The Issues in Data Loss Prevention

Data Loss Prevention Issues

The main objective of data loss prevention or data leak prevention is to ensure that users don’t send sensitive or critical information to persons who are outside the specific network. This term is also commonly used to refer to administrative control software products [DLP] which help in keeping tabs on what users can send. Insider threats and rigorous state privacy laws are the usual driving forces which make the implementation of data leak prevention systems unavoidable for business entities in particular. The software uses business rules to decide what information being transmitted to outsiders is confidential. It tags confidential and critical information. The tools also help to protect the ‘data at rest’.

Issues Relating to Data Loss Prevention

Despite reliable data loss prevention [ DLP] software being implemented and being used religiously, there are many instances of data loss, the sheer magnitude of these leaks can be mind boggling. Many of these losses to an enterprise don’t get reported or highlighted. The following issues need to be dealt with for a DLP implementation to have significant success.

  • The Risk Management or Financial departments or divisions of a corporate entity trigger the implementation of the DLP with approval of the top management. The Information Technology [IT] department or division drives the technology rollout. Mostly senior personnel believe that it is just a matter of plugging in the software and the problems go away. That is not so, since DLP is not about managing data but about managing compliance. The issue is how much involvement is there in the initiative, by personnel from Human Resources, Marketing and other divisions and departments. These departments or divisions must actually be the ones laying down the business rules since it is their data which is being protected. Low level of involvement will lead to poor quality of implementation.
  • More DLP may be getting bought than what is required in the real world scenario. Many of the components don’t get deployed even within a two or three year time frame. All the big investments become wasted resources once there is a data leak or loss. It has also been noticed that DLP is more often than not, used just to monitor the mistakes committed by employees or their misbehavior and not blocking leakages. This may be occurring since the cost of supporting blocking can be too much or the traffic in the network is too high.
  • It is really difficult for a DLP to filter for content when it's encrypted in a way the DLP system doesn't know how to de-crypt, and it can't make sense of content sent as CAD diagrams, graphics, pictures or non-text-based media. There's not a lot of multi-lingual support. Moreover, it is very difficult to formulate business rules for certain sensitive data like intellectual property, which is really a management issue.
  • Merely investing significant money for data loss prevention is not sufficient. The management of organizations must also be more aware of the need to act before the data is lost or stolen and an intense effort must be made to understand the true implications in detail. Preventive action can start off with taking steps like encrypting data or controlling mobile plug and play devices.
  • The real cost is the risk of reputational damage, following a data loss. The media visibility and the accompanying hype of such loss or leakage incidents cannot be controlled. Organizations can suffer damage even where they prove the data breach was not caused by a fault of their own, but a result of malicious activity. Hacking and website attacks remain a greater source of data breaches than either accidental loss or 'insider' breaches. However, the public and stakeholders, especially investors, are unlikely to offer much sympathy in either case.

In all probability as long as companies and government believe it is cheaper to collect information than it is to not collect it, they will keep collecting it. As long as data is collected, there will be people who will lose it, or be willing to break the law to obtain it. Hence, the places where that information is collected will continue to be a target for attackers.

More about: Data, Prevention, Security, Issues

Recommended Posts | Data Loss Prevention

Been Hacked

Have you Been Hacked? Now What?

If your ISP provider notified you that your computer has become part of a zombie botnet, take them seriously. Your computer has been hacked and it is critical that you take evasive actions to protect your data. A virus or other malware that is installed on your computer can now be used to attack ...
Invest in Data Loss Prevention

Care To Invest In Data Loss Prevention

Organizations underestimate the need for the involvement of non-IT units. Prevention against data loss (DLP or "Data Loss Prevention"), normally provided by the manufacturers together with network appliances, continues to be a very expensive technology, which compels organizations to spend big money ...
Protect Your Computer Against the Trojan Horse

Protect Your Computer Against the Trojan Horse

Trojans come in many forms and can perform different actions on your computer or network, including deleting data, copying data, modifying data, blocking data, disrupting computer networks or computers. Trojans are different from viruses and other type of malware because they can’t self-replicate ...
5 ways to prevent data loss

Preventing Data Loss in 5 Easy Ways

If your work is related to storing data and other files, you must have lost important files at least once. The truth is, sometimes we forget to take precautionary measures to protect these important records. But this should not be the case because not only data would be lost, you might also lose ...