Data Loss Prevention – a Wise Investment?
Another day,
another loss of data. The regularity that the press report on data leaks in one
form or other is both depressing and concerning in equal measures. Having spent
our time and effort securing our perimeters (which of course promptly
disappeared), vendor attention is being focused on selling solutions to prevent
data leakage in all its guises.
What do we mean
by data leakage?
Well, it is
pretty obvious really. The minute you plug your new USB pen drive into your
corporate laptop data has leaked. The minute you email a document to a partner
data has leaked. Any action or mechanism that sees data inappropriately moving
from a corporate network to the outside can be termed data leakage or data
loss.
Data is
vulnerable in all its states – in motion, at rest, in use and, of course, on
display. Yep, the good old monitor is a great big data loss hole that needs to
be considered.
After all,
shoulder surfing can happen at work as well as at cash points. Many of my train
journeys have been brightened up by passively reading confidential data thrust
under my nose on a computer screen in a crowded train.
How Sensitive is Your Data?
In today’s busy
corporate world it is no longer simple to define who has access to sensitive
data. In the past it may have been the board of directors, HR or legal but the
chances are that sensitive data is spread throughout the organisation and
almost all employees have control of data which could be useful to competitors
or others.
Therefore one of
the most difficult parts of any data security project is the process of
discovering what data is out there on the network and then applying some
sensible rating to it to ensure that it is neither too secure and difficult to
use or too available for all and sundry to abuse.
Endpoint
discovery and protection is the name given to the process of automatically
trawling through network endpoints determining what data resides where and then
preventing data leakage. Data loss can take the form of data downloads, the
burning of CDs and the use of USB memory sticks.
Up at the network
level similar tools will trawl network file servers to determine what data is
where and then prevent it leaking via typical routes such as FTP, email and
instant messaging.
And of course
these processes need to be constantly on the search for new data leaks or
threats.
DLP from Vontu
Vontu, a
significant player in the DLP market place, recently announced version 8 of
their Data Loss Prevention product.
Anyone
responsible for managing a large desktop estate will groan with frustration
when faced with yet another tool that scans network end points but Vontu say
they have dealt with any performance issues as they have improved the parallel
scanning ability of the discovery product, and network impact is minimal. In
fact version 8 of the product introduces agent based scanning, so each endpoint
will have scanning done locally and results fed back.
But what happens
if an attempt is made to leak data?
A neat feature in
the Vontu product enables user defined messages to be displayed in response to
a potential leak. If a data loss policy is compromised the user will receive an
on-screen notification with fields for them to enter their own response or
select a predefined response (i.e. “My boss told me to”). This way the Big
Brother nature of the system can be toned down a bit and information collected
as to why data was being moved.
If a trend starts
to emerge that certain users need access to certain data then the system can be
adjusted to permit the data to be moved.
Vontu deliver an
additional layer of security as they can integrate into encryption supplier’s
products, and there is a formal partnership in place with encryption vendor
PGP.
By utilising
PGP’s encryption tools not only can data be prevented from leaking using the
Vontu DLP product if it does happen to be lost it will be in an encrypted form
anyway.
Is DLP Real or FUD?
The reality is
that data is going missing on a regular basis – either via the “incompetent
non-malicious route” (i.e. I accidentally emailed the customer list to a
competitor) or the “competent and malicious route” (i.e. I have copied all of
the drawings onto a CD ready for my new job). Either way crucial data may be
leaving your business at a rate of knots and your executive are in blissful
ignorance until it becomes public.
Do you need to
invest in a DLP solution?
Only you can
answer that once you have addressed the scale and sensitivity of your corporate
data. Certainly data loss needs to be figured highly into your security
strategy and users need to be educated about the importance of protecting
company data. This may address most of your risk but will never give you the
higher levels of protection that combining this approach with a DLP solution
will deliver.
Maybe the time
has come to give DLP solutions an in-depth look. If you are Vontu is a good a
place to start as any, especially as they have started to cover their
encryption bases with their partnership with PGP.