Data Loss Prevention Systems: Do you need one?

Data loss prevention systems are another form of employee monitoring which aim to detect the possible transfer or vulnerable storage of valuable and sensitive data assets. Reports from Osterman Research indicate that employees who use email also use instant messaging clients and wikis, post to blogs, use personal Webmail accounts for business purposes, check email from home, send files through FTP systems, take work home and on the road, use USB thumbdrives, transport corporate data on mobile devices, and use collaboration tools of various types.

Most of these communications and files are sent and transported without any sort of monitoring, encryption or oversight. The result is that organizations are deploying a growing array of tools and endpoints for employees to become more efficient. And, at the same time, they are creating a growing number of opportunities for information to leak out of an enterprise in unauthorized and potentially damaging ways.

The vast majority of these data breaches are inadvertent, but the opportunity exists for malicious users to send confidential and sensitive data, as well.

According to a survey conducted by Osterman Research during April 2008:

  • 100% of organizations have deployed anti-virus capabilities
  • 99% have deployed anti-spam capabilities
  • 96% have deployed anti-spyware capabilities

However, even using a fairly broad interpretation of data loss prevention (DLP) capabilities, which would include products that don’t provide true DLP functionality, only 49% of organizations have deployed these capabilities.

Clearly, the data above suggests that organizations of all sizes are well aware of the need to monitor their inbound communications for spam and malware. However, they are not nearly as aware of the need to monitor outbound communications, or they are not taking the threat as seriously as they should. This, despite the fact that 27% of organizations in the same survey reported that during the previous 12 months data or information was accidentally or maliciously leaked from their organization.

What should you do?

  • Identify the leak points.
  • Deploy systems that will take appropriate action. Based on the suspected level of data breach, the systems that monitor outbound communication should take the appropriate action.
  • Promote appropriate employee handling of data. For example, if an employee sends an inappropriate message to a co-worker or a confidential document to a competitor’s domain, a monitoring system should remind employees of corporate policies that may exist regarding the appropriateness of the communications vehicle they have chosen or other corporate policies.
  • Perform the appropriate level of inspection. Based on corporate policies, the role of the employee in the organization and other factors, content should be inspected based on the appropriate policies
  • Train and make employees aware of corporate policies.
  • Implement forensics capabilities. Organizations may want to implement forensics capabilities in order to check on how data has been handled after it has been sent, either for legal purposes or simply to understand how its data is being managed.
  • Implement a sender authentication scheme. While not an outbound content scanning mechanism, it is important for any organization to implement an authentication mechanism, such as SPF or DKIM, to ensure that recipients of its emails are given some level of assurance that the sending organization is valid.
  • Tight integration with existing infrastructure. In order to speed reduce costs, organizations should consider solutions that are well integrated with their IT infrastructure whenever possible. This approach will also speed implementation and lower on-going administration costs.