Since Data Loss Prevention (DLP) became a known technology in the computer security arena a few years ago, a number of vendors of existing non-DLP security products added basic DLP-like features to enable detection of some common private or confidential information. However, a complete DLP implementation involves more than just regular expressions to match patterns in text in, say, email messages.
Certainly, email is a significant vector by which data loss occurs. More generally, the DLP industry terms data traversing the network as Data in Motion. However, there are many more protocols than just email, not the least of which include web-based email services, such as Google Mail, and social media services, such as Facebook, that could also be data loss vectors. A complete DLP implementation will likely be able to work with a number of common network protocols to manage Data in Motion.
DLP also manages data in two other important situations, Data in Use and Data at Rest. Data in Use DLP can manage data used on a workstation, such as monitoring data being copied to a USB flash drive. Data at Rest DLP can inventory and manage the private and confidential data stored on workstation and server's hard drives.
The ways in which most DLP systems are able to discover protected information extend far beyond basic regular expressions. Common approaches include pre-packaged sets of terms, database fingerprints, file fingerprints, special code to match data like credit card numbers, and more. I previously wrote an article on Classes of Protected Information and DLP that goes into much more detail on this topic.
In addition to managing protected data in the scenarios of Data in Motion, Use, and Rest, and using multiple approaches to finding protected data, DLP systems also offer sophisticated configuration, reporting, alerting, and case management services. There may be situations where certain groups of users are allowed to work with certain kinds of confidential information while others are not -- a DLP system might be configured to monitor such information use for the privileged users and block use by other users. The depth of reporting and alerting capabilities offered by a DLP system can make a DLP installation more useful by providing information ranging from summaries to detailed violation information as needed for management and compliance reports. Finally, DLP case management tools can enable rolling up multiple incidents into a consolidated case that can be managed as necessary to resolution.
In summary, a DLP system is a significant addition to an organization's data security arsenal.
No comments:
Post a Comment