Jun 18 2009
Security

Plugging Leaks

Data leak prevention technology inspects outbound content to keep sensitive data from escaping the network.

An employee sends an unencrypted e-mail that contains sensitive information. Another downloads private data onto a USB storage device that he later loses. Yet another has a notebook stolen from his home. These are but three examples of a growing problem that data leak prevention technology seeks to address.

Although DLP technology is still emerging, large security manufacturers that recognize its promise have made a spate of acquisitions. WebSense and McAfee kicked off the buying spree in late 2006, acquiring PortAuthority and Onigma, respectively. More recently, RSA, the security division of EMC, landed Tablus; Trend Micro grabbed up Provilla; and Symantec acquired Vontu.

The manufacturers have integrated these DLP products to varying degrees with their larger security suites. Although the technical approach of DLP products varies, the technology is evolving into a network appliance that monitors all outbound communications, inspects it for sensitive data and enforces data policies.

Meanwhile, client-side technology applies policies to removable storage devices and media. The most advanced DLP suites from companies such as Symantec and WebSense can discover, analyze and classify such data, using techniques such as data fingerprinting, lexical analysis, partial document matching and statistical analysis.

Once set, policies can be applied to data as it flows through and out of the organization (data in motion) and also as it is stored (data at rest) and manipulated in-house (data in use).

At least that’s the premise of DLP technology. Today, the reality is more modest: Organizations across levels of government have specific risks they must address before fully engaging in discovery and the creation of multiple policies.

USB Approval

The city of Lake Forest, Ill., is a case in point. “We had unauthorized USB devices all over the place,” says Joe Gabanski, network administrator for the city. With 350 end users and approximately 500 end points to consider, Gabanski and his IT staff needed a way to keep track of devices coming into the network and what information was leaving on them each night.

“We didn’t want to prohibit USB storage devices altogether. The good thing about them is that they’re cheap, they hold lots of data, and they’re convenient for end users,” Gabanski says. “From a security standpoint, the trouble is that they’re cheap, they hold lots of data, and they’re convenient for end users.”

Lake Forest compromised by deploying Lumension Security’s Sanctuary Device Control on PCs and notebooks. This software automates the oversight of USB databases by monitoring and controlling the peripheral devices that can connect to each end point, while enforcing data use policies managed by a central server. IT must now approve USB devices that connect to a system. In other words, removable storage is welcomed, while portable music players are not.

Next, Sanctuary applies policies when users add or remove devices. Data must be encrypted and access is password-protected. “Once a device is approved, that doesn’t mean it escapes our notice. Sanctuary’s logging features show us exactly what data is transferred to and from the device,” Gabanski says. “This ensures that removable storage media is limited to appropriate city business only.”

While Lake Forest intends to adopt additional DLP features in the future, such as e-mail encryption, IT started small and addressed its most immediate concern. Sanctuary Device Control is priced at $25 per user, with volume discounts available.

“The step-by-step approach makes sense,” says Jon Oltsik, senior analyst for information security for the Enterprise Strategy Group in Milford, Mass. DLP tools currently available are good at making sure that organizations aren’t releasing sensitive data openly. What they do less well is analyze volumes of data stored in disparate applications. “When it comes to determining exactly what data is floating around the enterprise, classifying it, and then figuring out who is using it and for what purposes, the technology has a long way to go,” he says.

 

DLP Drivers

The following pressures prompt organizations to deploy data leak prevention, according to Aberdeen Group, a technology research company:

  • Compliance with internal security policies
  • Compliance with external regulations
  • Demand from users and partners
  • Ability to collaborate safely with people outside of the organization

 

Steps to Prevent Data Loss

  • Create information hierarchies and restrict access to critical data.
  • Educate your employees. Address data policies in the employee handbook and hold regular training sessions.
  • Create and enforce policies, and make data protection part of your overall security efforts.
  • Because data loss may actually be data theft, conduct background checks and screening, whether with potential new employees or vendor partners.
  • Create comprehensive backup plans. Those stealing data may erase or destroy it to cover their tracks. Backups also provide an audit trail.
  • Deploy appropriate security technologies, including DLP, intrusion prevention, and information monitoring and content filtering technology.

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now