Contact Us




Change Locale

What is it that you want to protect from data loss the most?

From the experts | Posted on December 16, 2011 by Stephen Perciballi

This can be a very difficult question.  A question that has created many products and solutions (inside and outside of IT…think insurance.)  Other than the people, the most critical asset we have in most organizations is the information.  If it were not for that information we wouldn’t need all of the switches, routers, servers, and storage.  If we aren’t protecting the data that we value most as a starting point then what are we doing?

DLP (Data Loss Prevention) has been one of the dirtiest words over the last ten years.  It may be even considered worse than cloud, at least in security circles.  What made this term so unpalatable is the fact that it somewhat implies that without these solutions branded Data Loss/Leakage Prevention that we are losing and leaking data.  It implies that these solutions are the silver bullet.  The end all to be all.  Obviously marketing gone wild.  There is definitely some merit in this though.  And applied correctly with other technologies can actually provide a fantastic last line of defense, which used to be endpoint anti-virus.

If the attack traffic got through the firewall, then the Network Intrusion Prevention System, then hopefully the endpoint anti-virus software would pick it up.  But what happens when it doesn’t?  What happens when the system has been compromised without detecting for a while.  This is where the data starts to get pulled out of the network, or exfiltrated.

Assuming there is a compromise, let’s delve into our solutions that make up a DLP strategy and provide some examples of when each of them is used.  Ideally you’ll find which of these following solutions fit best in your environment today.

Network DLP – There are various forms of Network DLP.  The idea is to monitor and protect data at the egress points of the network.  The Network DLP solutions are very good at monitoring for structured data like credit card numbers, social insurance, and social security numbers.  They can also monitor for things like invoice numbers, or CAD drawings that you only want to go to certain places.  There is no agent required on the endpoints so that if a guest or partner manages to get access to data they will not be able to send it out of the network.  For organizations that tightly restrict egress traffic on the firewall to permit outgoing email and web traffic only, you may be able to leverage existing infrastructure to get these results.  Many Web Security Gateways and Mail Security Gateways have had DLP features added to them.  If the egress traffic is not closely restricted and/or your gateway solutions do not have DLP functionality then a Network DLP solution is going to be the best fit for you.  Network DLP can be the easiest first step in a DLP program.

Host DLP – Host DLP works in a very similar way that Network DLP does.  It will monitor for data of a certain type that is trying to be moved in a certain way and prevent it from moving as required.  The real value in deploying an endpoint agent is on mobile devices.  When your corporate laptops leave the physical network and move to a coffee shop all of the restrictions in place for Network DLP will not apply.  It is even more important to monitor mobile devices for Data Loss since they will often connect to much more volatile network access points that will not offer them as much network layered protection as your corporate network.

Full Disk Encryption – Full Disk Encryption has been around for quite a while now and has matured a lot.  We fold this solution into a DLP strategy and would focus primarily on the mobile devices.  If a corporate laptop is removed from the facility (on purpose or stolen) it is at further risk of being lost or stolen outside of the environment.  If an intruder does not know the Operating System credentials they can easily remove the disk and plug it into a computer and view the files as easily as plugging in a USB key.  With Full Disk Encryption the entire disk is encrypted until the user enters their credentials.  The administrators can use unique credentials just for this purpose or they can integrate other systems such as Active Directory or Two-Factor Authentication.  If an intruder removes the disk and plugs it into the new system they will not be able to read the contents no matter what they are.

Fully Encrypted USB Keys – There a couple of benefits to using Fully Encrypted USB Keys.  The first is that any data copied from any computer to the key is encrypted all the time.  So if someone finds or steals a key they will not be able to access the data until they authenticate.  The other main benefit is that with Host DLP you can control that writing to USB can only be accomplished when the user plugs in a certain type of Fully Encrypted USB key.  You may allow them to copy pictures or music files from the PC to any key, but when it comes to Health Care or CAD drawings they must use an encrypted key.

Contact your Softchoice representative and we can help you answer the question ‘What data do we need to protect?’.  Our Data Loss Prevention Assessment services can help do just that.

Related Posts

The Advantages of Virtualizing Mission-Critical Applications “Mission-critical” means that reliability can’t be compromised. The applications on which business users rely every day to generate revenue, service clients and keep the compa...
Mastering the BYOD Balancing Act: The Softchoice Journey It's funny how things evolve so quickly. Just a few years ago, the thought of employees using their own phones or laptops for work at work was unthinkable. But as the c...
Client Virtualization As A Strategy To Support BYOD One approach to support multiple devices in a manageable and secure fashion is to leverage client virtualization. Our Softchoice Advisor Team asked Jon White, Solutions Ar...

Related Articles

Innovation Executive Forum | November 19, 2019 by Disha Shah

Softchoice’s Innovation Executive Forum (IEF) is touring North American cities once again – learning first-hand how IT leaders are driving transformation and delivering outcomes in their organizations. In this second post of the Digital Transformation Trends series, we bring you the key insights from our events in Houston, Los Angeles, and New York City.

Innovation Executive Forum | November 19, 2019 by Disha Shah

When the leadership of Telenor, a Norwegian telecommunications company, wanted to improve collaboration between sales and the rest of the company, they went for an unconventional solution: Coffee.

Uncategorized | November 14, 2019 by Alex Macks

We connected with Vivian Wei, a student within the Human Resources Post Graduate Program at Humber College and asked her about her current Co-op placement.  She shared with us how the workplace culture at Softchoice has helped shape her overall co-op experience.