Home » Data Protection » Application Security

In Depth

Solving the DLP Puzzle: 5 Technologies That Will Help

Before embarking on a Data Loss Prevention program, enterprises must first determine what the essential ingredients are. Here are five technological pieces of the puzzle. (Part 1 in a series)

By Bill Brenner, Senior Editor

July 08, 2009 — CSO —

About this series: Companies are clamoring for Data Loss Prevention (DLP) tools to keep their data safe from online predators. But there is much confusion over what the true ingredients are. In this series, CSOonline talks to security practitioners, analysts and other experts for a crash-course on what DLP is, what it isn't and how to get on the right track. We'll begin with the proper technologies to use, followed by the right people policies.

Most security vendors will tell you they have just the thing for your DLP needs. But some industry experts say enterprises often buy products that, once installed, don't perform all the functions necessary to keep sensitive information safe. [See also: Security Analyst to DLP Vendors: Watch Your Language]

We reached out to several IT security professionals in an effort to zero in on the true elements of an effective DLP program -- from the technology to people policies -- and how best to fit the pieces together. This article will focus specifically on five technological approaches that, when used together, offer a solid data defense.

See also: Data Loss Prevention Dos and Don'ts

1. Data discovery, classification and fingerprinting
Richard Stiennon, chief research analyst at IT-Harvest, said a complete DLP solution must be able to identify your IP and make it possible to detect when it is "leaking."

William Pfeifer, CISSP and IT security consultant at the Enforcement Support Agency in San Diego, agrees, calling data classification the prerequisite for everything that follows. "You cannot protect everything," he said. "Therefore methodology, technology, policy and training is involved in this stage to isolate the asset (or assets) that one is protecting and then making that asset the focus of the protection."

Nick Selby, former research director for enterprise security at The 451 Group and CEO/co-founder of Cambridge Infosec Associates, said the key is to develop a data classification system that has a fighting chance of working. To that end, lumping data into too few or too many buckets is a recipe for failure.

"The magic number tends to be three or four buckets -- public, internal use only, classified, and so on," he said.

2. Encryption
This is a tricky one, as some security pros will tell you encryption does not equal DLP. And that's true to a point.

As former Gartner analyst and Securosis founder Rich Mogull put it, encryption is often sold as a DLP product, but it doesn't do the entire job by itself.

Those polled don't disagree with that statement. But they do believe encryption is a necessary part of DLP. "The only thing [encryption doesn't cover] is taking screen shots and printing them out or smuggling them out on a thumb drive. Not sure I have a solution to that one. It also leaves out stereography, but then is anyone really worried about that?" Pfeifer asked. Specifically, he cites encryption as a DLP staple for protecting data at rest, in use and in motion.