Data Loss Prevention Dos and Don'ts

Data loss prevention tools provide powerful security capabilities - if used correctly

For instance, network capabilities alone can't detect sensitive data that doesn't pass through one of the DLP network sensors, while host-based systems can't detect anything on a nonmanaged system, Gartner points out. "They'll stop the ill-informed, dumber bad guys, but not the ones who know the tools are in place," Mogull says.

DON'T get confused between USB blockers and DLP products that—through end point agents—enable you to prevent sensitive data from being copied onto USB devices. The original USB blockers lack content awareness, according to Gartner; that is, they block copying altogether, not just the copying of particular data. On the other hand, companies such as Centennial, Verdasys and Safend all offer products that make content-based decisions. For instance, they'll prohibit copying of files from certain servers, certain file types or files containing Social Security numbers.

DON'T rush into blocking. More products are emerging that can block users from performing certain actions on sensitive data, such as copying, printing or e-mailing. However, users like Randy Barr, chief security officer at WebEx Communications, would prefer to be notified when users do something that's against security policy rather than stop them outright. That's because, when he deployed a network-based tool from Reconnex two years ago, he found that 80 percent of the violations occurred because employees were unaware of regulatory rules or company policy.

For instance, some employees were e-mailing files with sensitive data over the Web to their home computers when they wanted to work from home. And in one case, a vacationing employee revealed his user ID and password to a coworker over an instant messaging session so that the coworker could get some needed information on his personal drive. "It helps us identify violations so we can go in and do some quick awareness training," Barr says.

Barr is also concerned that blocking would hinder some employees from performing essential job tasks. "I don't want to hinder them—I want to audit what they're doing," he says. "I wanted a tool that would provide awareness to employees and also log an alert to me."

Besides, he says, blocking may actually encourage someone intent on criminal activity to find other means to transport data. "If they're really malicious, they may find other ways to take the data, like storing it on an iPhone, an iPod or a USB," he says. He has looked into tools that block copying data to external drives, but for now, he'd rather be alerted and have the tool tell the user it's against policy.