As DLP market gains momentum, the claims from DLP vendors rise high. In such scenario, you should be enlightened with the available DLP solutions, market drivers and advanced features. This article provides you all information in one shot.

Turmoil in the worldwide economy has manifested itself in many ways. As well as macro economic upheaval and the challenges it presents the public and private sector more practical and localized issues are appearing, including the increase risk to businesses of data loss. While today’s networked environment has enhanced productivity and flexibility it has also contributed to a loss of control, putting valuable intellectual property and personally identifiable information at risk. In order to adequately protect identity information, content flowing on all channels must be monitored to prevent an extrusion. The leakage, or extrusion, of personally identifiable information has been shown to have significant negative consequences on an organization’s brand, reputation, and customer trust as well as legal, operational, and financial implications.

Evolution of DLP

It is the business needs of different entities that helped in the evolution of DLP as a technology. Most of the organizations looked at DLP due to legal requirements or they wanted to protect the sensitive data leaving the most important communication channel—email. DLP market has evolved with more risks. The early solutions focused on sensitive data leaving emails as it is key vector of communication. So, many DLP vendors offered outbound email protection. As usage of removable media—USBs, CDs, hard drives, etc grew, companies wanted to block sensitive information leaving this medium. So, Many DLP vendors offered solution that prevented copying data to removable media. Still many organizations with sensitive data tackle data leak problem by blocking endpoints like USBs, CDs etc. But as we move forward, the biggest challenge remains to protect the sensitive data that lie in unstructured manner in various parts of the network and in applications. Protecting Intellectual Property like customer lists, patents, and source code is far more complex and challenging.

DLP products first deployed were predominantly network based, enabling organizations to establish data security policies, monitor email traffic and detect policy violations. As the technology matured, protocol coverage then expanded to include popular social networking and file-sharing tools such as instant and third-party messaging, Webmail, Internet forums, blogs, and wikis and the ability to proactively block transmissions that violate policy was added to DLP solutions. The ability to discover and protect exposed confidential data on file servers, desktops, laptops and various data repositories using the same polices as were used on network traffic, came next.

DLP capabilities then extended to the endpoint to prevent confidential data from being copied to removable devices or downloaded from servers in violation of policy. Detection techniques are now content-aware; meaning the actual content is scanned using a variety of techniques such as rules-based (regex for credit card numbers) or partial document matching, etc. Today, a comprehensive DLP solution will help an organization find, classify, and control the use of sensitive data throughout the company by Identifying and analyzing data at all control points including at the endpoint, at rest, at the message server, and on the network.

As DLP is a company-wide concern, solutions must automatically enforce security policies across the enterprise. They should manage data protection policies from a single console and be deployable across the network, endpoints and storage systems, enabling organizations to define policies once and enforce them everywhere. Another important requirement is ensuring that when endpoints are added, the solution scales up without increasing complexity. An ideal data loss prevention solution quickly identifies repositories of confidential data, analyses risk and compliance issues, and automatically pinpoints the data owner to enable a scalable remediation process. This would otherwise require employee interviews, archive searches, and more—often taking weeks and delivering uncertain results.

In essence, enterprises should adopt a unified solution that takes a risk-based, content-aware approach that helps in identifying critical data across the enterprise, and helps in formulating policies around them. The solution should offer comprehensive coverage of confidential data across the endpoint, network, and storage systems—whether users are on or off the network—with an integrated policy platform. This will help them discover and identify confidential data, monitor this data and manage information appropriately.

Market Drivers

Organizations today needs to understand what kind of sensitive data they have, and do a risk evaluation of what can happen if that data is exposed or gets in the wrong hands. The primary concerns driving data loss prevention efforts are regulatory compliance, protection of intellectual property, mitigate loss of goodwill from negative publicity and reducing costs arising from breaches. No longer is data confined within the physical walls of a company, it is now easily copied, shared, and stolen. Corporate information is typically managed in structured databases and documents. However, the majority of information resides in unstructured form, such as emails and images, making it much harder to know where sensitive data is actually located throughout the enterprise.

In addition, dramatic changes in the way people communicate and collaborate are changing the way in which information is being created and accessed. For example, increasing numbers of wireless and mobile users with portable storage devices pose challenges for IT in controlling how and where information is used. These highly portable devices can be lost or stolen more easily, placing valuable information in the hands of external parties. Technologies such as P2P, streaming media, social networks, and instant messaging have further broadened the amount of unstructured information being transferred in and out of the enterprise. All these changes mean that IT management requires a more effective approach towards data protection in the enterprise. And while digital trails can help determine how a data breach occurred, it is more important for enterprises to have preventive measures that actively safeguard against such breaches from happening in the first place.

Nearly every organization falls under one or more local, government, or international regulatory mandates. Today Data loss has become a significant problem for nearly every organization conducting business worldwide. Moreover in today’s hyper-competitive environment, intellectual property (IP) protection is a major concern for organizations of all sizes. From industrial espionage to employees defecting to a competitor and taking sensitive information with them, protecting one of the most important assets of the business is a key driver of data loss prevention efforts. Loss of large volumes of protected information has become a regular headline event, forcing companies to re-issue cards, notify customers, and mitigate loss of goodwill from negative publicity.

