In Depth
Solving the DLP Puzzle: 5 Technologies That Will Help
Before embarking on a Data Loss Prevention program, enterprises must first determine what the essential ingredients are. Here are five technological pieces of the puzzle. (Part 1 in a series)
By Bill Brenner, Senior Editor
Stiennon said that while all encryption vendors are not DLP vendors, applying encryption is a critical component to DLP. "It could be as simple as enforcing a policy," he said. "When you see spreadsheets as attachments, encrypt them."
3. Gateway detection and blocking.
This one would seem obvious, since an IT shop can't prevent data loss without deploying tools that can detect and block malicious activity.
Sean Steele, senior security consultant at InfoLock Technologies, said the key is to have something in place that provides real-time (or close to real-time) monitoring and blocking capabilities for data that's headed outbound at the network perimeter, data at rest ("sensitive or interesting/frightening data sitting on my network file shares, SAN, tier 1/2 storage, etc.," he said); and data being used by human beings at the network's endpoints and servers.
4. E-mail integration
Since e-mail is an easy target for data thieves, whether they are sending e-mails with links to computer-hijacking malware [see Botnets: 4 Reasons It's Getting Harder to Find and Fight Them] or sending out e-mails from the inside with proprietary company data [see Embarrassing Insider Jobs Highlight Security, Privacy Holes], partnerships between security vendors and e-mail gateway providers are an essential piece of the DLP puzzle. Fortunately, Stiennon said, "Most DLP vendors formed partnerships with e-mail gateways early on."
5. Device management
Given the mobility of workers and their computing devices these days [laptops, smart phones, USB sticks], security tools that help the IT shop control what can and can't be done with mobile devices is a key ingredient of DLP.
Stiennon is particularly concerned about the USB devices that could be used to steal data. "Being able to control the use of USB devices is a key requirement of a DLP solution," he said.
Next week: A look at what SHOULD NOT be accepted as DLP.Other stories by Bill Brenner
DLP
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
