Feature

Data Loss Prevention Tools Offer Insight into Where Data Lives

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."

Download it now to read this article plus other related content.

The last major component of DLP solutions is endpoint agents to monitor use of data on the user's desktop. A "complete" agent theoretically monitors network, file and user activity such as cut and paste, but few real-world tools provide full coverage. Most products start with file monitoring for endpoint content discovery and to detect (and block) sensitive data transfers to portable storage. Rather than completely blocking USB thumb drives to protect data, an organization can use these tools to restrict file transfers based on content.

Endpoint DLP tools are starting to add more advanced protection, such as limiting cut and paste, detecting sensitive content in unapproved applications such as certain encryption tools, and automatic encryption based on content. Over time, they will increase the type and number of policies they can enforce and integrate more deeply into common endpoint applications.

MANAGEMENT & WORKFLOW
DLP solutions are dedicated to the business problem of identifying and protecting sensitive information. Ideally, an enterprise wants to establish a single policy for data protection and apply it throughout its environment--a key advantage of a full-time DLP solution over security tools with a DLP feature. DLP suites centralize workflow for incident handling across the network, storage and endpoints,

    Requires Free Membership to View

and provide user interfaces for technical and non-technical incident handlers. Many organizations find that compliance, legal and HR departments play just as large a role in policy enforcement as IT security.

Central policy management allows a user to define the content to protect--like a customer identification number--then apply different enforcement actions based on where the violation is triggered. You define the content once, and then build rules based on context. These policies are distributed throughout a DLP infrastructure, including the network, storage and endpoints. Policies apply differently to different users, are rated at different sensitivity levels, have violation count thresholds, and are assigned to specific business units or incident handlers.

For example, a policy could be set that says: "The customer relations team is allowed to email a single account number to a recipient, but block account numbers in any other channels or by any user. Only customer team members can store account numbers on their laptops, but only if encrypted. Account numbers cannot be transferred to portable storage, and are only allowed on these servers."

This was first published in February 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: