FRAMINGHAM, 22 JULY 2009 - You may wonder if DLP is the updated version of RUN-DMC, but what it really stands for is Data Loss Prevention. Some call it “Data Leak Prevention” to emphasize that important company data often “leaks” away through no malicious action. But as compliance regulations like HIPAA, PCI-DSS, and FRCP multiply like acronym rabbits, more and more companies must take steps to stop data from leaving their business, whether it's lost, leaked or stolen.
Huge companies struggle to deal with the size of this problem, and they have full IT staffs and money for security issues like this. Yet the DLP market remains small because of the complexity of the issue and the sizable cost and time required to keep files from leaving any exit point. Is there hope for smaller businesses that don't have full IT staffs and full security budgets? Of course. There's always hope, even when it's hidden under hard work.
The DLP group at Symantec hosted a training session for me and a few others not long ago in San Francisco. They understand this is a hard issue to get a grip on, and they've helpfully reduced the core issues to three bullet points. First, where is your confidential data? Second, how is it being used? Finally, how best to prevent its loss? Succinctly, the process is Discover, Monitor, and Protect.
Three little words, Discover, Monitor, and Protect, don't sound too bad, do they? Yet few companies, even the huge ones, really know where all their confidential data files are hidden in the various storage lockers on individual computers and file servers.
Once you inventory your sensitive data, such as customer Social Security Numbers or credit card information, you have to watch who uses that data and how they use it. Finally, you have to prevent intentional and accidental loss of those files. That means monitoring every USB port on every computer with access to sensitive files, and finding a way to block e-mails with critical files attached, or even information copied inside the body of the message.
Like all security functions, every file and every user must be monitored. That's a big job, and requires hardware support on the network, and software active on every personal computer. You shouldn't be surprised that systems like this come with six figure price tags, although a new company claims to cut that by more than half.
Sign up for Computerworld eNewsletters.