Tip

With DLP, encryption and integration strengthen security policies

Dave Shackleford, Contributor

More on data loss prevention products

Best data loss prevention tools

Deploying DLP technology

    Requires Free Membership to View

    Login

needs hands-on approach

Using DLP software to comply with HIPAA policies

Encryption capabilities and DLP integration are occurring more than ever. Some DLP products can respond to a rule violation by encrypting data at rest or in transit, which means administrators must have decryption capabilities and key management practices in place. A common example might be terminating SSL traffic for inline sensors, performing DLP inspection and then re-establishing the encrypted tunnel. Host-based DLP products may need to integrate with existing full-disk and file/folder encryption software running on laptops and other systems, as well.

A DLP encryption integration effort can be effectively used to enhance and strengthen security policies for sensitive data types in addition to traditional blocking and enforcement actions. For example, a user who accidentally sends a spreadsheet attached to an email unencrypted could have the data or traffic automatically encrypted by the DLP encryption engine. Key elements of encryption to look for include key strength and algorithms available, integration capabilities with existing encryption software or hardware, and ease of implementation and management. Key management and recovery for large organizations can be complicated, and this doesn't change for DLP-based encryption.

Read more about selecting from DLP products in our guide.


About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; and a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert, has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of a SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of Hands-On Information Security from Course Technology.

This was first published in April 2013

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top