Data Leaks: The Nightmare Continues

Security has always been a major concern among enterprises. From server to networking to application, it is an indispensable investment. Keeping in mind the increasing need for information security, firewalls, anti-virus applications, and anti-malware are being installed to make sure that no infected element enters the network.

[image_library_tag 444/2444, class=”left” title=”dot31″ alt=”dot31″ ,default]

But the escalating need for internet followed by dot com boom and the web2.0 revolution had opened up more channels of communication. And it was during the y2k period, enterprises started realizing the threat of data going out of their networks, which is further susceptible to either intentional leak or unintentional loss of confidential information.

Reacting to the threat, in 2005-07 many security vendors launched campaigns of Data Loss Prevention software suites or DLP as it is commonly referred to. Since then, the core DLP went through multiple versions upgrade and features enhancement. What they were selling or packing in a suite was data loss, digital rights management, and identity and access management solution, etc.

But the real question is: Have these solutions really helped in solving the core issue of data leak/loss?

 

How DLPs have Evolved

Over the last 6-7 years, DLP solutions have evolved in nature. They now cover both host and network based data flow. They have gained a holistic approach in monitoring the data in any form either the data is in use or in transit or at rest. The earlier versions would provide report of data loss.

While the latest offerings are capable of servicing over cloud, over network as SaaS, and also offer intelligent and analytical tools.

Websense has been one of the strongest players in this space and claims to be the first to market DLP with botnet protection. As of today, Websence offers 4 product choices which give protection for all the 3 types of data: Data security gateway, data discover, and data endpoint.

Another player in DLP, though younger than Websence, Pawaa Software added all major features of the solution from tracking/monitoring/sending alert to blocking the user behavior (activities, which include visiting website, installation/uninstallation, USB, CD/DVD, print, IM, FTP, email, webmail, etc).

 

With the evolution in DLPs, Nataraj N, CIO Hexaware feels that the work of a CIO has also changed from the past and the complexity of daily operation has increased. While earlier employees worked on a totally restricted and secured environment, at present they are more open or vulnerable. In the midst of these multiple exits/entry points, CIOs need to build a smart central surveillance mechanism. A solution with proactive intelligence and monitoring reports, which the CIOs access on regular basis and maintain a constant vigil.

Talking further about DLP’s evolution, Prashant Parmar, head, pre sales, Pawaa Software states, “In earlier days, DLP was more focused with perimeter security wherein protecting data leaks from the organization’s network was the priority. Right now, DLP has moved to the next level, wherein it believes that protecting data wherever it resides irrespective of the location. Of course, technologies are improving, innovation is taking place in each and every space, including DLP. It definitely helps organization to reduce its risk level by 70 to 80%.

What should DLPs Offer?

A DLP solution nowadays must include: Web, email, and endpoints or laptops among the communication channels it can secure. As an added benefit, if necessary, it may also be able to block transmission of data on these channels. Since managing separate policies for each channel can be burdensome, a DLP solution should also be able to provide policy management and reporting capabilities. The solution should also be customizable, allowing organizations to tailor their built-in policy based on their specific regional or industry requirements.

A typical solution would feature:

 

  • Real-time enforcement options across network
  • Endpoint and discovered data repositories
  • Data loss prevention for SecurityasaService (SaaS) applications
  • Detection capability covering multiple communications
  • Discovery of confidential data in local and network data repositories
  • In-built identification
  • Cyber crime intelligence
  • GRC reporting

What Figures Say

According to a report, the global DLP sales figures are estimated to be around $ 400 mn. And it is said to be gaining momentum with the new trends especially BYOD. The Indian figures per say would be even lower due to lack of regulations.

RSA country manager, India and Saarc, Kartik Shahani shared that a lot of CIOs are aware but they lack their vision. “This is partly because of lack of education and also not all vendors solutions are mature to offer enforcement, monitoring, security incident, and monitoring with real-time analytic in one package.

Last year, EMC acquired NetWitness Corporation, that is now a core element of RSA’s advanced security management solutions. RSA’s solution now includes NetWitness network monitoring and analysis technology, RSA’s enVision platform, RSA Data Loss Prevention Suite (DLP) and RSA CyberCrime Intelligence Service.

Ritesh Pothan of VISTA InfoSec mentioned in his blog that DLP solutions are incomplete since they lack a holistic solution. He writes that a majority of DLP implementations do not succeed in delivering holistic security for a number of reasons including:

  • Incorrect DLP product assessment and selection
  • Inadequate as well as inaccurate planning
  • Paucity of information and employee time
  • Inadequate resources at the device, network, and host layers
  • Enthusiastic deployment timelines
  • Inadequate user awareness
  • Lack of top management, business owner, and employee support
  • Inadequate risk assessment as well as data classification
  • No information security and management framework

Inadequate communication between the IT department and employees
He further states that DLP is an enterprise solution which tightly integrates into the perimeter defense but lacks the ability to control data that has left the confines of the enterprise.

Conclusion

Data leak is still a bitter reality and even after 6-7 years of research and work by various security vendors, CIOs continue to face it. Even a best-of-breed DLP solution can solve only 65-70% of the work, the remaining 40-30% still matters. Any security solution for that matter is firstly judged on parameters of policies, like how to adapt the change and still ensure exposure is close to zero. A recent research by Dynamic Markets on behalf of Websense revealed that data breaching has become a big issue and is much more stressful than getting a divorce, managing personal debt, or being in a minor car accident. Fourteen percent say losing their job would be less stressful than staying in their current role.

Leave a Reply

Your email address will not be published. Required fields are marked *