Get started Bring yourself up to speed with our introductory content.

Figuring out the definition of data loss prevention

The term 'data loss prevention' can be difficult to understand as it is used very broadly in the security industry. Learn the true definition of DLP and uncover why it is often the cause of confusion.

The poorly kept secret of the information security field is that -- despite the name -- since we've practiced our...

profession, we have focused on defending infrastructure instead of the data itself. This is a natural outcome of the challenges we've historically faced; it is hard to focus on information-centric security controls when you're battling viruses, spam and port scanners on a daily basis.

However, as the value of data increases, as the bad guys target it more frequently, and as it is more often subject to various regulations, we see organizations increasingly focused on data protection. Just as you need a firewall to protect the network, you need data security-specific tools to protect the data. One of these foundational technologies is data loss prevention (DLP).

Defining DLP

The term DLP is used broadly in the industry, but for our purposes, we are going to focus on the full-suite definition of data loss prevention:

DLP is the Swiss Army knife of data protection. We use it for a range of benefits where understanding the content helps with a problem.

"Products that, based on central policies, identify, monitor and protect data at rest, in motion and in use, through deep content analysis."

This definition includes three core capabilities: central policy management, deep content analysis, and broad coverage across multiple platforms and services (storage, the network and endpoints). It allows us to understand where our data is stored, how data is used, and how data is communicated and exchanged both inside and outside our organization.

The primary differentiator that separates DLP from other security tools is its ability to dig into the content itself, analyze it and then make a decision. Content analysis means DLP has the potential to assist with a range of business problems, not merely address one single risk. It also means we aren't including other data protection technologies in this report, such as encryption or context-based tools, which also provide benefit, but are really another product category. Context-based tools understand the metadata and environment around a file (owner, sender or tags), but not the content itself.

DLP is the Swiss Army knife of data protection. We use it for a range of benefits where understanding the content helps with a problem. It provides value in a number of different use cases, not all of which involve data leaks. One organization might use it to validate their PCI audit scope, while another uses it to monitor employee emails for accidental disclosures. The downside of this versatility is that it creates some complexity and, in some cases, the nature of the problem is so complex it takes more effort than simply setting up a policy and walking away until the next audit cycle.

Types of DLP products

Adding to the potential confusion, DLP refers to full-suite products as well as content analysis features that are included in a wide range of products, such as firewalls, endpoint protection suites or database security platforms.

Full-suite products provide complete coverage across your network, storage repositories and endpoints (workstations and laptops), even if you aren't using the full capabilities.

Partial-suite or single-channel DLP products are dedicated DLP tools that cover one or two potential channels (e.g., network and storage) and contain full workflow (such as incident management) and content analysis capabilities. While we tend to see more single channel offerings than partial suites, there are still only a few products on the market -- almost all either network or endpoint -- due to less demand.

DLP-lite features are included in a variety of products, but typically lack dedicated DLP workflow. DLP-lite products offer a subset of coverage and content analysis capabilities. We have seen, for example, network firewalls with basic pattern-matching capabilities, vulnerability assessment scanners that look for particular data types, and limited content analysis in an email security gateway.

About the author:
Rich Mogull has nearly 20 years of experience in information security, physical security, and risk management. Prior to founding independent information security consulting firm Securosis, he spent seven years at Gartner Inc., most recently as a vice president, where he advised thousands of clients, authored dozens of reports and was consistently rated as one of Gartner's top international speakers. He is one of the world's premier authorities on data security technologies, including DLP, and has covered issues ranging from vulnerabilities and threats to risk management frameworks and major application security.

Next Steps

Learn more about the maturing data loss prevention marketplace and take a look at DLP from the inside out.

This was last published in November 2014

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Evaluating data loss prevention tools and technology

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close