In March 2009 Bloor Research released a Market Update on the subject of Data Loss Prevention.
The current stress in the worldwide economy has manifested itself in many ways. As well as macro economic upheaval and the challenges it presents the public and private sector more practical and localised issues are appearing, including the increase risk to businesses of data loss.
Previous work at Bloor Research has underpinned the significance of the inside threat to data loss. Whilst this problem has often been attributed to the "incompetent and non-malicious" user releasing data by mistake the increasing numbers of disaffected white collar knowledge workers being made redundant is seeing an increase in "competent and malicious" data loss incidents.
Publicity surrounding significant data loss incidents over the past year have brought the issue to the fore. Senior politicians have become embroiled in public sector episodes as much as private sector company directors. Clearly data loss can be summarised in one word - risk, and it is up to security professionals to work with the business to mitigate this risk be it to shareholder value, reputation or personal embarrassment.
Data protection often starts with the creation of IT security policies through to user education and the deployment of supporting technology.
Data leak prevention can play a significant part in this data protection as it prevents unauthorised data leaving an organisation's endpoints. It does this using a variety of techniques including key word matching, traffic pattern analysis, network monitoring and file tracking. Although no data leak prevention vendor would ever guarantee 100% of all leaks would be prevented a solution such as this can form a major part of an organisation's security strategy.
Many organisations are combining data leak prevention with data encryption so that if any significant data does leave the organisation it will remain encrypted and therefore unusable to anyone other than an authorised recipient. This combined approach of leak prevention and encryption is referred to as Enterprise Data Protection and is subject to another market update from Bloor Research.
Data leak prevention and data loss prevention are generally synonymous terms but data loss prevention has also been used to describe data encryption. The term extrusion prevention is also used by some vendors to describe data leak prevention.
Data leak prevention technologies can be quite advanced as they need to determine the validity of a piece of data being moved from one place to another without stopping legitimate business access to the data.
In some systems analysis is undertaken of the data traffic pattern over a period of time to determine where data tends to originate and terminate and which users are involved in the process. It will also look at the mechanism used to transfer the data such as email, USB, CD/DVD or anyone of the many other data transmission mechanisms. Data leak prevention systems will often detect the use of keywords during the attempted data transmission picking up on obvious candidate terms such as "confidential" and "executive" to indicate a potential leak.
Some solutions act at the network packet level reviewing data as it passes through the network. These systems will analyse a particular file or set of data and determine if its use is appropriate rather than examining explicit user behaviour. Over time a data leak prevention solution will often build up a comprehensive map of data movements and be able to flag potential violations. This flagging will often be in the form of a message to the user telling them that the data movement they are attempting may be in violation of the data leak rules for an organisation. The user may then be given an opportunity to justify their action, sometimes by typing into a suitable dialog box, which can then be sent to a line manager for review. Of critical importance to users is that the system does not become a burden and an obstruction to their normal work. In many cases the number of false positive or false negative activations may change over a period of time as the data leak prevention system learns what is acceptable behaviour for particular users or data sets.
Digital rights management (DRM) is starting to be used as a way of preventing data leaks. Often with a DRM solution meta data is carried with a piece of data describing who may or may not have access to it. Using this technique some vendors promote the notion of security travelling with a set of data where ever it goes. An analysis of DRM vendors is outside the scope of this market update but some have been included where they have a complimentary data leak prevention offering.
A number of vendors also provide content inspection appliances to monitor data as it passes through a network. Where appropriate these have also been included in this report when complimented by a data leak prevention offering.
The Market Update is available free of charge at BloorAnswers.com and features a number of vendors including;
- Sophos (Utimaco)
- FrontRange Solutions
- GTB Technologies
- Tumbleweed Communications
- Fidelis Security Systems
- Lumension Security
- Code Green Networks
- CA (Orchestria)