WikiLeaks fallout: DLP helps but doesn't solve, analysts say
Data leak prevention technologies have a limited but important role in protecting enterprise data, analysts say. But can the technology prevent another WikiLeaks-like fiasco?
By George V. Hulme, Contributing Writer
December 17, 2010 — CSO —
In the aftermath of the Wikileaks fiasco, enterprises are wondering what the breach of so many sensitive documents means, and if such an event could ever happen to them. One of the technologies vendors and solution providers are feverishly pushing as the answer is Data Leak Prevention (DLP) technology.
According to IDC, while sensitive information leaks were seen as the second greatest threat to enterprise security, only 31.4 percent of organizations had adopted DLP. At the time of the study, which was December 2009, only 14.5 percent of organizations had plans to purchase DLP. It's probably a good hunch, considering what has become public on the Operation Aurora attacks and the more recent Wikileaks phenomenon, that many enterprises are giving DLP a much closer look today.
DLP is widely marketed as the way to stop confidential information from sliding out the door on notebooks, smartphones, iPods, portable storage, and many other devices. Or, as US Army intelligence analyst Private First Class Bradley Manning is alleged to have done: copy and walk away with reportedly 250,000 files designated (at the least) as classified -- on a writable CD labeled as Lady Gaga music -- from the Secret Internet Protocol Router Network (SIPRNet). SIPRNet is run by the US Department of Defense and the U.S. Department of State.
Would having DLP in place had prevented that leak? Analysts are doubtful. DLP technology is very good at protecting specific types of information, but not protecting all of the information generated and managed by an organization. "In this case, the content taken appears to have been a mass amount of information that Manning had legitimate access to," says Rich Mogull, founder and analyst at the research firm Securosis. "DLP is not good at stopping this sort of incident, where a broad amount of data is taken."
Experts also agreed that while DLP has its place in the enterprise, it would provide no definitive protection against similar attacks from trusted insiders. "There is no 100 percent solution to stop a motivated insider from stealing information," says Mike Rothman, president and analyst at Securosis.
Also read The 2011 Executive Guide to DLP, a 4pp PDF that clearly spells out the foundations of data loss prevention [CSO Insider registration required]