Problem solve Get help with specific problems with your technologies, process and projects.

With DLP, encryption and integration strengthen security policies

Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions.

More on data loss prevention products

Best data loss prevention tools

Deploying DLP technology needs hands-on approach

Using DLP software to comply with HIPAA policies

Encryption capabilities and DLP integration are occurring more than ever. Some DLP products can respond to a rule violation by encrypting data at rest or in transit, which means administrators must have decryption capabilities and key management practices in place. A common example might be terminating SSL traffic for inline sensors, performing DLP inspection and then re-establishing the encrypted tunnel. Host-based DLP products may need to integrate with existing full-disk and file/folder encryption software running on laptops and other systems, as well.

A DLP encryption integration effort can be effectively used to enhance and strengthen security policies for sensitive data types in addition to traditional blocking and enforcement actions. For example, a user who accidentally sends a spreadsheet attached to an email unencrypted could have the data or traffic automatically encrypted by the DLP encryption engine. Key elements of encryption to look for include key strength and algorithms available, integration capabilities with existing encryption software or hardware, and ease of implementation and management. Key management and recovery for large organizations can be complicated, and this doesn't change for DLP-based encryption.

Read more about selecting from DLP products in our guide.

About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; and a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert, has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of a SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of 
Hands-On Information Security from Course Technology.

This was last published in April 2013

Dig Deeper on Data loss prevention technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.