Tip

Data loss prevention (DLP) tools in 2008: The new way to prevent identity theft?

Data theft incidents dominated the information security scene in 2006 and only increased in 2007. If the trend continues, 2008 should prove to be the worst year yet.

While organisations looking to thwart data theft have spent thousands, if not millions, of pounds implementing the best perimeter security technologies, these efforts have seemingly had little effect; massive breaches of confidential information continue unabated, despite dire consequences for enterprises and their customers. This has driven security professionals toward new tools that can lessen their chances of becoming the next top news story.

Over the past couple of years, vendors like McAfee Inc., Trend Micro Inc. and Symantec Corp. have been among the many information security vendors aggressively pitching a product set that promises to help. This product category, called data loss prevention, or DLP, is drawing so much attention that some antimalware and antispam vendors have even modified their primary focus in order to enter the DLP market. For example, Clearswift Ltd.'s primary focus a few years back was antispam tools. Although the content security vendor's product line continues to include antispam technology, Clearswift now focuses on creating better network-based data loss prevention products.

Let's look at the key differentiating features of DLP technology as vendors strive to help customers guard data in a way that past security products have not.

    Continue Reading This Article

    Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

    • Protect information from accidental disclosure - Employees have access to an organisation's most sensitive information, but some simply are not aware of the dangers inherent in sending data over the Internet. For example, a new finance employee sending a confidential document to an offsite accounting firm may decide to attach the document to an email without realizing that it's being sent in clear text across the Internet.

      It is the responsibility of the organisation to ensure that the proper steps are taken to tag all confidential data. DLP products ensure that confidential and critical information is appropriately tagged so that employees cannot accidentally disclose it. Tagging is the process of classifying which data on a system is confidential, and marking it appropriately. Because of this labeling, an employee that accidentally or maliciously attempts to disclose confidential information may be denied. For example, a sensitive file that is tagged can be restricted from being sent via email and instant messaging programs.

    • Protecting information from malicious intent (internal and external) - Disgruntled employees continue to be a primary driver of data theft. Implementing DLP can restrict the channels in which employees can transfer data. DLP can also prevent confidential data from being copied to USB devices, external hard drives and iPods.
    • Meeting regulatory compliance requirements - Many organisations need to comply with certain government regulations, be it SOX, GLBA, HIPAA or all of the above. DLP technology seems likely to play a major part in assisting with regulatory compliance requirements this year. HIPAA, for example, requires that all healthcare information remain confidential, and a DLP strategy is not only a means of protecting such information, it's also a way to demonstrate that the organisation is taking the appropriate steps outlined in the regulation.

    Implementing a DLP product into a large corporate network is by no means a walk in the park. Most large organisations have hundreds of servers with thousands of directories and files stored on them. Having to sort through that much information and decide on what is to be tagged can be a daunting task for any organisation. However, tagged data will differ between organisations. The process is simply not a cookie-cutter implementation. For instance, some organisations will choose to tag company financials, trade secrets, etc., while others may not. For a successful DLP implementation, meetings with personnel from all levels of management need to be conducted so that data is properly classified. Such teamwork will ensure that the data tagging strategy is appropriate for the business as a whole.

    Key features that should be tested in a DLP evaluation include the ability to block and monitor by system, as well as by user. It is also important to consider the use of host-based and network-based DLP products to ensure that data is protected by systems that are not running a DLP agent.

    DLP technology will become the new firewall of the security industry. After all, it's implemented at the next logical layer; where the data is stored. However, before taking the plunge and purchasing DLP technology, it's always best to evaluate a number of vendor products to ensure that the technical ability of the product is not clouded by a fancy marketing campaign.

    About the author Peter Giannoulis, GSEC, GCIH, GCIA, GCFA, GCFW, GREM, GSNA, CISSP, is an information security consultant in Toronto, Ontario. He currently maintains www.theacademy.ca, which provides organizations streaming video on how to configure and troubleshoot many of today's top security products. He also serves as a technical director for the GIAC family of certifications.


    This was first published in February 2008

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.