What's missing from DLP.

Author:Gibson, David
Position:COMPANY VEIWPOINT - Geographic overview

In most organizations today, there is sensitive data that is overexposed and vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing a good job securing the borders, but what about insider threats? The threat of legitimate, authorized users unwittingly (or wittingly) leaking critical data just by accessing data that is available to them is all too real. Analyst firms such as IDC estimate that in 5 years, unstructured data, which makes up 80% of organizational data, will grow by 650%. The risk of data loss is increasing above and beyond this explosive rate, as more dynamic, cross-functional teams collaborate and data is continually transferred between network shares, email accounts, SharePoint sites, mobile devices, and other platforms. As a result, security professionals are turning to data loss prevention (DLP) solutions for help. Unfortunately, organizations are finding that these DLP solutions in many cases fail to fully protect critical data because they focus on symptomatic, perimeter-level solutions to a much deeper problem--the fact that users have inappropriate or excessive rights to sensitive information.

DLP Alone is Not a Panacea

DLP solutions primarily focus on classifying sensitive data and preventing its transfer with a three-pronged technology approach:

* Endpoint protections encrypt data on hard drives and disable external storage to stop data from escaping via employee laptops and workstations.

* Network protections scan and filter sensitive data to prevent it from leaving the organization via email, HTTP, FTP and other protocols.

* Server protections focus on content classification and identifying sensitive files that need to be protected before they have a chance to escape.

This approach works well if an organization knows who owns all the sensitive data and who's using it. Since that is almost never the case, once the sensitive data is identified, which in the average size organization can takes months, IT is left with the monumental job of finding out: Who the sensitive data belongs to? Who has and should have access I to it? Who is using it? These questions must be answered in order to identify the highest priority sensitive data (i.e. the data-in-use) and to determine the appropriate data loss prevention procedures.

Early solutions that focused primarily on endpoint and network protections were quickly overwhelmed by the...

To continue reading