Sunday, January 6, 2008

What’s next in Data Leakage Prevention - Keeping your barrels out of the water

I recently attended the SANS WhatWorks in Stopping Data Leakage and Insider Threat Summit in Orlando. The Summit included a variety of sessions where vendors, industry experts, and end users talked about their experience with Data Leakage Prevention (DLP) products. There were also plenty of networking opportunities to talk one on one with presenters and peers. I applaud SANS on the program and highly recommend the WhatWorks series to anyone looking to implement one of the featured technologies.

The Summit provided me the opportunity to learn more about the various types of DLP products on the market today and while there is not one product that is right for every company, I liked what I heard from Vericept and Tablus. Vericept has one of the more mature products in this space and Tablus is poised to have a big impact as it is integrated into the RSA product suite.

There are different approaches to the data leakage problem. For example, some vendors sit at the edge of the network while others deploy an agent to the endpoint. Rich Mogull has an excellent whitepaper on how to choose a DLP solution. The one thing that all of the solutions have in common is that they are designed to keep sensitive data from leaving the enterprise or, as one presenter described it, to keep the barrels from going over the falls. He went on to say that while this is important, the best way to protect your data is to keep the barrels out of the water in the first place.

Data Leakage Prevention products solve a real problem today but you can expect much more than data monitoring and blocking from your DLP vendor in the future. In addition to monitoring outbound traffic, many DLP products are good at finding unstructured data much like a search engine and then classifying it as sensitive or top secret based on the criteria that your business outlines. While this requires various amounts of tuning and configuration, you will get a better understanding of where your sensitive data resides and who is using it.

However, finding and classifying your data is not enough. Forward looking DLP vendors are extending their products and developing partnerships to help you protect and manage the data they discover. These vendors are looking to implement data control polices to enforce access rights, the use of encryption, retention schedules, and even a time for the data to self destruct. This data-centric approach will allow companies to enforce their paper polices on electronic data and reduce the risks associated with the growing volumes of unstructured data.

The best way to protect your data is to manage it. You can spend a lot of time and energy trying to stop the barrels from going over the falls or you can keep the barrels out of the water in the first place by controlling access and enforcing usage polices.

Looking for more information about what DLP solutions can do for you? Check out what Nick Selby of The 451 Group has to say on his blog. Two of his recent posts on this topic are ADL doesn’t cure piles, either and Tying the Business Problem of Data Leakage to IT Processes - recovering from the deer-in-the-headlights moment.

No comments: