Protecting data

The challenges that enterprises face as they seek to protect themselves against accidental disclosure and malicious theft of sensitive information by insiders and hackers mean that no company can afford not to invest in a coherent data loss prevention (DLP) strategy. The alternative is to expose the business to severe financial, legal and reputation risks.

DLP can be loosely defined as the combination of people, processes and technology that ensures confidential and sensitive data does not leak from an organisation and end up in the hands of unauthorised people.

Over the past few years, DLP has matured rapidly and a wide range of solutions is available on the market. DLP tools and technologies can be divided into three broad categories: those at the core of the network that protect data at rest; those at the gateway that keep watch over data in motion; and finally, endpoint solutions that keep an eye on data in use.

Some vendors offer all three flavours of DLP in integrated packages, but many vendors specialise in one of the three categories and most sell the technologies separately. Depending on their business needs, organisations might buy one of these solutions, or a mix of them to protect their information from leakages.

Many companies start at the gateway - the data in motion component of a DLP solution. Data in motion is information that is travelling across the network. Gateway security products are perhaps the most mature segment of the DLP market and allow organisations to establish network security policies, monitor network traffic, including e-mail, Web and FTP traffic, and detect and block policy violations.

One reason that the gateway is a good place to start with a DLP implementation is that it is relatively simple to configure and implement a gateway solution.

The gateway solution is set up and managed centrally, and delivers a set of policies that covers all the people using the network as well as the information it carries. A gateway DLP will protect companies from about 80% of the potential leakages they will experience, so it starts paying dividends almost immediately.

One of the challenges companies might face when rolling out a gateway solution lies in analysing data leaving the network and preventing unauthorised use without impacting the performance of the network.

Although securing the gateway is a good start, companies should not neglect the endpoint.

Guy Golan is MD of New Generation Solutions.

Although securing the gateway is a good start, companies should not neglect the endpoint. The endpoint is where data is in use - in other words, where end-users are capturing, retrieving, processing and working with information on their notebooks and desktops.

By contrast, with the relative simplicity of rolling out a gateway solution, implementing and managing an endpoint DLP solution is complex because it involves installing software on each user's computer and configuring appropriate policies for different people in the enterprise.

Companies should implement an endpoint solution only after they have introduced gateway DLP. The gateway DLP will contain most of the policies that will be relevant to the endpoint, simplifying implementation. Enterprises that take the opposite approach risk creating extra costs, redundant work and confusion among stakeholders, rather than putting in place a single, simple policy that can be efficiently enforced.

DLP solutions for the endpoint prevent users from using, capturing and processing data on the endpoint (ie, memory stick, cellphone, laptop hard drive, local printer, burning CDs, etc). It can also enforce the company's policies while the user is away/disconnected from the network (working from home, using 3G, etc). Thus, allowing the organisation to be safe even though the user is away. That includes printing, e-mailing, saving, copying or any other form of processing the data.

Endpoint solutions eliminate the temptation factor that is present in so many fraud cases arising from internal security breaches - the user may know they cannot access or move data without the necessary rights and they will be caught if they break company policy.

Finally, there is a range of solutions on the market that focus on protecting data at rest, or data in storage, throughout the enterprise. These solutions help enterprises to find, identify and classify information, which may reside in temporary folders on PC hard drives spread across the enterprise, as well as in their data centres.

Data can be encrypted and organisations can also ensure they don't have data unnecessarily duplicated in parts of the network where it doesn't belong. An "e-discovery" tool is also helpful for organisations that are busy with data classification projects, since it provides them with proof of the validity of the data they try to protect, and apply policies too.

One of the biggest challenges the South African market is facing is a scarcity of business and technical skills around DLP. In a market where many vendors are offering DLP solutions in the market, I recommend that organisations adopt a solution that has the following advantages:

* A powerful detection engine with guaranteed accuracy.
* A convincing roadmap and large installed base around the world and in South Africa.
* Scalability across two dimensions: number of users and protection (ie, data in motion, data in use and data at rest).
* Support from a vendor and implementation partner that demonstrate technical proven experience and business understanding around areas such as policy creation and enforcement, encryption and so on.

Ultimately, companies need protection at the core, gateway, and endpoint to ensure their data is safe from accidental or deliberate leakage. Companies should address their security vulnerabilities in a holistic manner rather than simply trying to patch up their pain points.

* Guy Golan is MD of New Generation Solutions.