What Can Data Loss Prevention Do For Your Business?Understanding the Values of DLPData Loss Prevention (DLP) has evolved in both name and technology. Regardless if you call it data leakage, content monitoring and filtering, or the latest, most widely recognized name of data loss prevention, DLP is here to stay - the debate is what and how. DLP comes in three different forms: in-motion, at-rest and in-use. All three forms have technically evolved at approximately the same pace, but have certainly not evolved equally with regards to costs, complexity, how and when to use, or the ongoing administration. Like any new technology and approach that addresses business processes, compliance and privacy, DLP can be viewed as either a tool or as a standalone product. For large enterprises, DLP for all three forms (standalone product) is possible, albeit expensive. However, for most organizations, deploying all three forms of DLP is too costly, which is why it is important to understand the risk levels and ROI of the three forms of DLP if your organization does not have massive budgets and personnel for this type of solution. Based on recent events, customer deployments and analyst research, DLP has migrated from a standalone product (all three forms) that affected the entire enterprise, computing systems and business processes to one of a tool that is used to accelerate business, protect the organization and ensure privacy. Therefore, it is vital that an organization understands the differences with data-in-motion, data-at-rest and data-in-use DLP. Data-at-rest and data-in-use is a paradox. They present the least amount of risk to a business from a big picture perspective, yet they have the most complexity and costs. Data loss prevention for in-use and at-rest has value for organizations that want or need to protect content or data from being altered or used criminally - but the question is how, given the cost and complexity of these DLP forms. These two forms of DLP require agents or client software that resides on employees' computers, databases and any other system that stores or presents data (or content). Because of this wide and diverse technology spectrum, few viable vendors can provide these two forms of DLP, and, almost without exception; they are pure play or dedicated data loss prevention vendors. The problem many organizations struggle with for data-at-rest and data-in-use loss prevention is the cost, requiring significant investment from the organization, both initially and ongoing. My belief is that organizations that do not have the resources, both budgets and people, should investigate protecting these areas of the business end-points with encryption. File, disk or folder encryption is quickly becoming a substitute or companion for these two DLP forms because these forms of encryption can lock out thieves, protect against lost or stolen equipment, and regulate access rights. Although these are not truly DLP values, they supplement the need by reducing much of the risk. The reasons these forms introduce the least amount of risk versus data-in-motion is due to the size of exposure… look at the problem from this regard; how many people have access, frequency, potential exposure leak, likelihood, and cost. Which, to save you time, is far, far less risk than data-in-motion. Data-at-rest and data-in-use simply do not have the same exposure level as data-in-motion, which takes into account everyone that has email and access to the Web - which is almost everyone in a company. Data losses or leakage occurs in every organization either unintentionally or maliciously. The mediums for content to escape the grasp of the IT Department are vast with the explosive growth and use of wikis, blogs, pop mail, and social networks; not to mention email which is the largest violation medium. This becomes a significant problem and risk as organizations are managing the ever-expanding spectrum of government regulations, company privacy concerns with such issues as HR, legal and intellectual property, and general confidential information of the business. It is well documented how compliance violations, unauthorized data losses and privacy leaks cost organizations money and time. Data-in-motion is well defined, inexpensive and requires little ongoing administration - IF it is modeled as a tool. For this form of DLP to be a useful tool in any sized organization, it must do the following:
Data-in-motion represents the highest degree of risk, but is the least costly. Regardless of your type of business or industry, every organization has content to secure and data that can leak out in email and Web messaging. BorderWare Data Loss Prevention enables enterprises to prevent the loss, leakage or exposure of sensitive, restricted, and inappropriate content across multiple messaging and Web channels that account for almost all data leakage violations. BorderWare Data Loss Prevention is used to successfully secure, monitor, record, quarantine, and block data-in-motion over multiple protocols providing an extensive risk management and policy enforcement boundary. By developing the solution within the BorderWare Security Platform, DLP is consolidated for a single view for managing policies, protecting both email and Web, and reporting across email and Web messaging. Unique to the BorderWare Data Loss Prevention is the architecture that enables knowledge-based structuring of content. With the knowledge-based system, the solution's framework dynamically learns from the content passed through the BorderWare Data Loss Prevention engine to make more accurate decisions, faster. With BorderWare Data Loss Prevention, your organization can protect itself against data-in-motion losses and leaks. In order to provide a solution that is a tool and not a monolithic standalone product, BorderWare integrates DLP into the BorderWare Security Platform for inspection, discovery and remediation of outbound content and messaging. The result is an automatic, instant-on solution that can block, quarantine, allow, encrypt or reroute content. Included with BorderWare Data Loss Prevention are the predefined dictionaries for HIPAA, PCI, GLBA and other regulations that you can use, modify or create your own for the policy management. Shawn Eldridge |
