Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

What You Really Need to Know About Data Leak Prevention

Forrester analyst Thomas Raschke cuts through the hype to answer some of the FAQs about emerging DLP technology

BOSTON -- Forrester Research Security Conference 2008 -- Do you ever wish people would stop hyping data leak prevention (DLP) technology and just tell you what you really want to know? Forrester analyst Thomas Raschke took a crack at it here yesterday.

In a session entitled "The Keys to Successful DLP Implementations," Raschke offered advice from the installations he's seen so far and from market research his company has conducted on the emerging DLP technology, which is designed to prevent insiders from accidentally exposing sensitive data.

The following is a summary of Raschke's talk on DLP, which focused on answering some of users' most frequently asked questions about the technology and how to make it work.

  • 1. What's the big deal about DLP? Why are so many companies planning to deploy it?

    Sensitive data in a secured corporate environment is like water in a container, Raschke said: It will seek the easiest methods to leak out. Last year, approximately 168 million sensitive data records -- mostly customers' or employees' personal information -- were lost or exposed, mostly through corporate errors. This year, we've already exceeded that number.

    Every two or three years, the volume of data in the enterprise doubles, Raschke observed. Yet, with the popularity of mobile devices and removable storage media, the data has more points of egress than ever. "This problem is not going to go away," he said.

  • 2. What do DLP products really do?

    A solid DLP solution has four basic functions, according to Raschke. First, it provides a means to identify and classify sensitive data -- not all of your company's data needs special treatment. Second, it provides the means to apply policies for handling different kinds of data, based on its content and context.

    Third, a DLP solution should provide a way to monitor the data as it travels around the business, ensuring that the policies are being enforced. Lastly, it should provide a way to audit and report on the status of sensitive data, and document any incidents in which the data was threatened.

  • 3. Who are the leading vendors in the DLP space?

    The market is shifting rapidly, and Forrester is expecting another round of consolidation in the near future. But in the most recent Forrester Wave study on DLP, the top vendors were Reconnex, which was recently acquired by McAfee; Verdasys, Vericept, Websense, RSA, and Symantec. Many of these vendors have gotten into the market by acquiring other companies, he observed.

  • 4. How can I cost-justify the purchase of DLP technology to my management?

    One way is to look at the costs associated with data leaks, Raschke suggested. A serious breach can result in significant costs to the business, including the costs of discovery, notification of those affected, lost employee productivity, opportunity cost (usually in the form of lost customers), fines or restitution required by courts or regulatory agencies, and additional auditing required after a leak.

    While not all of these factors may affect every company in every breach situation, the cost of discovery and notification -- which are typically required in every leak -- is about $50 per lost record, Raschke said.

  • 5. What are the basic steps to implementing DLP?

    It's a good idea to bring in a few DLP products and test drive them at the outset of your DLP project, Raschke suggested. Even if you don't have a data classification program in place, a good DLP tool can help you identify your company's most sensitive data and define the risks associated with a breach.

    Once you have an idea of what your sensitive data looks like, you can define your policies for handling different types of data and the scope of your DLP project. "Don't try to do everything at once -- start with the most critical data."

    With basic policies in place, you can fully implement DLP technology to fine-tune them, Raschke stated. Then you can integrate DLP into a broader program of data classification and policy management, so that users are educated in how to handle data, and the rules are broadly enforced.

  • 6. How long does it take to implement DLP?

    A full implementation of DLP technology can take years, so it might be more effective to talk about the interval between the start of the implementation and the time your organization begins to see results. This interval is usually between six months and a year, depending on the size of the project.

    Raschke noted that many DLP vendors and products have templates for working with data that is widely regarded as sensitive, such as personally identifiable information, financial information, customer lists, and other data that may be classified as sensitive under compliance initiatives such as SOX or PCI. The hardest part of a DLP project is identifying and classifying unstructured data or information that is unique to your industry or company.

  • 7. What are the key points of integration between DLP and other technologies that I might already have in place?

    All companies are different in what technologies they might have or need, but DLP usually involves some form of encryption, Raschke observed. If you're using encryption tools or digital rights management, those will likely be the first points of integration.

    DLP systems and policies often also touch wireless, mobile, and portable data storage systems and policies. They may also need to be integrated with other policy management or enforcement systems and practices.

    DLP also should be coupled with user training, to ensure that users understand the policies for handling sensitive data, Raschke advised. "In a perfect world, all of your users would follow policy and there'd be no need for DLP. But the idea that you can prevent data leaks by user education alone is pure fantasy."

    Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Forrester Research Inc.
  • McAfee Inc. (NYSE: MFE)
  • Reconnex Corp.
  • RSA Security Inc. (Nasdaq: EMC)
  • Symantec Corp. (Nasdaq: SYMC)
  • Verdasys Inc.
  • Vericept Corp.
  • Websense Inc. (Nasdaq: WBSN)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Why Cyber-Risk Is a C-Suite Issue
    Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
    The Cold Truth about Cyber Insurance
    Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
    Black Hat Q&A: Hacking a '90s Sports Car
    Black Hat Staff, ,  11/7/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-5230
    PUBLISHED: 2019-11-13
    P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
    CVE-2019-5231
    PUBLISHED: 2019-11-13
    P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
    CVE-2019-5233
    PUBLISHED: 2019-11-13
    Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
    CVE-2019-5246
    PUBLISHED: 2019-11-13
    Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
    CVE-2010-4177
    PUBLISHED: 2019-11-12
    mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.