As data leakage today has become a nightmare for almost all security officers across the industries, hence it is imperative for them to understand DLP solutions based on their requirements and to select the right one to meet the challenges.

Market Scenario

Data breaches have recently become the most important concern in IT Security since data is the heart of any organization. Business data is growing almost double every three years. A simple email sent outside the organization intentionally or unintentionally with a confidential business data attached is enough to ruin a company’s reputation and bring down its business. Today around 80% of data is unstructured in form of email, presentations, spreadsheets, text documents and PDF. Our touted security may look like a fortress from outside but from within it is a place through which data leaks out though unprotected cracks.

In today’s world an organization cannot feel completely secure behind a company firewall. According to Forrester survey by 2010 we will be speaking about zettabyte sizes (1ZB = 1021 = 1 trillion GB). Researches clearly show that more that half and as much as 80% of data breaches are caused because of insiders within the organization behind the company firewall. As of now we all are aware of the problems related to network security due to which we have put into place a lot of safeguards - hardware and software, encryption, firewalls, IDS and IPS to prevent malicious activities occurring because of  viruses, worms, hackers, malware or spywares but internal threat is still evident. The biggest challenge is identifying where does the data reside, where is it going and who is using it. Internet, portable storage devices and mobile technology have become the major factors of data leakage especially with organizations not being aware of type of data residing in their network. Preventing data loss has become more difficult as employees have started accessing data from anywhere with the help of advanced technology like cameras, instant messengers, USB devices, digital media players.

IT administrators are looking for ways and means to prevent data breach through places like email, webmail, IM, file transfers, screen captures software’s etc. Administrators are not aware whether the data moving out of the organization is a personal information or confidential business data of their customers, employees can put the company’s brand name and reputation at stake. Data breach for an organization can have a heavy effect on organizations brand image and public reputation which may result to a service shutdown, loss of customer, lawsuits filed against the company, loss of reputation, fines and more regulations.  In 2006 50 million records were stolen and by 2007 the records state a loss 160+ million. Statistics say that a typical fortune 1000 company can’t locate 2% of the PC’s in their organizations. The focus of any organization is shifting from system centric approach to a data centric approach.

The solution for this situation is to have a content monitoring solution like DLP which sits within your network and prevents company’s confidential data from going to wrong hands. A Data Leakage Prevention solution monitors, identifies and protects data at rest, in motion, and in use with the centralized polices through deep content inspection.

Driving Forces

The key drivers for DLP solutions are
1) Critical Data/Intellectual Property
2) Removable Storage Devices
3) Compliance.

Almost all organizations are liable for local, federal or international regulatory mandates. Regulations like Health Insurance and Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), European Union Data Protection Directive which mandates companies to protect private and personal information. The health care industry is governed by HIPAA a federal law which mandates that there should be restriction in terms of number of employees who can access the patient data. It also specifies that the organizations should confirm that the data in their possession has not been altered. Pharma companies are under extreme pressure to keep their data secure in order to comply with the strict regulations from a variety of government organizations.   Acts like OBRA 1990 and Prescription Drug Marketing Act of 1987 have made organizations to think in lines of having a good Data leak prevention system in place.

Also removable storage devices like USB, FireWire, Bluetooth and other protocols make it easy to connect unauthorized external devices, leaving endpoints wide open to Data Leakage & Theft. Corporate governance, consumer protection laws, threats, privacy and data protection laws have become a driving force for companies to go for Data Leakage Prevention solutions.

Understanding about DLP

Data Leakage prevention solutions are products designed to detect and protect unauthorized access or sending of data outside the organization.

With DLP solutions we can:

1. Discover and classify data

2. Apply policies based on content or application.

3. Monitor and control movement of data within the organization and outside the organization.

4. Document the incidents and report it accordingly.

Types of DLP systems:

1. Network DLP systems: It is also known as gateway based DLP. They are normally installed on the organizations network perimeter. Network DLP products are normally accurate, fast and scalable products. Problem with Network DLP systems arise when we need to protect data in use of data kept in endpoints. They also cannot control or monitor physical devices connected to systems.

2. Host-based DLP systems: The advantage is that they can control and monitor access to physical devices (like USB, mobile devices etc.). They can also provide application control. The disadvantage is that an agent needs to be installed in each and every system.

 What to look for in a DLP Solution

There are few important features and points; one should look for while selecting a DLP solution to address data leakage challenges. Here they follow:

1. Implementation: Network perimeter, desktop or all.

2. Technology: Should be able to categorize all types of data. Should be able to protect and monitor incidents in real time.

3. Management capabilities: Integration with LDAP, SIM, ERM, CMS etc. Reporting and easy administration capabilities, hierarchical administration. Should have a user friendly interface. Should have good dashboard with user selectable elements.

4. Deployment: Should be ease to deploy.

5. Forensics: Should be able log entire history and should be able to capture entire session.

6. Market Reach: Global capabilities like language support and GUIs. Partnerships and reach with resellers and SI’s.

7. Additional features: Blocking, archiving, encrypting, alert and quarantine features.

Conclusion

Data Loss Prevention is a critical issue for companies, as the number of data loss incidents continues to increase and since threats may come from inside or outside anywhere. Outsourcing and Globalization in India would require companies to look at DLP strategies due to privacy and Intellectual Property protection.

—By: Avinash Salian, Technical Consultant, SecureSynergy India