Home > Exchange, Security related, Symantec > Thoughts on DLP in modern business…

Thoughts on DLP in modern business…

What does it mean to implement DLP?? So far as I have seen; each vendor has his own view on how to enforce DLP within the organization and how to manage it.

The reason of what brought DLP to the surface is that I had a discussion with one of my customers on DLP enforcement and how to manage it within his infrastructure. While reviewing Email encryption solutions by Sophos and Symantec last week; I found that each vendor has his own concept “if we may call it like that” on DLP and how to manage and enforce it.

First, let me state my own view of DLP; DLP is a technology that helps the organization to own the information/data and prevent leaking those information/data out.

Modern information/data is stored in different locations now, some examples:

– ERP/CRM data.

– Email, Office files, PDF documents.

– SharePoint and similar portals.

– Laptops, USB memory sticks, and portable hard disks.

Helping any organization to control data on the above sources is not easy and could be done in several manners and ways, based on my findings; I will share some thoughts with people thinking about rolling out DLP in their infrastructure:

– DLP is not controlling physical ports (USB, serial, firewire ports..Etc).

– DLP is not DRM nor Encryption.

– Permissions help in controlling the data access, but when the data is accessed; a malicious consumer of the data could share them with 3rd parties or leak them out either intentionally or unintentionally.

– Internal users do most of the hacks/leaks.

– Encrypting the data might help in DLP, but will not help in controlling what happens if a malicious user decrypted them or encryption algorithm is broken, Also encrypting the data might not help when the organization need to share All/some data with authorized 3rd party.

– If the IT department secured physical ports/access, what about leaking the data out using corporate emails or worst, personal emails.

– How you will classify data as corporate and how you will classify data as none-corporate.

– Data classification is suitable for data stored in shared folders, but what about data in SQL/Oracle databases or data copied from documents and sent as emails.

– How data will be shared with 3rd party and secured outside the organization’s control circle.

– Monitoring, logging and alerting, and feeding other 3rd party security applications that are used by the security team.

– What about endusers experience, do we need any input from users?

– What about data in the cloud?!

As you can read from the above, DLP will never be a single solution/technology, DLP is a mix of solutions, technologies and processes that govern the data inside the corporate.

Hope that the above thoughts will shed some light and ring some bells in your head when thinking about DLP.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: