Data Leakage Prevention

Data Leakage Prevention

Securing Organizations Confidential Data with Data Loss Prevention Systems

Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems, ERP and other data storage solutions which resides in cyber space, we have seen increasing number of frauds associated with the technology revolution in the cyberspace.  It’s all about data.

This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.  Because if the statistics are speaking most of the malicious attacks are carried out with the involvement of the internal users. Therefore we have to protect the data aligning with the security standards and countries privacy laws.   In my point of view there should be a balance between security measurements and privacy.

Potential Threats

ID Theft Tops FTC's List of Complaints

•          For the 5^th straight year, identity theft ranked 1^st of all fraud complaints.  

•          10 million cases of Identity Theft annually. 

•          59 percent of companies have detected some internal abuse of their networks

Top 10 Most Frequent Incidents

1.             Patient PHI sent to partner, again, and again

2.             Employee 401k information sent outbound and inbound

3.             Payroll data being sent to home email address

4.             Draft press release to outside legal council

5.             Financial and M&A postings to message boards

6.             Source code sent with resume to competitor

7.             SSNs…and thousands of them

8.             Credit Card or account numbers….and thousands of them

9.             Confidential patient information  

10.          Internal memos and confidential information

Data Loss Prevention - Three Key Customer Challenges

1.             Where is my confidential data stored?–        Data at Rest
This address the data storage and databases.

2.             Where is my confidential data going?–        Data in Motion
This address the data leakage protection which is done in the network layer.

3.             How do I fix my data loss problems? –   Data Policy Enforcement

   Why Data Loss Prevention is a Priority

•          Compliance

•          Brand and Reputation Protection

•          Remediation Cost

Unified Data at Rest and Data in Motion Protection

DLP Solutions 

Now let’s consider the solution are available to mitigate this and secure your data. DLP solution are one of the sophisticated tool which can use to protect data while having insight of your data. Below I have add some market leading DLPs and some of the features which caught my eye. Mainly most of the DLP have the same features but depending on the vendor the products maturity and few features changes. Mainly in almost in all DLPs the data leakage protection is broken in to three layers. It is the network data protection, storage data protection and endpoint data protection.

Definition of Data Loss Prevention

Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use, through deep content analysis.

                  -Rich Mogull of Securosis

Identify where holes or exit points where leaks may occur

Instant messaging (Yahoo Instant Messaging, Windows Live)

P2P file sharing (e.g. LimeWire case as reported by LA Times)

Media streaming

Web mail (Yahoo mail, Gmail, Hotmail)

USB storage devices (ZDNet story from UK)

Removable drives

Devices connected through external ports (Firewire, serial, parallel)

FTP server

Printouts

     How data are flagged and identified

Ini  Initial   predefined policies 

S   Social security numbers

Pr  Prescribed in HIPAA, SOX, GLBA, etc.(Bank account numbers, Credit card numbers)

C   Customized categories based on client needs

D   Data Discovery

Lo  Looks into the content and not just the file type

E   Examine context considerations (factor in parent directories, user group matching)

St  Structured data matching (SSN, credit card numbers, etc)

U   Unstructured data matching (diagrams, source codes, media files)

Fi   Fingerprint the data by using one way hash and saved in the database

In   Information can then be used to identify confidential data elsewhere