The incidence of data intentionally or unintentionally leaving corporate networks is rising. The CSI Computer Crime & Security Survey of 2008 showed that 44% of the polled companies rated data leakage as the second biggest threat to their IT security.
Data loss prevention or data leakage prevention (DLP) is now a major issue, affecting the bottom line of enterprises. According to recent research, the total number of data loss incidents in 2008 was 2,600% greater than the total number of data loss incidents in 2004.
Not only companies, but also government agencies are at risk. One of the latest losses occurred in May 2009. Some parties received data containing the latest unemployment and average earnings figures from the Office for National Statistics (ONS) before their official publication date. The ONS was forced to officially release these figures ahead of time, resulting in the value of sterling bouncing higher. (The released data showed a smaller than expected rise in claimant count unemployment even as the overall unemployment rate rose to 7.1%).
This incident is the latest addition to string of data breaches the British government has suffered over the past two years. They include leakage of secret intelligence files, the details of every prisoner in England and Wales, and information about thousands of potential army recruits.
DLP is gaining more attention as governments and organisations also realise the danger to their compliance status and to their commercial health. Web 2.0, especially peer-to-peer (P2P) networks, provides conduits through which information can leak. Intellectual property and patient information disclosed on P2P networks are a particular risk.
IBM’s Many Eyes, which is essentially a mashup application for visualising data, contains a lot of data that probably shouldn’t be there, such as sales forecasts, corporate income statements, and data from government agencies, including the CIA.
Although most data loss is unintentional, there are a growing number of intentional data loss incidents. During mergers, layoffs and reorganisations, corporate data are vulnerable. An employee could leak data for their personal benefit, such as customer lists, intellectual property and other business data that could be useful in a future role.
Organisations around the world have become aware of the need to protect their outbound data in transit. This growing demand has resulted in a booming market for DLP solutions, which is expected to reach $2bn by 2012. Protecting data in transit is complicated, even more so when malware is involved, as in the case of “Trojans phoning home”.
The optimal way to prevent data leaking out of the network is the use of a gateway-based web security system. Such solutions consist of dedicated hardware/software platforms. They analyse network traffic to search for unauthorised information transmissions, including IM, FTP, HTTP, and HTTPS.
When selecting a DLP solution, an enterprise needs to focus on the following elements:
● All outbound communications should be analysed in real time and identified by their true content payload, not just by their file extensions. True content type detection capabilities prevent selected file types from leaking out or being downloaded by users.
● Administrators should be able to set policies based on dictionaries/lists containing words or formats (such as customer or employee information with names, addresses, social security numbers and other identity-related information) that should be protected. The solution should also enable lexical analysis and dictionaries/lists for words or formats relating to company-specific sensitive information (eg, intellectual property and financial information).
● Policy-based management is needed to set up and enforce granular rules per specific user or per user group (eg, sales, marketing, R&D, finance, legal).
● The ability to set up compliance lists for PCI, HIPAA, GLBA, Sarbanes-Oxley, CISP, FISMA, governmental regulations, etc is needed, especially for publicly-traded companies, financial institutions, and healthcare providers.
Many enterprises are looking for DLP as an integral part of their web security solution, rather than standalone DLP systems. This enables administrators to turn features on and off, deploy security features in stages and disable superfluous functions. This type of integrated DLP solution prevents intentional and unintentional data leakage with low cost of ownership.