Jump to content

Data loss prevention software: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Entbark (talk | contribs)
Removed sentence for being non-notable and not necessary.
Entbark (talk | contribs)
m Types of ILD&P Systems: Changed ILD&P to DLP to match title.
Line 20: Line 20:
Over the years, organizations have spent large amounts of resources to protect information. Most of these efforts have focused on preventing outsiders from hacking into the organization. However, according to analyst firms, the majority of all leaks are the result of unintentional information loss from employees and partners, both externally and internally.
Over the years, organizations have spent large amounts of resources to protect information. Most of these efforts have focused on preventing outsiders from hacking into the organization. However, according to analyst firms, the majority of all leaks are the result of unintentional information loss from employees and partners, both externally and internally.


==Types of ILD&P Systems==
==Types of DLP Systems==


===Network ILD&P===
===Network DLP===
Also referred to as Gateway-based systems. These are usually dedicated hardware/software platforms, typically installed on the organization's internet network connection, that analyze network traffic to search for unauthorized information transmissions. They have the advantage that they are simple to install, and provide a relatively low cost of ownership. Because decoding network traffic at high speed is extremely complex and difficult (transmitted objects are broken into small parts, often encoded, and then mixed with other traffic), Network based systems typically integrate with or include technologies to discover information 'at rest' while it is stored in file systems and databases. Discovering sensitive data at rest is far simpler and less time critical, thereby allowing greater levels of accuracy. Taking 'signatures' of data identified at rest, and then looking for such signatures as data passes over the network boundary, is a technique favored by virtually all Network system vendors to improve accuracy, and to identify sensitive data that would otherwise be missed.
Also referred to as Gateway-based systems. These are usually dedicated hardware/software platforms, typically installed on the organization's internet network connection, that analyze network traffic to search for unauthorized information transmissions. They have the advantage that they are simple to install, and provide a relatively low cost of ownership. Because decoding network traffic at high speed is extremely complex and difficult (transmitted objects are broken into small parts, often encoded, and then mixed with other traffic), Network based systems typically integrate with or include technologies to discover information 'at rest' while it is stored in file systems and databases. Discovering sensitive data at rest is far simpler and less time critical, thereby allowing greater levels of accuracy. Taking 'signatures' of data identified at rest, and then looking for such signatures as data passes over the network boundary, is a technique favored by virtually all Network system vendors to improve accuracy, and to identify sensitive data that would otherwise be missed.


===Host Based ILD&P systems===
===Host Based DLP systems===
Such systems run on end-user workstations or servers in the organization. Like network-based systems, host-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (eg 'Chinese walls'). They can also control email and [[Instant Messaging]] communications before they are stored in the corporate archive, such that a blocked communication (ie one which was never sent, and therefore not subject to retention rules) will not be identifed in a subsequent legal discovery situation.
Such systems run on end-user workstations or servers in the organization. Like network-based systems, host-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (eg 'Chinese walls'). They can also control email and [[Instant Messaging]] communications before they are stored in the corporate archive, such that a blocked communication (ie one which was never sent, and therefore not subject to retention rules) will not be identifed in a subsequent legal discovery situation.


Line 31: Line 31:


[[Category:Computer network security]]
[[Category:Computer network security]]





== External Links ==
== External Links ==

Revision as of 20:04, 24 January 2008

Data Loss Prevention (DLP) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. Also referred to by various vendors as Information Leak Detection & Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF) or Extrusion Prevention System by analogy to Intrusion-prevention system.

Background

The challenge of information leaks

Organizations strive to protect valuable information, but also invest in new technologies. Each new business system complicates the way information is exchanged between customers, partners, and employees, creating opportunities for information leaks. These data breaches are of significant concern, in part because they are becoming more common and more severe.[citation needed] Security professionals face two new pressures to prevent breaches:

Regulatory compliance
Many large companies now fall under oversight of government of commercial regulations that mandate controls over information, including HIPAA in health and benefits settings, GLBA in finance, and Payment Card Industry DSS standards. Some of these regulations stipulate regular audits, which organizations can fail if they lack suitable controls and due-care standards; others mandate significant penalties in the event of a breach.
New costs arising from breaches
Loss of large volumes of protected information has become a regular headline event[citation needed], forcing companies to re-issue cards, notify customers, and mitigate loss of goodwill from negative publicity.

Government and industry regulations are arguably the biggest influencers. Besides HIPAA, GLBA, and Sarbanes-Oxley, more than 25 states have passed data privacy or breach notification laws that require organizations to notify consumers when their information may have been exposed. One high-profile example is California SB1386.

Many non-regulated companies also need to secure sensitive data, including intellectual Property (IP), M&A plans, and other assets.

Over the years, organizations have spent large amounts of resources to protect information. Most of these efforts have focused on preventing outsiders from hacking into the organization. However, according to analyst firms, the majority of all leaks are the result of unintentional information loss from employees and partners, both externally and internally.

Types of DLP Systems

Network DLP

Also referred to as Gateway-based systems. These are usually dedicated hardware/software platforms, typically installed on the organization's internet network connection, that analyze network traffic to search for unauthorized information transmissions. They have the advantage that they are simple to install, and provide a relatively low cost of ownership. Because decoding network traffic at high speed is extremely complex and difficult (transmitted objects are broken into small parts, often encoded, and then mixed with other traffic), Network based systems typically integrate with or include technologies to discover information 'at rest' while it is stored in file systems and databases. Discovering sensitive data at rest is far simpler and less time critical, thereby allowing greater levels of accuracy. Taking 'signatures' of data identified at rest, and then looking for such signatures as data passes over the network boundary, is a technique favored by virtually all Network system vendors to improve accuracy, and to identify sensitive data that would otherwise be missed.

Host Based DLP systems

Such systems run on end-user workstations or servers in the organization. Like network-based systems, host-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (eg 'Chinese walls'). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (ie one which was never sent, and therefore not subject to retention rules) will not be identifed in a subsequent legal discovery situation.

Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some host based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user. They have the disadvantage that they need to be installed on every workstation in the network, cannot be used on mobile devices, or where they cannot be practically installed (for example on a workstation in an internet café).

SarbanesoOxley

HIPAA