"Loss of data can impact organization not only financially but also in many other ways including loss of reputation"
Building An Effective Dlp Programme
Data loss/leak prevention solution is a system that is designed to detect and prevent potential data breach by monitoring, detecting and blocking sensitive data while in-use, in-motion, and at rest. Data leakage leads to disclosure of sensitive data to unauthorized personnel either by malicious intent or inadvertent mistake. Loss of data can impact organization not only financially but also in many other ways including loss of reputation. IPR (Intellectual Property Rights) can be stolen, future business plans can be compromised, contacts can be prematurely shared or even access rights can be given to third party. The threat vector to the data emerges from malware, spyware, hackers, and malicious internal employee or innocent errors. It is therefore necessary that organizational data is not shared without authorization.
There are two approaches for data loss prevention:
1. Blocking the ex-filtration points
At present, there are various ports available such as Internet, USB, SD, DVD writer, Bluetooth, HDMI, etc. The list of these ports is increasing every day. A malicious employee can send the organizational data through email or even by taking out hard disk from the organization. Solutions like device lock, Symantec DLP, McAfee DLP, attempt to solve the problem in an above mentioned manner. The challenge of this method is that leakages are still possible when new method / port is created or when temporary privileges are given but the owner forgets to revoke these privileges. Lack of control of the ports also poses aseries challenge for example USB port is not used only for storage devices but also to connect many devices like mouse, keyboard, and printer, etc. Blocking of USB port either through software or by pulling out the hard wires can also impact operational components.
2. Information Rights Management
The other method is to secure the data at the source itself. The data is encrypted at the point of creation and it can be decrypted only by a specific person at a specific time, location and for purpose as specified by owner of data or superior. The audit trail of the data is maintained throughout its life cycle which includes securing data, from discovery to post-incident response. Even the life of data can be controlled. This methodology is called IRM (Information Right Management) and major player in this field are Microsoft and Seclore. The challenge of IRM is to bring change in organizational culture and making people accountable for their actions. It requires deliberate thought process by owner to authorize or not to, where as in first method of DLP, it can be implemented transparently and with knowledge of user.
Operation PRISM has exposed that the data resident on NSA servers was readable and no alarms were raised when Snowden, an employee of contractor, was stealing data from U.S. This could have been prevented if NSA of U.S had implemented IRM.
Thus, DLP through IRM is a better solution though initial cost of setup and maintenance may be higher but the solution is complete and effective. It allows all policy based access, improve visibility into an enterprise’s data loss risks, deliver measurable risk reduction, and stay ahead of emerging threats and new technologies. IRM also helps in achieving statutory and regulatory compliance.