 Data Loss PreventionOrganisations process information that can be often classified as sensitive, either from a business or legal point of view. In addition to risk of intrusion and gaining access to sensitive information by unauthorized persons, there's also risk of intentional or spontaneous transmission of the information to the outside of organisation. Government and industry regulations are arguably the biggest influencers. Besides HIPAA, GLBA, and Sarbanes-Oxley, more than 25 states have passed data privacy or breach notification laws that require organisations to notify consumers when their information may have been exposed. Regulatory compliance Many large companies now fall under oversight of government and commercial regulations that mandate controls over information, including HIPAA in health and benefits, GLBA and Basel II in finance, and Payment Card Industry DSS standards. Some of these regulations stipulate a regular information technology audit, commonly known as IT audit, which organizations can fail if they lack suitable IT security controls and due-care (processes) standards. Types of DLP systems Network DLP Also referred to as gateway-based systems. These are usually dedicated hardware/software platforms, typically installed on the organisation's internet network connection, that analyse network traffic to search for unauthorised information transmissions, including email, IM, FTP, HTTP, and HTTPS (called data in motion). They have the advantage that they are simple to install, and provide a relatively low cost of ownership. Network DLP systems can also discover data at rest (data stored throughout the enterprise) to identify areas of risk where confidential data is stored in inappropriate and/or unsecured locations. Host-based DLP systems Such systems run on end-user workstations or servers in the organisation. Like network-based systems, host-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (e.g. 'Chinese walls'). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (i.e., one that was never sent, and therefore not subject to retention rules) will not be identified in a subsequent legal discovery situation. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some host based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user. They have the disadvantage that they need to be installed on every workstation in the network, cannot be used on mobile devices (e.g., cell phones and PDAs) or where they cannot be practically installed (for example on a workstation in an internet café). Data Identification DLP solutions include a number of techniques for identifying confidential or sensitive information. Sometimes confused with discovery, data identification is a process by which organisations use a DLP technology to determine what to look for (in motion, at rest, or in use). DLP solutions use multiple methods for deep content analysis, ranging from keywords, dictionaries, and regular expressions to partial document matching and fingerprinting. The strength of the analysis engine directly correlates to its accuracy. The accuracy of DLP identification is important to lowering/avoiding false positives and negatives. Accuracy can depend on many variables, some of which may be situational or technological. Testing for accuracy is recommended to ensure a solution has virtually zero false positives/negatives. Data Loss Prevention Solutions Blue Coat Secure Web Gateway
Code Green Networks Lumension Security McAfee (Reconnex) RSA (Tablus) Symantec (Vontu) Trustwave (Vericept) |
