With DLP, encryption and integration strengthen security policies

Encryption capabilities and DLP integration are occurring more than ever. Some DLP products can respond to a rule violation by encrypting data at rest or in transit, which means administrators must have decryption capabilities and key management practices in place. A common example might be terminating SSL traffic for inline sensors, performing DLP inspection and then re-establishing the encrypted tunnel. Host-based DLP products may need to integrate with existing full-disk and file/folder encryption software running on laptops and other systems, as well.

A DLP encryption integration effort can be effectively used to enhance and strengthen security policies for sensitive data types in addition to traditional blocking and enforcement actions. For example, a user who accidentally sends a spreadsheet attached to an email unencrypted could have the data or traffic automatically encrypted by the DLP encryption engine. Key elements of encryption to look for include key strength and algorithms available, integration capabilities with existing encryption software or hardware, and ease of implementation and management. Key management and recovery for large organizations can be complicated, and this doesn't change for DLP-based encryption.

Read more about selecting from DLP products in our guide.

About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; and a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert, has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of a SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of Hands-On Information Security from Course Technology.