For companies that can afford to support a larger security infrastructure, a full suite of DLP tools will let workers take data with them and still keep it protected, minimizing the impact on business processes. Network appliances monitor communications, while software agents enforce policies.
By reducing and consolidating critical data and then using an enterprise DLP suite, IT has a much better chance of detecting and stopping attacks and leaks. "If you're monitoring the right systems, you can get to them before the data gets out," says HP's Kalember.
But a comprehensive deployment is too complex for most companies to do all at once, as well as being too expensive. "We always argue for a phased deployment," says Gartner's Henry. "You probably want to start with just discovery, or just endpoint, or just network monitoring."
Going forward, the technology should become more affordable as more security vendors provide some benefits of DLP technologies as part of their gateway appliances and other security products.
As DLP becomes more mainstream, companies that don't want to make the multiappliance investment will opt for email gateways, firewalls, and intrusion detection systems that also have some DLP features. "DLP technology is only going to become more ubiquitous--it's going to go into all sorts of different places," says Nikfar Khaleeli, group product marketing manager for data loss prevention at McAfee, an Intel subsidiary.
And that's just what businesses need as they try to protect all that elusive data that's spread out over the enterprise.
Sidebar The Dark Side Of Encryption:
Encryption is a necessary consideration in any data protection regime, but it can also pose a threat. Employees with bad intentions and intruders who gain access to data can use their own encryption software to make information unrecognizable and sneak it past a data loss prevention system.
It's possible for a knowledgeable person to use encryption and trickery to trump a DLP system, says Robert Hamilton, a product marketing manager for Symantec's DLP business. "If you're hell-bent on stealing documents … and you're clever about it, there are ways of getting around it," he says.
To detect attempts to use encryption to steal data, look for the telltale signs that workers are trying to hide information, rather than trying to decode the encrypted data itself. "There will be some anomalous access to the database. There will be a staging server. And data will be archived and hashed up into smaller files--that's a pretty consistent MO in these cases," says Ryan Kalember, VP at HP's enterprise security business.
DLP and security information and event monitoring systems can detect when employees are encrypting data in suspicious ways. Pattern analysis also can detect when encryption is being misused. --Robert Lemos