Contact Us




Change Locale

What is it that you want to protect from data loss the most?

From the experts | Posted on December 16, 2011 by Stephen Perciballi

This can be a very difficult question.  A question that has created many products and solutions (inside and outside of IT…think insurance.)  Other than the people, the most critical asset we have in most organizations is the information.  If it were not for that information we wouldn’t need all of the switches, routers, servers, and storage.  If we aren’t protecting the data that we value most as a starting point then what are we doing?

DLP (Data Loss Prevention) has been one of the dirtiest words over the last ten years.  It may be even considered worse than cloud, at least in security circles.  What made this term so unpalatable is the fact that it somewhat implies that without these solutions branded Data Loss/Leakage Prevention that we are losing and leaking data.  It implies that these solutions are the silver bullet.  The end all to be all.  Obviously marketing gone wild.  There is definitely some merit in this though.  And applied correctly with other technologies can actually provide a fantastic last line of defense, which used to be endpoint anti-virus.

If the attack traffic got through the firewall, then the Network Intrusion Prevention System, then hopefully the endpoint anti-virus software would pick it up.  But what happens when it doesn’t?  What happens when the system has been compromised without detecting for a while.  This is where the data starts to get pulled out of the network, or exfiltrated.

Assuming there is a compromise, let’s delve into our solutions that make up a DLP strategy and provide some examples of when each of them is used.  Ideally you’ll find which of these following solutions fit best in your environment today.

Network DLP – There are various forms of Network DLP.  The idea is to monitor and protect data at the egress points of the network.  The Network DLP solutions are very good at monitoring for structured data like credit card numbers, social insurance, and social security numbers.  They can also monitor for things like invoice numbers, or CAD drawings that you only want to go to certain places.  There is no agent required on the endpoints so that if a guest or partner manages to get access to data they will not be able to send it out of the network.  For organizations that tightly restrict egress traffic on the firewall to permit outgoing email and web traffic only, you may be able to leverage existing infrastructure to get these results.  Many Web Security Gateways and Mail Security Gateways have had DLP features added to them.  If the egress traffic is not closely restricted and/or your gateway solutions do not have DLP functionality then a Network DLP solution is going to be the best fit for you.  Network DLP can be the easiest first step in a DLP program.

Host DLP – Host DLP works in a very similar way that Network DLP does.  It will monitor for data of a certain type that is trying to be moved in a certain way and prevent it from moving as required.  The real value in deploying an endpoint agent is on mobile devices.  When your corporate laptops leave the physical network and move to a coffee shop all of the restrictions in place for Network DLP will not apply.  It is even more important to monitor mobile devices for Data Loss since they will often connect to much more volatile network access points that will not offer them as much network layered protection as your corporate network.

Full Disk Encryption – Full Disk Encryption has been around for quite a while now and has matured a lot.  We fold this solution into a DLP strategy and would focus primarily on the mobile devices.  If a corporate laptop is removed from the facility (on purpose or stolen) it is at further risk of being lost or stolen outside of the environment.  If an intruder does not know the Operating System credentials they can easily remove the disk and plug it into a computer and view the files as easily as plugging in a USB key.  With Full Disk Encryption the entire disk is encrypted until the user enters their credentials.  The administrators can use unique credentials just for this purpose or they can integrate other systems such as Active Directory or Two-Factor Authentication.  If an intruder removes the disk and plugs it into the new system they will not be able to read the contents no matter what they are.

Fully Encrypted USB Keys – There a couple of benefits to using Fully Encrypted USB Keys.  The first is that any data copied from any computer to the key is encrypted all the time.  So if someone finds or steals a key they will not be able to access the data until they authenticate.  The other main benefit is that with Host DLP you can control that writing to USB can only be accomplished when the user plugs in a certain type of Fully Encrypted USB key.  You may allow them to copy pictures or music files from the PC to any key, but when it comes to Health Care or CAD drawings they must use an encrypted key.

Contact your Softchoice representative and we can help you answer the question ‘What data do we need to protect?’.  Our Data Loss Prevention Assessment services can help do just that.

Related Posts

Desktop virtualization: look before you leap At a recent Softchoice-hosted conference in Toronto, customers turned up in droves to learn about one thing – the virtual desktop. If the popularity of this event signals o...
Virtual storage capacity management: an admin’s worst nightmare? Most hear “server virtualization” and think: efficiency, ease of management, high availability and flexibility. But these benefits – the aim of sound IT planning – really only...
Are your growing storage needs threatened by the flood? The Impact of Thailand Flooding on Enterprise Storage Most IT professionals are aware that recent flooding in Thailand has had an impact on the Hard Disk Drive manufacturin...

Related Articles

There is no doubt artificial intelligence (AI) is one of the most hyped technology trends of the past few years. From automating repetitive tasks to supporting better business decisions with machine learning, 80 percent of businesses are already using AI. But just because something is popular, doesn’t mean it’s easy to pull off.

In 2019, Softchoice’s Innovation Executive Forum (IEF) is touring North American cities once again – learning first-hand how IT leaders are driving transformation and delivering outcomes in their organizations. To share these insights with you, we’re launching a new blog series. We will be posting regular summaries of the discussions that take place during these […]

Culture | July 5, 2019 by Alex Macks

As an organization that strives towards gender balance, Softchoice took part in a recent weeklong boot camp for women in tech sales in partnership with Talent Minded and The Revenue U.