Tuesday, February 15, 2011

The Evolution of Data Loss Prevention

Data loss has become an important problem which must be addressed in many types of organizations. Despite increased awareness and more sophisticated security measures, the numbers of reported data breaches continue to grow, with high profile incidents frequently gracing the headlines. In 2009, 735 data loss incidents were reported an increase of 39% from incidents reported in 2008 (Open Security Foundation, 2009). With the average records lost per incident standing at over 750,000, the cost to organizations in terms of financial loss, fines, reputation damage and legal costs, can often amount to millions of dollars.

This increase can be attributed in part to new legislation in countries including the US, UK, Germany and Russia, which forces organizations to report data loss; and in part due to the trend of greater data centralization. This is turn increasing both the impact of a data loss incident and incentivizing malicious external attackers.

As technologies have advanced and working practices have altered, the possible routes of data loss have become complicated and numerous, making countermeasures difficult to develop. For example, organizations need to be prepared to defend themselves on a variety of different fronts. A data loss incident may be the result of malicious activities originating from an external or internal source; or occur accidentally as a result of an employee security breach.

Equally, the causes of data loss have become increasingly diverse. Popular mediums, such as social networking sites and instant messenger provide new channels for data loss, whilst the increased drive towards flexible working has caused a significant growth in portable devices capable of storing large volumes and remote connectivity.




Data loss prevention (DLP) solutions have evolved over time in response to these changing circumstances. In the early stages, network security technologies were deployed, to protect data from external threats, such as viruses and unauthorized access. Following this, there was a drive towards end-point security technologies, to protect the data stored on PCs, laptops and mobile devices, by deploying data encryption techniques.

However, individual end-point measures in themselves have become limited and there is a need for information-centric security technologies. The aim of the latest DLP solutions is to protect an organization’s critical data wherever it exists by identifying sensitive data at rest (in storage), in use (during an operation) or in motion (transmission across a network).

Gartner recently coined the phrase ‘content aware DLP’ to describe a set of technologies able to classify information content within an object, such as a file, email, data packet or application; and dynamically apply a policy, for example, reporting, logging, classifying, relocating, tagging and encrypting data throughout the entire data life cycle. However, with the variety of different product offering from a growing number of DLP vendors, identifying the right solution for your organization is a complex task.

Whilst DLP solutions can be a powerful tool in preventing data loss incidents and aiding in an organizations desire to be compliant with regulation and legislation, Gartner warns that many organizations are struggling to effectively implementing these sophisticated solution. Comsec has developed tried and tested methodologies for assisting organizations develop DLP strategies based on best practices and international standards.

Our deep understanding of DLP regulations & legislation together with our knowledge of vendor technologies enables us to assist organizations in selecting and implementing an appropriate solution. From undertaking a risk assessment of your existing security environment, mapping existing DLP systems, documentation of DLP roles, responsibilities & processes and provision of employee training & awareness programs; Comsec is able to provide end-to-end consultancy services to assist an organization successfully deploy a DLP solution.