is Data Leak Prevention the silver bullet?

Data leak prevention (DLP) is a suite of technologies aimed at stopping the loss of sensitive information that occurs in organizations across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping a company to get a handle on what information it has, and in stopping the numerous leaks of information that occur each day.

The actions that DLP solutions can take vary from completely blocking the activity, quarantining for investigation, allowing the action but first removing the restricted data, or simply allowing the process to occur. In all cases the initiator of the action can be notified of the problem or not, and granular reporting to administration staff can occur.

DLP solutions deployed within organizations that have a centrally managed encryption solution can even automatically encrypt outbound communications if they meet certain policy-based requirements. Further, due to the integration with the centrally managed encryption product, DLP solutions are able to decrypt messages that have been encrypted with these tools prior to analysis. They are not able to decrypt messages that have been encrypted with keys they don't have cached (i.e. personal encryption solutions) but can be configured to block or quarantine such messages, restricting their flow. 

limitations of DLP

loss of assets

DLP solutions are very capable, with gateway solutions being able to restrict e-mail, web-mail, instant messaging and all other outbound communications protocols. But, they simply can't stop everything from leaving. The two most common ways in which data leaves the organization are via laptop hard drives and off-site backup tapes. In neither of these cases would a DLP solution be of any value in preventing data loss should the laptop or data tape itself be lost. Similarly, even the most restrictively configured DLP solution is powerless to stop someone stealing data by hand-copying, photography or simply by just memorization. Though the amount of data that can be stolen in this manner is much smaller than via an electronic transmission or a copy process, the loss of a single data record, or even data point, can be extremely costly and damaging depending on the nature of the data.

graphics

Other limitations include the inability of current DLP solutions to be able to intelligently interpret graphics files. Short of blocking or manually inspecting all such information, a significant gap will exist in an enterprise’s control of its information. Sensitive information scanned into a graphics file, or intellectual property (IP) that exists in a graphics format, such as design documents, would fall into this category. While DLP solutions cannot intelligently read the contents of a graphics file, they can identify specific file types, their source and destination. This capability, combined with well-defined traffic analysis, can flag uncharacteristic movement of this type of information and provide some level of control.

mobile devices

Short message service (SMS) is the communication protocol that allows text messaging and is a key example. Another consideration is the ability of many of these devices to utilize Wi-Fi or even to become a Wi-Fi hotspot themselves. Both cases allow for out-of-band communication that cannot be monitored by most enterprises. Finally, the ability of many of these devices to capture and store digital photographs and audio information presents yet another potential gap. While some progress is being made in this area, the significant limitations of processing power and centralized management remain a challenge.

multilingual support

A few DLP solutions support multiple languages, but virtually all management consoles support only English. It is also true that for each additional language and character set the system must support, processing requirements and time windows for analysis increase. Until such time that vendors recognize sufficient market demand to address this gap, there is little recourse but to seek other methods to control information leaks in languages other than English.

the bottom line

In reality, DLP solutions afford tremendous protection for data leakage, but there are still limitations to what it can solve today. To ensure protection against data loss, organizations must first restrictively limit what data can be stored on their organization devices and use either encryption solutions coupled with strong policies and user education to address the gaps. Finally, to minimize the potential of theft through low-tech methods, adopting the concepts of least privilege, segregation of duties and job rotation will ensure that employees are exposed to the bare minimum of information needed to do their jobs and not a single byte more.

Although DLP is a useful weapon in fighting to protect the organization's information assets. It is not the silver bullet for the organization security defense. Investigate and invest in DLP solutions by all means, but as a component of your overall security arsenal only.

Security defense still has to been taken as a holistic approach with the right technologies, processes and policies firing their cannons at all angles.

Kenneth Ho

I was born in Singapore, an island which has a mere population of 5 million people. I truly believe I was born with a purpose to fight criminals in this world. Having failed the entrance test for the Avenger League several times, I joined Orange Business to fight crime in another role as Security Practice in APAC. I'm pinning on the hope that I will be called up for duty to join the Avenger League.