To get security news and tips delivered to your inbox, click here to
While it is important to have technology that can automatically block violations of acceptable use policies, it is more important to have end users that know their responsibilities and application developers that integrate data security. That's where audit, discovery and reporting features come into play when evaluating data protection products such as data leakage prevention, endpoint device control and rights management systems.
The market trend is to consolidate management of DLP, RMS and device control features, with data security elements becoming embedded in application environments. Data leakage prevention recognizes sensitive data during content inspection on a network appliance and endpoint software. Rights management attempts to restrict end-user actions such as printing and copy/paste where the data could step outside of IT control and device control aims to prevent confidential data from walking out the door on removable media including USB devices.
But social behavior, or poor judgment by people, easily defeats each of these technologies. To make them more effective, the entire IT organization must be involved. Informal discussions with IT show 50-75% of the value of data protection software is in allowing IT to collaborate more effectively with end users on security education and to consult with application owners on integrating specific corporate security policies into applications to reduce business risk. The dynamic nature of business makes administration of data security too unwieldy if applied on a rigid granular basis and less effective when policy rules are broadly applied across corporate users, data and actions.
- Audit user handling of sensitive data. A huge benefit of device control, DLP and RMS systems is the auditing of endpoint data handling activity and notification of policy exceptions. Security can then use an enterprise risk management capability, such as from Liquid Machines, to tune corporate policies to make it easy for end users to comply and application services to effectively protect confidential data from the source.
- Discover sources of sensitive data. The content inspection functionality of a DLP appliance in the network can help IT detect new sources of structured and unstructured confidential data. Users of Code Green software use data security event notifications to call end users and remind them that emailing sensitive data is an irresponsible business practice and point them to safer ways to do their work. Effective security teams use DLP to coach the user community on the best ways to handle sensitive data.
- Prevent abuses of enterprise risk management policies. IT has to be judicious when automatically blocking actions that are not compliant with data handling policies as there frequently are valid business exceptions. A Lumension customer applies endpoint device control to restrict the copying of data to and from USB devices in office desktops, for instance.
Look for consolidation, redundancy and overlap of features in data handling security products as organizations prioritize their enterprise risk management programs around policy management. Eventually, data protection and strong auditing features will be integrated into infrastructure products such as Oracle databases, SharePoint document sharing systems, and Blackberry communication gateways. But for most customers, people will remain their greatest asset which is why the momentum on auditing and discovery will continue to out pace prevention.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.