Companies worldwide are embracing a slew of new technologies to automate security functions in the face of threats and risks that increase exponentially with each new advance. Data assets must be protected throughout the lifecycle of creation-storage-transmission-use-archival and deletion and Data Loss Prevention (DLP) solutions are increasingly deployed for this purpose. DLP solutions provide methods to discover, classify and protect information. DLP also provides end-point security by securing and monitoring network connections, USB ports, CD drives etc.
There are however chinks in the DLP armor … The fundamental promise of any DLP system is protection against the “insider threat”. Lets look at these words more carefully here …
In an enterprise context, an “insider” is any person who participates in business processes and is privy to confidential information. For any enterprise of a reasonable size, this fairly universal definition of “insider” would include employees, consultants, board members, vendors, lawyers, auditors & customers. Now lets look at “threat” whose dictionary meaning is “potential harm”. In most cases the threat of information breach is too dependent on context, it depends on ..
1. WHAT information – You care more about salary information than information related to the office picnic expenses
2. WHO is the person – The CEO sending forward looking financial statements to the board is OK, the finance executive sharing it with his trader friend is not.
3. WHAT is the action – Viewing an approved budget not of USD 50,000 is OK, editing it to read USD 500,000 is not !!
4. WHEN is the action – Viewing due diligence documents while a M&A transaction is being evaluated is OK but not after it has been turned down !!
&
5. WHERE is the action – Business plan documents accessed within the enterprise are OK but not outside
For most DLP systems the scope of coverage is restricted to employees and the capability to dynamically define “threat” is limited. To extend the scope of “content-aware” DLP systems to cover the “insider threat” enterprises are increasingly deploying Information Rights Management (IRM) solutions. IRM solutions allow “persistent” protection of information as it travels within and outside of the enterprise. IRM also allows for dynamic definition of usage policies which control information.
Seclore FileSecure is the most easily integrable IRM solution available today. Any DLP system can significantly increase its utility by using Seclore FileSecure's rights management capability to extend policy enforcement outside of the organization.
So, if you have a DLP system or you are considering one check if you can
1. Assign and modify usage control rights for information through its lifecycle
2. Control the usage of the information when it goes outside of the organization.
Chances are that the answer to the above is NO … in which case you need Seclore FileSecure to complete the promise of DLP.
There are however chinks in the DLP armor … The fundamental promise of any DLP system is protection against the “insider threat”. Lets look at these words more carefully here …
In an enterprise context, an “insider” is any person who participates in business processes and is privy to confidential information. For any enterprise of a reasonable size, this fairly universal definition of “insider” would include employees, consultants, board members, vendors, lawyers, auditors & customers. Now lets look at “threat” whose dictionary meaning is “potential harm”. In most cases the threat of information breach is too dependent on context, it depends on ..
1. WHAT information – You care more about salary information than information related to the office picnic expenses
2. WHO is the person – The CEO sending forward looking financial statements to the board is OK, the finance executive sharing it with his trader friend is not.
3. WHAT is the action – Viewing an approved budget not of USD 50,000 is OK, editing it to read USD 500,000 is not !!
4. WHEN is the action – Viewing due diligence documents while a M&A transaction is being evaluated is OK but not after it has been turned down !!
&
5. WHERE is the action – Business plan documents accessed within the enterprise are OK but not outside
For most DLP systems the scope of coverage is restricted to employees and the capability to dynamically define “threat” is limited. To extend the scope of “content-aware” DLP systems to cover the “insider threat” enterprises are increasingly deploying Information Rights Management (IRM) solutions. IRM solutions allow “persistent” protection of information as it travels within and outside of the enterprise. IRM also allows for dynamic definition of usage policies which control information.
Seclore FileSecure is the most easily integrable IRM solution available today. Any DLP system can significantly increase its utility by using Seclore FileSecure's rights management capability to extend policy enforcement outside of the organization.
So, if you have a DLP system or you are considering one check if you can
1. Assign and modify usage control rights for information through its lifecycle
2. Control the usage of the information when it goes outside of the organization.
Chances are that the answer to the above is NO … in which case you need Seclore FileSecure to complete the promise of DLP.
Posts
0 comments:
Post a Comment