Data Loss Prevention Tools Offer Insight into Where Data Lives
This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."
Download it now to read this article plus other related content.
|Case in Point
Content discovery helps a credit union with PCI.
The majority of organizations first deploy DLP for network data loss prevention since it's the quickest way to identify their risk exposure. But from a compliance standpoint, DLP for data at rest--or content discovery--is often more valuable since it helps quickly identify stored data in violation of policy, which is especially useful for PCI DSS.
For example, a medium-sized company--a credit union--started with network monitoring and user education to reduce its risk of an inadvertent breach. It then moved into content discovery to ensure no PCI data was stored unencrypted, followed by basic email filtering. The company's vendor recently started beta testing an endpoint agent, which the client plans to use for endpoint discovery and blocking PII transfer to portable storage.
Executives at the credit union estimate it will take two to three years for full deployment of all DLP components, based largely on internal political issues and budget.
DLP is one of a dozen or so names for this market; others are
| information leak prevention and content monitoring and filtering. To further complicate matters, data loss prevention is so generic a term it could easily apply to any data protection technology; everything from encryption to port-blocking tools is hopping on the DLP bandwagon. While early tools were tightly focused on preventing data leaks on the network, the market is rapidly evolving toward robust solutions that protect data in motion on the network, at rest in storage and in use on the desktop, all based on deep content inspection and analysis.
So DLP is a class of products that, based on central policies, identify, monitor and protect data at rest, in motion and in use, through deep content analysis. Other defining characteristics are:
It's important to recognize that DLP solutions are very effective at reducing the risk of accidental disclosures or data leakage through a bad business process, but offer minimal protection against malicious attacks. A smart internal or external attacker can easily circumvent most DLP tools, but the risk of inadvertent exposure is usually greater than that of a targeted attack.
- Broad content coverage across multiple platforms and locations
- Central policy management
- Robust workflow for incident handling
This was first published in February 2008