Archive for May, 2009

May 6, 2009

Protecting Sensitive Data From Loss with DLP Solutions

Information no longer resides inside the four walls of an organization . Any leakage of information can cause you to lose not only money but also credibility. So, apart from securing PCs from viruses, spyware, etc what seems very important for an organization is defending data against all vulnerable ends. And this is now becoming a big concern for many enterprises.
Data loss protection or DLP is the term that is used to describe the theft of sensitive or critical data from an organization. However, there are number of ways you can solve this issue. But before that, you first need to figure out what is the data your organization wants to protect. This might comprise of an organization’s strategies, clients confidential data, etc. Such data can get stolen only if someone tries to copy the same to a portable media or send it via Internet to any third person. Here, to steal data one needs the proper right to access those data. The other way of stealing data is by hacking the system. The most common solution to this sort of issue is to stop the users to carry any portable media inside the organization. The other measure an organization can opt for is blocking all the ports on the user system. The second method seems to be pretty practical, because even if someone gets inside the premise of your organization with the intention of stealing data, he will not be able to connect to the system. Then the third option is mail server configuration. The IT guy who manages the mail server can configure it in such a way that no mail will be processed which comes with an attachment.

The issues are endless when it comes to DLP. Even if you block the port and scan all the emails that go out of the organization, one can use a third party email service provider, for example Gmail. This brings you to block the Internet itself. This sound good but is only possible for the organizations that work mostly offline. So what kind of solution to opt for? There are couple of vendors in the market who basically offer solutions for such kind of organizations.

They provide them solutions which exactly match their requirement. Such solutions can be broadly classified in three different categories: network based, host based and data based DLP.

The network based DLP systems comprise hardware appliances which are typically placed at the gateway level of the organization to monitor traffic that flows through it, such as IM, HTTP, secure HTTP and so on. It checks every piece of information that flows, and check for unauthorized and unauthenticated data. The host based DLP system provides two way protection option to safe guard the data. The first is the internal communication which basically deals with the data that is transferred through portable drives among different user groups. And the second is the external communication which that happens via mails or IMs. Here, you have the option of controlling application. This helps mostly mobile users where the user can use any third party tool to hack the system for getting the confidential data. Data based DLP system identifies the data that is being transferred, stored, or in use by any user is confidential or not. It uses number of predefined methods to judge if content is confidential or not. The criteria are basically keywords, regular expressions, matching of documents, etc. This varies for every organization and hence this method requires time to actually meet the expectation of CEOs. As it first needs to know what are the keywords, do they change after particular time, and so on. But apart from all these security measures, what if an authorized user opens up confidential documents in an authorized application, writes down the information on a piece of paper and walks away.