Data loss prevention software
Data Loss Prevention (DLP ) is a catchy marketing term from the field of information security. Also called Data Leak / Leakage Prevention, DLP has emerged from the "Extrusion Prevention " technology. Seen Classic DLP is one of the protective measures that directly support the protection of confidentiality of data and depending on the extent directly or indirectly the integrity and assignability.
" Data Loss Prevention " and "Data Leakage Prevention " are often used interchangeably, but also distinguished by some specialists in the technical discussion: " Data Loss Prevention " is the protection against the unwanted outflow of data, the damage is caused and also noticed during " Data Leakage Prevention " for protection against a suspected but not measurable and sometimes not detectable in individual cases passing on information available to undesired receiver.
History and development
- There was DLP products long before this term to consolidate as a general term began (Avant la Lettre ).
Manufacturer of IT security solutions since about 2007 with my DLP one or more functions of their products, with the help of data to be protected against unauthorized access. Because now my many manufacturers, their products are to offer nearly capable of doing, DLP, DLP referred to an extensive smorgasbord of different IT security techniques and measures. Depending on the technology used, more or less related measures are required to produce a full protection of confidentiality.
Examples: A very simple DLP logs file names that are written to and from all USB devices. A more comprehensive DLP solution detects any change to confidential data, especially with the help of third party software, and can perform, depending on the security policy, any actions that can not be prevented even with administrative privileges of the user.
The first DLP solutions have been incidentally used in the military and offered a combination of hardware and software control. With the hardware control, for example, a USB stick can be assigned only to a specific user by a unique serial number which may describe him. The stick is of course encrypted, best completely transparent for all employees. Can read the data on the stick colleagues from the department and of course the line managers.
With the SW control is controlled which applications are allowed to run. And because authorities everything is uniform, such solutions were to use without problems. In the private sector, however - except at banks and some insurance - prevails, however, a certain amount of diversity that can not be mapped easily with a positive approach to security.
Background
The industry, in particular the innovative and leading technical middle class is affected by the data theft.
In most cases, it is (for example, especially for interns) very easy to smuggle confidential data out of the enterprise and profitable to sell. In addition to the deficiency or deficiencies in the IT security often lack adequate secure physical access controls. On top of that found in the industry a new field by eliminating the Cold War, many unemployed spies. The annual damage caused by industrial espionage in Western Europe are estimated to be a three-digit million amount.
Products to protect, inter alia, against industrial espionage, are provided after buying the liechtensteiner accounts data of the BND, the term " Data Loss Prevention ". But for most products is only to a small fragment of the mosaic that forms the protection of confidentiality. For example, can be hedged due to technical limitations of most products, not all transmission paths necessary for daily work. Or it supports very few file types. Often the protection measures are not granular enough, there is only "on" or "off", but not " A group may, under the condition that ... ". Many DLP products are no longer effective, for example, already then, if you rename or compress a file.
If you immerse yourself in a technically inadequate solutions, which was either a drop in the ocean - you said it but seriously, lead technical limitations inevitably lead to changes of all workflows that contain sensitive data across the enterprise. Comprehensive protection of confidentiality of information in an ISMS is described. So come on, Data Loss Prevention, affects nearly all conventional security systems in an organization and aims far more to the perfection already long -established security measures as the introduction of new, specialized products. The existing systems, such as identity management, encryption, monitoring, and access control still need to be supplemented by the DLP approach and complemented by a unified management that is focused on DLP purposes. With these considerations, the protection of information clearly goes much further than if data would be considered.
It makes sense to include the loyal employees of an organization in the measures for data loss prevention, and to prepare in particular through training against espionage attacks is. This is also because the ever improving protection technology can be spies increasingly resort to direct manipulation of people by means of social engineering. However, effective training must take into account that social engineering is the target persons under massive pressure, which complicates the victims a planned approach and makes learning special techniques necessary evasive.
With the introduction and implementation of Data Loss Prevention in the company a careful tuning and balancing with data protection legislation and the privacy rights of employees must be made in order to avoid violations of these rules and rights. Is known that a company violated such rights, it may suffer significant reputational losses.
Technical details
Technically, can be described by modern DLP all possible scenarios of data theft secure. It supports reading or writing to removable media, such as USB sticks and burners, and the transfer of data on volatile memory, eg via e -mail or file uploads. Even the functions of cut and paste and print screen can be prevented, depending on integration. Likewise, there are now approaches to identify data leaks proactively Static code analysis. Only the filming or photographing of the screen is - if at all - to prevent very costly.
Hardware and Software
In DLP products are either software or modules of software and hardware.
Modules are available for the network and also as extensions of existing security techniques. You work as a proxy or sniffer for proxies or mail filter. These modules currently have the lowest detection rate, the least support file formats and can be circumvented easiest. And since everyone knows that every single e- mail is logged spies are guaranteed not send unencrypted contents by e -mail.
As with most encryption solutions, the user has the right to decrypt the data using a password, it is incumbent upon the voluntary cooperation of every individual, whether protection is maintained.
An effective DLP solution can only be based agents. In principle, it is an intelligently controlled encryption. First, the software itself must be safe, must therefore not be so far been hacked and looking at a computer as a functional unit. In addition to encryption, additional functions must be available that can regulate the use of certain users with specific data. Required functions of a DLP solution are:
- Documenting what has been done with certain data,
- User information, awareness in dealing with confidential data, such as through a pop-up
- Obtain confirmation of the user, eg, by an input field in the pop-up
- Block all the actions that are possible with data
- Alert
DLP agent on workstations and servers with sensitive data are becoming more centrally managed. Certain rights are granted to the management computer for user groups or individual users. These rights can not be adjusted very precisely but in most products. Therefore important to always check whether a product meets the requirements at all. Otherwise, the company would have to be adapted to the constraints of a DLP solution, for example, that certain types of files may no longer be used.
Legal Limits
The introduction of DLP in a company raises significant privacy concerns. In particular, the employee data protection is taken into account.
References and Notes
- IT security