Can you ever be wholly leakproof from data loss?
- Article 21 of 33
- SC Magazine, April 2010
Data leakage prevention (DLP) is beginning to appeal to many, but even the best products need careful deployment, says Rob Buckley.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
This kind of training period can take from two weeks to 18 months, depending on the caution of the organisation, says Glen Vondrick, Sendmail's COO. He says many email delivery teams find that to maintain the service level agreements (SLAs) for email delivery times, they're unable to run some systems in anything except monitoring mode, as the large rulesets of some organisations mean their DLPs would slow email to an unacceptable level in live mode.
With a DLP system set to intercede rather than simply monitor, organisations need to consider what actions they'll get their DLP to perform if a potential breach is detected. Many DLP systems offer a variety of responses. “Specific actions can be soft touch,” says Symantec's Andy Ng. “They can notify users when they copy data, or email notifications to a manager. They can block via email, or quarantine files from data copies.” Sendmail can perform as many as 50 actions, while Symantec's platform offers organisations the ability to craft Java applets for specific actions. Your organisation should pick a system that provides the flexibility in action that your business processes require.
However, if users are prevented from doing what they legitimately want to do, they'll need to be able to contact an administrator to override the action. Set the rules too coarsely and there'll be too many alerts and a huge administrative burden; set the rules too finely and some confidential data is likely to leak out.
So, many organisations, unless they're heavily regulated and have a significant admin budget, will find that a middle path works better: instead of simply blocking the data from being sent, either the system will be set permanently to monitor mode or the DLP will alert the user that an action has been stopped and give them the option of overriding it. For this to work well, technology is not enough: a user education programme needs to be in place, so users understand why DLP has been introduced and the implications for the organisation if data does leak – which is why SecureWorks is planning to include it in its cloud service.
DLP is a great way to stop the loss of data that some users might cause by accident, as well as to monitor less obvious causes of data loss. DLP can't stop all losses, but it can help.
Data Leakage Prevention Case Study: City of London Police
With 1,200 staff, including 800 or so police officers and just three police stations in its square mile of coverage, the City of London police force is the smallest territorial police force in England and Wales. Nevertheless, with hundreds of thousands of commuters and tourists passing into the area daily and the same compliance requirements as other police forces, the force still has to ensure that its data remains confidential.
Gary Brailsford-Hart is the force's head of information management services and chief information officer. He joined as a warrant officer in 1997, but soon transferred to more technical projects to track warrants, after which he joined technical services.
“DLP came up straightaway,” he says. “We moved from Windows NT to 2000 desktops six years ago. With NT, there was no USB and limited CD writers; with 2000, I knew I had to deploy a solution to manage USB” – to prevent data being leaked from the force via removable media. Brailsford-Hart chose DeviceLock, because of its AD integration and group policies.
There is now only one USB device approved for transferring digital data, DeviceLock's Stealth MXI, picked in part because of its reliability. “There's nothing more destructive than police officers, and USB devices are fragile.” As well as being hardware-encrypted, it has a steel case and biometric access via fingerprint. There's an audit trail of who has copied what to the device.
Brailsford-Hart says he had to strike a balance. “It's possible to get data loss paranoia. There's a balance between confidentiality and accessibility.” Everyone in the force has the right to copy and use the data on the Stealth MXI, provided they can make the business case. But staff find it hard to understand why, “when you can go to PC World and buy a terabyte USB stick for £3”.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages