News

The value of DLP

Ganesan Lakshmanan, Principal Consultant, Security Management, CA. Moving into 2009, the number of layoffs and unemployed has multiplied as a result of the falling economy. Corporate data is at risk now more than ever and companies need to be sure they have reliable protection in place.

As companies are forced to make layoffs, disgruntled employees may act maliciously and take sensitive company data with them as they leave. Out-of-work employees worried about finding a position in a bleak job market may also act out of desperation and steal confidential company information to get a leg up on the competition for hard-to-find jobs. It is also possible that companies hiring are accepting or even requesting internal data of their competitors as part of the hiring process.

Employees can confiscate sensitive company data by saving it to a memory stick, e-mailing it to a personal account, or even walking out with a laptop or BlackBerry. Companies need to be protected in all instances to ensure their information doesn't walk out the door.

It's 5 p.m. Do you know where your data is?

The first step to ensure that corporate data is protected from insider threat is to make sure laptops are encrypted. Not encrypting employee machines is a potentially fatal mistake, but it is not the only step to protection. Companies need to make sure the encryption can be revoked when an employee leaves the company. This requires having an encryption policy that is centrally managed by IT. This type of policy will keep data protected while enabling IT to lock it from unauthorized employee access at any time.

The next step is ensuring employees cannot transfer information to a USB, MP3 player or other portable device. Implementing device control allows IT to monitor and restrict data copied to removable storage devices to keep it from leaving company control. Having control over devices on the network also allows IT to understand how internal compliance is working and block any attempts to violate IT policy.

The final step to protecting data on your network is to ensure employees cannot send information outside to personal email accounts or through instant messaging. Putting network data loss prevention (DLP) in place allows IT to identify, monitor and protect endpoint and network actions in order to prevent the unauthorized use and transmission of confidential company information.

Data leak prevention (DLP) systems are an increasingly important part of a set of best practice-technologies aimed at protecting corporate data and other sensitive information from being accidentally sent through e-mail and other communication and information transport channels. While DLP systems typically won't be nearly as useful in protecting against malicious data leaks, they are effective at stopping inadvertent ones, such as when an employee attempts to send confidential data through e-mail in clear text.

“The primary benefit of DLP is identifying, analyzing and protecting data at all control points including at the endpoint, at rest, at the message server, and on the network,” says Ganesan Lakshmanan, Principal Consultant, Security Management, CA. Though DLP solutions are available as stand-alone products, most security vendors have started to integrate the technology as part of their broader suite. CA, for example, has integrated its DLP solution into its security portfolio though customers have an option to choose stand-alone modular approach.

DLP products, however, can be difficult to get right. That's because companies have to hammer out policies for determining which types of data need watching, what happens when an e-mail is flagged, and whether the individual user should be required to decide whether to encrypt specific e-mails or types of e-mails. For example, the CIO might not appreciate it when he sends an e-mail to the CFO and it gets flagged, bounced back or held up.

Other potential problem areas – everything from thumb drives to smartphones – abound. Nevertheless, vendors today are offering encrypted USB drives and business phones with encryption features. IT executives need to make data security a requirement every step of the way.

It's always daunting to consider deployment of a new security technology, but with the proper preparation Data Loss Prevention (DLP) is less painful to deploy than many of our other tools. The keys to a successful DLP deployment are setting the right expectations, proper planning during the selection process, and a controlled roll-out.

In a down economy the risk of data loss increases. Now, more than ever, companies need to ensure the integrity of their data. Putting significant protection in place should be a first priority in 2009 to ensure data theft is not a risk. Encrypting laptops with flexible encryption controls, implementing device control and putting a data loss prevention system in place will cover all bases and ensure employees don't have any way to walk out the door with company data.

Previous ArticleNext Article

Leave a Reply

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Send this to a friend