Data Loss Prevention
Data Loss Prevention covers a broad variety of ideas and products. At it's most basic form, it is intended to ensure that proprietary information does not leave the company's control. From there, it takes on a number of meanings and ideas. It can be performed at the host, storage, or network level. Data in Use, Data at Rest, and Data in Motion are phrases that identify more specifically each of these levels in the context of Data Loss Prevention.
More details about Data Loss Prevention
Categories
We have broken the products into two categories. Many vendors provide a product family that functions in both spaces, and will be placed in both categories as needed.
Network DLP products
Network DLP products monitor network traffic (data in motion) to identify sensitive or confidential information potentially at risk. These products typically sit at or near the company network egress point.
Host DLP Products
Host DLP products run on the desktop, server, or any other host platforms. They can monitor data in use as well as data at rest, or in storage.
Successfully implementing DLP
The key to an effective DLP policy is identification of what data is considered confidential or sensitive. This is something performed outside of the products used to monitor for that data. DLP solutions can use anything from keywords, dictionaries, and regular expressions to partial document matching and fingerprinting to identify the data in question. The accuracy of the identification is also key in a DLP product. False positives, as in any monitoring system, tends to lead to ignoring of the DLP reporting system completely. False negatives leaves the company exposed even though they have a DLP system in place. Testing to ensure that the chosen products meet the companies needs and don't inundate the staff with false positives/negatives is key to a successful implementation of a DLP solution.
DLP data collection
Many DLP suites come with a front-end that corellates the data collected from all the sources into reporting that can be more easily reviewed and acted upon.
Don't forget the Backups!
One area of DLP that is especially key but not often considered is stored data. This is not just data on desktops and servers, but data that exists in backup medium such as disk and tape storage, stored both on-site and off-site. Typically the older the storage is, the easier it is to get access to the data on it. Off-site and tape storage add an extra layer of complexity, because the data is not easily accessible to the DLP products for review.
Technology can't do it all
As with every security policy, technology cannot address all risks, and defined policies must be in place as well. Those policies can then use technology to implement monitoring where possible.
- Host DLP (4)
- Network DLP (2)
