Data loss prevention: to implement or not?
Friday, 08 October, 2010
GartnerÂ’s Rob McMillan reports that content-aware data loss prevention (DLP) solutions are fast becoming the talk of many organisations to help them address sensitive data issues. He predicts that within the next few years DLP will be included as part of the basic duty of care for enterprises and points out the ramifications of this trend.
The content-aware DLP market has gone through many changes, including the continued commoditisation of endpoint products, the rise of content-aware functions in many traditional security and infrastructure products, as well as the integration of identity awareness in traditional DLP products. Market consolidation has slowed as DLP matures into a common control within the standard of due care.
However, despite interest in content-aware DLP and the maturity of the market, there remains a significant lack of understanding regarding best approaches and benefits. It also has a reputation for being expensive, difficult to implement and generally possessing capabilities exceeding most companies' requirements.
For those unaware, content-aware DLP describes a set of technologies and inspection techniques used to classify information content contained within an object, such as a file, email, packet, application or data store, while at rest (in storage), in use (during an operation) or in transit (across a network). It is typically deployed at the external perimeter of an organisation or at the transition point within an organisation where one logical network trust zone ends and another begins.
Gartner is often asked by organisations whether they really need to consider implementing or not. Generally speaking, it should strongly be considered if there is pressure on senior management to immediately implement a control in response to a regulatory compliance issue or pressing intellectual property protection issue (eg, imminent partnering with a third-party organisation in a country or industry with a lower standard of care imposed by regulation). At this stage it is a ‘nice to have’ for most organisations.
But that will change over time as regulators increasingly indicate a desire to see formal data leakage controls in place. As a result, Gartner predicts that content-aware DLP will be part of the standard of due care within Australia by 2013. The Australian Prudential Regulation Authority, for example, specifically addresses controls to prevent data leakage in its Prudential Practice Guide PPG234: ‘Management of Security Risk in Information and Information Technology’. Proposed changes to the Privacy Act are also likely to force some organisations to consider this technology.
A good way to determine if your organisation should deploy DLP technology is to conduct a risk assessment that takes into account the information assets of the organisation, the possible avenues through which that information may emerge from the organisation, as well as the controls in place to ensure that only authorised information leaves the organisation.
DLP deployments can offer enterprises many benefits, including sensitive-data-monitoring capabilities and user education, as well as input for process re-engineering and policy enhancement. One of the most desired and heavily marketed benefits of content-aware DLP is its ability to support efforts to simplify end users' compliance with enterprise policies, which is accomplished through feedback and automated remediation.
DLP should not be deployed for the sake of deploying a ‘cool’ technology. It should be deployed to address a very specific use case. The risk occurs either when information that should not leave the organisation does so, or when it is authorised to exit the organisation but does so in an unauthorised way.
* Rob McMillan is a Research Director at Gartner, where he is part of the ITL Systems Security and Risk team. His research primarily focuses on infrastructure protection issues. Prior to joining Gartner, he spent almost nine years in information security at the Commonwealth Bank of Australia and was also the co-founder and general manager of AusCERT.
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.
Boosting software security with a binary approach
The discovery of a leaked access token earlier this year has shone a light on why the method we...