Data Loss Prevention: Still on the Horizon
Data loss is a growing concern
Nowadays, most security measures taken by government agencies are designed to protect each organization’s systems, while few such measures adequately protect against data loss, especially once data moves outside agency network perimeters.
Although a lack of adequate protection against data loss or leaks is considered a serious problem, survey respondents to the 1105 Government Information Group Content Solutions Information Security Survey, said investments in content security and data loss prevention were not as high on the priority list, as were investments in intrusion detection, firewalls, VPNs, IP security and continuous monitoring.
Data loss prevention (DLP), also referred to a data leakage protection, helps ensure that sensitive personal information about constituents, employees and other stakeholders, as well as research and development (R&D) data and classified information housed on government networks remains safe and secure.
According to survey results, only 18% of respondents had already invested in DLP, while another 2% said they would invest in less than six months, and another 10% said they would consider DLP solutions in a year or so.
DLP solutions and software are considered crucial to because they protect sensitive or classified information against possible leaks. Without protection, agencies risk damage to both budgets and reputation. Prior heavily publicized agency data loss incidents have led to payouts to those impacted, along with investments in crisis P.R. and security solutions to help repair reputations.
Alongside DLP, content filtering is used to control what content is permitted for readers to access, especially when used to restrict material delivered over the web. And content management combines antivirus, antispyware, anti-spam, web filtering, information protection and control, along with other types of inbound and outbound content filtering for web, email and instant messaging. In total, 21% of survey respondents had already invested in content filtering solutions and 18% had already implemented content management. In both content management and content filtering, 8% of survey respondents said it would likely take six months or more before their organizations would consider investing in such solutions.
Leading DLP solutions integrate content delivered on a network (identifying organization-controlled credit card numbers, personal identification numbers or files with sensitive/classified data on the wrong parts of the network) by performing scanning of outbound traffic, which is typically combined with an outbound web proxy. To be effective, a DLP solution must look at all types of traffic, including e-mail, web traffic, file transfers and instant messaging. Forrester Research recommends that organizations approach DLP as an ongoing process, not as a product or a one-time project. According to a recent Forrester research report entitled, Rethinking DLP, most organizations face difficulties implementing DLP because they don’t define the necessary process and policies before deployment. “DLP tools are not ‘automagical.’ They can’t find data if they don’t know what to look for,” said John Kindervag, analyst and author of the DLP report.
Security professionals must ‘train’ DLP tools by defining policies, but before defining policies, each organization must properly inventory and classify sensitive information, he explained. Forrester’s research indicates that most organizations still don’t have sensitive data properly identified and stored, and many still haven’t fully defined data classification levels across all ‘top-secret,’ ‘confidential,’ and ‘non-classified’ information.
At the same time, although purchasing point solutions that resolve particular problems, such as scanning e-mail or scanning instant messaging, may seem attractive from a budget point of view, industry observers maintain this may be more costly in terms of integration, in the long run. “A single broad-ranging DLP solution can help agencies protect multiple types of information and unify everything under a single policy management console,” said Sadik Al-Abdulla, senior manager, for CDW-G’s security practice.
CDW-G security experts recommend that agencies start small, with alert-only or monitor-only policies for data loss prevention. Then, escalate deployment to active blocking and policy enforcement as toolsets are better understood and trusted, and operational requirements are met. Industry observers maintain that DLP solutions can pay big dividends in terms of the information these platforms provide about the data stored, transferred and used across agency networks. Analyzing this information can help any organization determine where to apply extra layers of protection.