COLUMN

DLP technology challenges security costs

By Eric Ogren 21 Oct 2009 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Vendors have blurred the functional boundaries between data leakage prevention, digital rights management and even endpoint device control, to the extent that IT should reset expectations for DLP deployments.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The recent Burton Group report on DLP summarizes the market from a vendor offerings point of view, with heavy emphasis in vendor rankings given to companies with large market shares and marketing budgets. DLP can be a powerful weapon for security teams balancing threat protection with data protection and acceptable use policies, but only in well-defined business scenarios.

There are at least two main problems with DLP that challenge IT to scale the solutions to enterprise levels while keeping operation expenses acceptable. The technology effectively relies upon pattern-matching algorithms to detect confidential data. However, unlike AV where the vendor is responsible for maintaining the pattern definition files, the customer IT and security organizations are responsible for the administration of data patterns. The more encompassing the data protection program, the more effort IT needs to spend on defining data detection patterns.

Eric Ogren's recent security columns: Phishing protection begins with training, antiphishing evangelist: IT organizations can take a lesson from marketers by sending three phishing education emails to users before the holiday season. Feds push cybersecurity jobs, PCI DSS changes ahead: The federal government plans to fill cybersecurity jobs, the payment industry is studying PCI virtualization best practices and Microsoft offers free endpoint protection software. Whitelists, SaaS modify traditional security, tackle flaws: It is time for IT professionals to transform security into a capability that is as dynamic as the attack landscape, says security expert Eric Ogren of the Ogren Group.

DLP is also very difficult to keep aligned with a dynamic business. Enterprises must share confidential data to be able to put the data to work as a corporate asset -- the data is only retained because it has value to some important business process. This places IT in the position of having to frequently tune DLP to determine -- based on sender, receiver and data classification -- the legitimacy of a business communication to avoid false positives in alert or blocking decisions when data is in motion, at rest, or in use.

Enterprise security teams should keep DLP focused on a tight set of data and business uses of that data to get the most effective use out of their DLP investments.

Enterprises can start by letting every employee know the company has DLP technology and finding all abuses of data handling policies. The most effective deterrent to intentional theft of large amounts of confidential data is the likelihood of getting caught and the knowledge that archived security logs likely contain evidence of the theft. Let every employee know that sensitive data is a strategic corporate asset and that the business is monitoring communications for abuse of acceptable use policies. Scanning email attachments will detect violations and present an opportunity to educate users on data security.

Classify data first to control the scope of a DLP implementation and to stay aligned with acceptable use policies. Many DLP implementations fail because blocking data transmission is counterproductive to the legitimate business needs of sharing data with partners, customers and investors. DLP is good for high regulated organizations with easily recognizable sensitive data and clearly defined policies for individual access; DLP implementations fail when the multitude of sensitive data types, users and dynamic business roles turns administration into an expensive nightmare. Classify and prioritize sensitive data to limit the scope of DLP to insure success.

SearchSecurity radio:

Use DLP auditing features to discover sources and destinations of traffic. Network DLP can be useful in research showing the traffic patterns of sensitive data, which can then be used to evolve the infrastructure for efficient access processes. Security teams are usually the last to know how sensitive data is being used to support the business. DLP can give security the intelligence to recommend improvements to IT and network management.

Analyst reports are often good, objective views of a market segment, but IT still must be conscious of its organization's data security needs and operating costs constraints. Be sure to overlay specific organization requirements, tolerances for smaller vendors and cost analyses onto analyst reports to derive a short list that best aligns with the precision of a focused data protection program.

Tags: Data Loss Prevention,  Client security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Loss Prevention Health Net healthcare data breach affects1.5 million Layoffs prompt insider threat fears, cybersecurity survey finds Breach prevention: How to keep track of data and applications Trend Micro to address DLP after analyst report criticizes strategy How to secure USB ports on Windows machines Defining DLP Analyst DLP study finds maturity, ranks top DLP vendors Data protection tips for corporate compliance leaders Trustwave acquires data loss prevention vendor Vericept Best Data Loss Prevention Products Client security InZero Systems launches hardware-based security gateway Endpoint protection best practices manual: Combating issues, problems Kaspersky update for SMBs in wake of free Microsoft Security Essentials Microsoft makes free antivirus software widely available Security best practices in hotels Best Antimalware Products Perimeter defense in the era of the perimeterless network Microsoft Security Essentials (MSE) shows no vision, expert says Smart tactics for antivirus and antispyware Top tactics for endpoint security

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary brute force cracking  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) Crash Course: Spyware  (SearchSecurity.com) email spoofing  (SearchSecurity.com) phishing  (SearchSecurity.com) rootkit  (SearchMidmarketSecurity.com) social engineering  (SearchSecurity.com) Wired Equivalent Privacy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary