The problem of data loss

Phil Vasic, ANZ Country Manager, Websense

Today’s security professionals in regulated industries face a daunting challenge in protecting the organisation’s most valuable asset: its information. Over the past few years IT departments have invested heavily to protect against breaches that compromise IT and information assets, however, their efforts have been focused on preventing outsiders from hacking into the organisation, not securing the company and information from insider threats.

Insider threats are not always malicious events or done with malicious intent. In fact, according to most industry analysts today, the majority of all leaks are the result of unintentional data loss from employees and partners.

Perhaps unwittingly by using Web-based email or instant messaging services, employees are circumventing the security precautions put in place by their companies. A recent independent survey of European small and medium sized businesses commissioned by Websense found that 63 percent of employees in the UK had sent work documents to their personal email accounts to work on them from home. This is a classic example of where honest employees could unintentionally leak sensitive information completely by accident, simply by sending an attachment containing confidential data and risking it falling into the wrong hands.

The high cost of a breach

The high cost of a breach can have a profound effect on organisation’s P&L, market presence, and competitive advantage as a result of damage to brand and reputation, and loss of customers and intellectual property (IP). The average information leak costs organisations around US$182 per record, according to the Ponemon Institute, averaging roughly US$4,800,000 per breach. That number doesn’t take into account the longer term affects of breach to an organisation that come from other cost factors including litigation or the loss of customer and investor confidence.

Organisations in industries such as financial services, healthcare, and government face additional challenges beyond the high cost of a breach. They must adhere to stringent industry and government regulations, which mandate the security of private or confidential information.

Information leaks don’t encompass only the loss of personally identifiable information. Financial services, healthcare, and government organisations must also consider the security of confidential information, such as IP, merger and acquisition plans, and other critical assets that are strategic to the competitive advantage of the organisation.

Addressing the problem with Data Loss Prevention solutions
To address the growing problem of data breaches and loss of information, many organisations are turning to their solution providers to help them implement a data loss prevention (DLP) solution, which is designed to discover, monitor, and protect information.

Unlike traditional threat based blocking solutions that restrict access to resources or control applications or communication channels, DLP solutions are designed to understand and enable policies for the information and the data itself. This allows the organisation to focus on protecting its unique sensitive information from unintentional or malicious leaks.

DLP solutions discover data throughout the network – on servers and endpoints – to provide organisations with the intelligence necessary to effectively design and implement content enforcement policies. They also monitor data at rest, in use, or in motion, providing complete coverage of business communications, both external and internal.

With a DLP solution, an organisation can monitor email, printers, http/s, instant messaging, and a variety of other commonly used protocols to discover where information is transmitted and by whom, and audit business processes to increase efficiencies, redefine policies and workflows, and reduce the risk of a leak.

DLP solutions use policy-based enforcement to protect data in use and in motion with pre-defined automated enforcement capabilities. Organisations can leverage policy design wizards to block, encrypt, quarantine, notify, and/or remediate an infraction. This flexibility allows administrators to create more efficient information workflows that map to internal business processes (e.g. a manager and/or content owner can approve/deny a subordinate request to send data, and/or receive a notification following a breach).

Work with a solution provider to implement the right technology

Implementing a DLP solution requires an investment in time, money, and training. To ensure the success of the project, organisations should solicit the advice and support of certified solution providers, which are trained and experienced in recommending and deploying leak prevention solutions.

Successful deployments require the integration of the technology with business processes – a feat which requires time and expertise to avoid disrupting the core business. Solution providers can help overcome these and other obstacles by providing valuable services, including risk assessment, policy and compliance management and auditing, deployment, and employee training. The following chart provides a checklist of the features a DLP solution should include:

-Vendor Evaluation Chart

-Feature and functionality

-Content aware technology

-Accurate identification and classification

-Multiple detection methods

-Low number of false positives

-Comprehensive coverage

-Discovery, monitoring, and prevention for data in motion, at rest, and in use

-Protection against accidental, intentional, and malicious leaks

-Data and meta data protection for documents and databases

-Simplicity and management

-Integrated solution (reporting, discovery, monitoring, and enforcement)

-Deployment time and required administration

-Integration with complementary technologies and infrastructure

-Pre-built policy templates (including regulations)

-Scalable solution with both user and data policy management

-Vendor viability

-Established, recognised leader in content security industry

-Global support and continued investment in R&D

For value-added partners, ultimately, when deploying a DLP solution at a customer’s site, it’s important to consider the requirements of the organisation, taking into account such variables as the type of information being protected, communication technologies in use. Data loss is a problem that affects the entire organisation and not just IT.

Human resources, legal, accounting, finance, and other business units are often involved in the purchase, if not the implementation of a loss prevention solution. When evaluating solutions it is important to consider requirements specific to the customer and their existing architecture.