging platforms like mobile devices and social media. Clients can utilize pre-built policies for compliance regulations such as HIPAA.
The Websense data security suite includes a data security gateway, a tool for classifying and locating data across network infrastructure and Data Endpoint, which spots and controls data being used in PC’s, USB drives and other endpoint devices. The product suite is also capable of handling mobile endpoint data protection via Triton Mobile security. This cloud-based solution is offered via VPN, any traffic that goes through registered devices (company owned or BYOD) is routed through the VPN allowing Triton to block access to specific apps and websites. Triton also provides full email DLP protection.
Other players in the DLP space incude: RSA (Security division of EMC), CA Technologies, Verdasys, Trustwave, Code Green Networks, Palisade Systems, InfoWatch and GTB Technologies
Finding the Right Fit
The DLP market is evolving to meet enterprise requirements for monitoring and classifying sensitive data, wherever is used or stored, off and on corporate networks. As the market approaches maturity, products are becoming more stable. The selection of a DLP vendor likely depends on other considerations aside from feature-by-feature comparisons. Factors like vendor strength, market share, reputation and total cost of ownership must also be put into consideration. Other considerations include: accuracy and performance, ease of use, integration and scalability.
The data of an organization can be considered its lifeblood; all its digital assets should therefore be secured. The unintentional or intentional release of confidential data from endpoints within the enterprise is a serious problem. Aside from adhering to the best practices for data loss prevention, organizations should also invest in DLP technologies.