Data Leak Prevention

Cover from Data Leak Prevention

Date: 18th April, 2008
By: Nigel Stanley
Format: Market Update

Free Download (subject to terms)

Data leak prevention is the term used to describe a system that is put in place to stop the unauthorised loss of data outside of the control of an organisation. Data loss is a prevalent problem that has resulted in significant reputational and legal issues for many organisations. It is therefore desirable to stop data leaking in the first place rather than have to deal with the aftermath of a data loss incident.

Data leak prevention and data loss prevention are generally synonymous terms but data loss prevention has also been used to describe data encryption. The term extrusion prevention is also used by some vendors to describe data leak prevention.

Data leak prevention technologies can be quite advanced as they need to determine the validity of a piece of data being moved from one place to another without stopping legitimate business access to the data. In some systems, analysis is undertaken of the data traffic pattern over a period of time to determine where data tends to originate and terminate and which users are involved in the process. It will also look at the mechanism used to transfer the data, such as email, USB, CD/DVD or any one of the many other data transmission mechanisms. Data leak prevention systems will often detect the use of keywords during the attempted data transmission, picking up on obvious candidate terms such as “confidential” and “executive” to indicate a potential leak.

Some solutions act at the network packet level reviewing data as it passes through the network. These systems will analyse a particular file or set of data and determine if its use is appropriate, rather than examining explicit user behaviour.

Over time a data leak prevention solution will often build up a comprehensive map of data movements and be able to flag potential violations. This flagging will often be in the form of a message to the user telling them that the data movement they are attempting may be in violation of the data leak rules for an organisation. The user may then be given an opportunity to justify their action, sometimes by typing into a suitable dialog box, which can then be sent to a line manager for review.

Of critical importance to users is that the system does not become a burden and an obstruction to their normal work. In many cases the number of false positive or false negative activations may change over a period of time as the data leak prevention system learns what is acceptable behaviour for particular users or data sets.

Digital rights management (DRM) is starting to be used as a way of preventing data leaks. Often with a DRM solution, metadata is carried with a piece of data describing who may or may not have access to it. Using this technique, some vendors promote the notion of security travelling with a set of data wherever it goes.

An analysis of DRM vendors is outside the scope of this market update but some have been included where they have a complimentary data leak prevention offering. A number of vendors also provide content inspection appliances to monitor data as it passes through a network. Where appropriate, these have also been included in this report when complimented by a data leak prevention offering.