This quadra-choice question appears to be more and more common within enterprises .. Some help on this question and at least where to start looking …What is DLP ? (And please lets have the layman's view ...)
DLP prevents information leakage by scanning into the document / email / ... and searching for pre-defined key-words and regular expressions. If a match is found then the DLP system would tag the document and block outbound ports (removable media, CD, internet) of information transfer. It thus controls distribution at the senders side.
The DLP system can do this at multiple points i.e.
1.At the desktop level for documents residing on the computer
2.At network FileShare level for documents residing on the computer
3.At the Email gateway level for outbound emails.
And what about IRM ?
IRM also prevents information leakage by granular-ly defining the “right” receivers of information and then controlling usage actions (view, print, edit, etc) of the receivers of the information.
In short, DLP controls the information distribution at the sender's end and IRM controls the information usage at the receivers side.
It might appear that the deployment of one of the above negates the need for the other. This however is not true in most cases … so lets get under the hood now ..
Lets look at the stuff that DLP and IRM companies won't tell you :
DLP :
Since it is a “transmission control” technology it is useful for organizations which want to control the transmission of information and restrict it to a specific “perimeter”. The perimeter definition is flexible here and may be defined based on devices, networks or (in some cases) applications.
For using any “new – age” concept like cloud computing or mobile computing the DLP system will take a all-or-none approach i.e. either it will completely block the technology or be ineffective when the technology is adopted. So most DLP systems do not have mobile versions and do not really know how to deal with companies looking for cloud adoption.
The “steering wheel” in case of a DLP system is in the hands of the IT / IS team.
IRM :
Since it is a “usage control” technology it is useful when information knows no perimeter and needs to cross boundaries of devices, networks and applications.
IRM systems leave control and decision making in the hands of the end users. End users awareness or willingness (or the lack of it) carries forward in the efficiency of the solution.
The “steering wheel” in case of an IRM system is decentralized and is in the hands of the business users. Good IRM systems usually provide a flexibility of not providing “end users” the right to define policies but with business unit administrators instead.
So now with this context the 30,000 feet answer to the question is …
DLP systems are useful in cases where there is a boundary within which information has to be retained. The boundary for different kinds of information could be different but there is a boundary.
IRM systems are useful where security needs to be ensured without boundaries of computers, geography or networks.
Both are required for organizations where detection and classification of information has to be followed by defining boundaries for certain kinds of information and defining rules for rightful use outside of the boundary for other kinds of information. The way these technologies would work together is that whenever information is sent to a receiver, the DLP system would scan for relevant keywords and pattern matching and if found would call the IRM system to protect the document with the relevant IRM policy. Thereafter, the document remains persistently protected irrespective of the location (inside or outside the organization) of the document.
None of the technologies are useful when the information to be protected is not voluminous i.e. If the information is small enough to be memorized or jotted down then other kinds of security (including physical security) is the best option.
Posts
0 comments:
Post a Comment