According to CA, since large organizations often store terabytes of data, DLP technology assumes that they can't possibly know about or secure all of it. Therefore, DLP scans data and if it determines that the data is, in fact, sensitive, then enforces a high-level security policy. For example, if DLP discovers an unencrypted e-mail message containing credit card numbers or patient data, it can block the e-mail, inform the employee (i.e., the sender) of a policy violation, and notify security.

According to RSA, a DLP strategy will go a long way in plugging sensitive information and data losses for today’s organization. More data losses happen due to negligence and oversight as compared to intentional theft. Not all instructions and breaches are related to data thefts and hence these still need to be addressed. A good security strategy would have DLP as its core with other access and data controls supporting it. For years companies have been focused on external threats alone. Its only now that internal threat has become a concern for organizations as they realize the severity of having an Internal threat.

Vipul Kumra, Security Consultant, CA, India

According to Forrester about 80% of leaks occur inadvertently. It means employees are simply unaware of organizations policies instead of having malicious intent. So, DLP solutions must be able to set and enforce policies based on content or context. Secondly, DLP solution should be able to recognize data in motion, data at rest and data at end points to ensure data leak prevention

The biggest challenge most organizations face today is to find sensitive data spread across the organization. The data could be lying within the data centre or desktops and laptops and also in transit over the network. A good DLP Solutions help the organization “Discover” and “Classify” data based on organization’s priorities and policies. Once the organization is aware of what needs protection it can use its resources judiciously and invest in protecting the right resources.

Mayur Trivedi, Regional Manager—Channel Sales, GajShield InfoTech

A recent Symantec study, conducted by IDC, found that for 88 per cent organizations, information security is the primary reason for deploying DLP. In fact, as of October 13, 2009, 403 data breaches have been reported for the year, exposing more than 220 million records, according to the Identity Theft Resource Center. The Symantec study identified the major driver to prevent data loss as compliance and regulatory mandates (52 per cent), and pressure from international clients (25 per cent). Also, according to a Symantec study on disaster recovery in India, 67 per cent of the organizations surveyed were concerned about data loss during a disaster, expressing the need for business continuity in such a situation. Lack of user awareness is also an important contributor to data loss, as 84 per cent of high cost security incidents occur when insiders send confidential data outside the company.

Designing Next Generation DLP

Vishal Dhupar, MD, Symantec India

Some experts believe that the next generation is identity-aware DLP solution where DLP's content-aware active policy management, supervision, and enforcement capabilities are combined with Identity and Access Management features. Vipul Kumra, Security Consultant, CA, India, said, “This approach would proactively monitor for and prevent malicious behavior from insiders thereby facilitating proactive monitoring and control of the actions that authorized users can do, will be an interesting, targeted, and strategic framework for enforcing data privacy and protecting intellectual property. This will simplify IAM provisioning in the long term and will facilitate new capabilities to support data classification and policy enforcement. (Traditional IAM assigns rights without knowledge or understanding of the data held in protected assets, essentially providing security for use context without taking into account the sensitivity or classification of the data)”.

Abhinav Karnwal, Product Marketing Manager, APAC, Trend Micro

According to Mayur Trivedi, Regional Manager—Channel Sales, GajShield InfoTech, developers are planning to move towards, endpoint security from Internet Based DLP & Cloud base Security for enterprise. GajShield strongly believes that internet provides powerful resources to an organization which should not be restricted. Our R&D is focused towards enhancing enterprise security by adding more Web 2.0 applications to its existing large application interpretation engine. With the walls of an enterprise fading, GajShield is extending its security to mobile devices thus ensuring they adhere to security policies set by an organization.

According to Vishal Dhupar, MD, Symantec India, the next generation of DLP products has to move towards giving more flexibility and power to the customers when it comes to protecting their information. This is the advantage that we have worked towards providing with DLP 10. By opening our DLP platform, we give customers more choices and flexibility to better protect the sensitive information in their unique IT environments. With DLP 10 we’re a step closer to realizing the vision of true information-centric security by extending content-awareness into many layers of security.

Manish Bansal, Regional Manager, Websense India

Market consolidation and the ongoing efforts of large IT security vendors is forcing vendors to include DLP tools into their product portfolios. Abhinav Karnwal, Product Marketing Manager, APAC, Trend Micro, believes that like previously flourished technologies—anti-spyware applications, spam-filtering tools, intrusion detection systems (IDS), and firewalls becoming one of the features of a comprehensive offering, it is expected that DLP will also follow the same path. Protecting customer and other confidential data from malicious and accidental leaks is one of the top business and IT security challenges facing organizations today. Whether it’s customer records or intellectual property, information is the lifeblood of today’s enterprise. On the other hand, Manish Bansal, Regional Manager, Websense India, comments that today’s CIOs invest in technologies to make this data available on demand to employees, customers, and partners. But broken business processes, employee error, and gaps in security often put this data at risk—risk from regulatory and corporate compliance, customer and competitive pressures, and the rising cost and publicity of data leaks.

Box Item

Conclusion

Experts believe that though current products are capable of addressing the existing threats, but this is an evolving space. However, with so many DLP solutions on the market, all making similar claims about their ability to mitigate data loss, it is difficult to know which road to take to proactively reduce your company's risk and protect confidential and sensitive data. The threat landscape changes constantly, with that vendors also come out with their latest offerings to address those threats. Experts recommend a total, comprehensive approach combining essential threat defenses, data leak prevention, and data encryption technologies.

—By: 'InfoSecurity' Bureau.