Data Loss Prevention

Has Data Loss Prevention technology has been refined to a point when it can deliver, and has its time finally arrived?

The current stress in the worldwide economy has manifested itself in many ways. As well as macro economic upheaval and the challenges it presents the public and private sector, more practical and localised issues are appearing, including the increased risk to businesses of data loss.

The significance of the inside threat to data loss should not be underestimated. Whilst this problem has often been attributed to the "incompetent and non-malicious" user releasing data by mistake, the increasing numbers of disaffected white collar knowledge workers being made redundant is seeing an increase in "competent and malicious" data loss incidents.

I can’t forget the images of sacked workers leaving a financial institution carry boxes of their personal goods. I wonder how many also had USB sticks full of corporate data as well.

Publicity surrounding significant data loss incidents over the past year have brought the issue to the fore. Senior politicians have become embroiled in public sector episodes as much as private sector company directors. Clearly, data loss can be summarised in one word – risk, and it is up to security professionals to work with the business to mitigate this risk be it to shareholder value, reputation or personal embarrassment.

Data Loss Prevention Comes of Age

Data loss prevention can play a significant part in data protection as it prevents unauthorised data leaving an organisation's endpoints. It does this using a variety of techniques including key word matching, traffic pattern analysis, network monitoring and file tracking. Although no data leak prevention vendor would ever guarantee 100% of all leaks would be prevented, a solution such as this can form a major part of an organisation's security strategy.

Many organisations are combining data loss prevention with data encryption so that if any significant data does leave the organisation it will remain encrypted and therefore unusable to anyone other than an authorised recipient. This combined approach of leak prevention and encryption is referred to as Enterprise Data Protection.

Data leak prevention and data loss prevention are generally synonymous terms but data loss prevention has also been used to describe data encryption. The term extrusion prevention is also used by some vendors to describe data leak prevention.

Data Loss Prevention Technologies

Data leak prevention technologies can be quite advanced as they need to determine the validity of a piece of data being moved from one place to another without stopping legitimate business access to the data.

In some systems analysis is undertaken of the data traffic pattern over a period of time to determine where data tends to originate and terminate and which users are involved in the process. It will also look at the mechanism used to transfer the data such as email, USB, CD/DVD or anyone of the many other data transmission mechanisms.

Data leak prevention systems will often detect the use of keywords during the attempted data transmission picking up on obvious candidate terms such as "confidential" and "executive" to indicate a potential leak.

Some solutions act at the network packet level reviewing data as it passes through the network. These systems will analyse a particular file or set of data and determine if its use is appropriate rather than examining explicit user behaviour.

Over time a data leak prevention solution will often build up a comprehensive map of data movements and be able to flag potential violations. This flagging will often be in the form of a message to the user telling them that the data movement they are attempting may be in violation of the data leak rules for an organisation. The user may then be given an opportunity to justify their action, sometimes by typing into a suitable dialog box, which can then be sent to a line manager for review.

Of critical importance to users is that the system does not become a burden and an obstruction to their normal work. In many cases the number of false positive or false negative activations may change over a period of time as the data leak prevention system learns what is acceptable behaviour for particular users or data sets. 

Digital rights management (DRM) is starting to be used as a way of preventing data leaks. Often with a DRM solution meta data is carried with a piece of data describing who may or may not have access to it. Using this technique some vendors promote the notion of security travelling with a set of data whereever it goes.

There was much scepticism when the pioneers of data loss prevention released their first products a few years ago. After all, data loss prevention makes for a good marketing story even if the technology fails to deliver.

In reality the technology has now been refined to a point when it can deliver, and any sizeable organisation should now be seriously considering their data loss strategy and the application of these clever products.