DLP: An Important Tool In Protecting Data During Mergers & Acquisitions

Data loss prevention (DLP) is a topic I've covered in the past because it's important in these times of targeted attacks and accidental data loss. It also tends to be a controversial topic since many people view it differently due to the variation in definitions of what the technology really is. For example, DLP vendors have solutions that range from basic content filtering at the network gateway to complex network- and host-based monitoring solutions, leaving the definition up to the vendor who is selling the solution.Since the current state of the economy is in flux, some companies are closing doors while others are opening new doors through mergers and acquisitions. This could easily spell a quick uptick in business for DLP vendors. I read a blog related to this over at eWeek written by a senior manager from Websense (a DLP vendor) that not only makes a case for having DLP (which you'd expect since it is vendor-written) but also drives home the three things I've said before are necessary for companies wanting to protect their data.

Businesses have to monitor, discover, and implement policy to protect the sensitive information resources. I usually think of the data discovery process as coming before the monitoring step, and it can arguably be done either way effectively as long as both processes are used to enhance one another. For example, if you start monitoring for sensitive data first, you won't fully understand what data needs to be monitored before discovering it. Initial monitoring will be for generic things such as Social Security numbers and credit card numbers until data discovery is done and what needs to be monitored is refined.

If data discovery takes place first, then more specific rules can be put into the monitoring system; however, generic rules should still be kept in the monitoring system to help identify systems and data that may have been missed. Once the data is discovered and is being monitored, policies need to be implemented that define what systems should be using the data and what users should have access to, and the monitoring system should be updated again to reflect those policies in order to detect, and hopefully, prevent violations.

In nearly every security book and class I've taken that covers the attack process, the first step is enumeration of the target's resources in order to find the best avenue for attack. One of the more common areas to target is a new merger or subsidiary of the target because their network is less likely to be secure and could end up being a back door into the target through a hastily set-up VPN.

With the eWeek blogger writing, "with current economic conditions greasing the skids for a merger frenzy," I think we're looking at the potential for a number of companies to get hacked due to poor due diligence in securing the networks of the merged/acquired companies' resources in addition to intentional data theft and accidental data loss.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.