Guide to Data Loss Prevention, Data Loss and Data Leakage
Why is Data Loss Prevention important?
According to a Gartner CISO survey, Data Loss Prevention (DLP) is the biggest priority for 2012. Data Loss Prevention (DLP) is typically defined as any solution or process that identifies confidential data, tracks that data as it moves through and out of enterprise and prevents unauthorized disclosure of data by creating and enforcing disclosure policies. Since confidential data can reside on a variety of computing devices (physical servers, virtual servers, databases, file servers, PCs, point-of-sale devices, flash drives and mobile devices) and move through a variety of network access points (wireline, wireless, VPNs, etc) there are a variety of solutions that are tackling the problem of data loss, data recovery and data leaks.
As the number of Internet-connected devices skyrockets into the billions, Data Loss Prevention is an increasingly important part of any organization’s ability to manage and protect critical and confidential information. Examples of critical and confidential data types include:
- Intellectual Property: source code, product design documents, process documentation, internal price lists
- Corporate Data: Financial documents, strategic planning documents, due diligence research for mergers and acquisitions, employee information
- Customer Data: Social security numbers, credit card numbers, medical records, financial statements
Data Loss, Data Leak Solutions
Network-based Data Loss Prevention (DLP) solutions are focused on protecting data while it is in motion. These Data Loss Prevention solutions are installed at the ‘perimeter’ of enterprise networks. They monitor network traffic to detect sensitive data that is being leaked or sent out of the enterprise. Solutions may investigate email traffic, instant messaging, social media interactions, web 2.0 applications, SSL traffic and more. Their analysis engines are looking for violations of predefined information disclosure policies, such as data leaks.
Datacenter or Storage-based Data Loss Prevention (DLP) solutions focus on protecting data at rest within an organization’s datacenter infrastructure such as file servers, SharePoint, and databases. These Data Loss Prevention solutions discover where confidential data resides and thereby enables users to determine why it is there. When confidential information is resident on insecure platforms it is usually an indicator of problematic business processes or poorly executed data retention policies.
End-point based Data Loss Prevention (DLP) solutions focus on monitoring PC-based systems (laptops, tablets, POS, etc.) for all actions such as print or transfer to CD/DVD, webmail, social media, USB, and more. End-point based solutions are typically event driven in that the agent resident on the end-point is monitoring for specific user actions, such as sending an email, copying a file to a USB, leaking data or printing a file. These solutions can be configured for passive monitoring mode or actively blocking specific types of activities.
Content-aware data loss prevention (DLP) tools address the risk of accidental exposure of sensitive data outside authorized channels, using monitoring, blocking and remediation functionality. These tools enable the enforcement of company policies based on the classification of content. Data Leak Prevention technologies are being increasingly leveraged for data discovery and classification purposes.
Application Security and your Data Loss Prevention strategy
Use this checklist as a reference tool when making data loss prevention purchase decisions:
- Develop clear data loss prevention strategies with concrete requirements before evaluating products.
- Understand the limitations of data leak prevention. As an example, data loss prevention is a data-centric control and does not have any understanding of SQL.
- Applications protect your data. Test the security quality of your applications. Use Application Security testing as a way of protecting data
- Create data loss prevention policies and procedures for mobile devices as they interact with sensitive corporate data