Unlike many other security technologies, DLP is focussed on the internal mishandling of an organisation’s information. Other areas of security have at least some aspect of external threat management. DLP looks at what ‘authorised’ users are doing with data and how to prevent the inadvertent or malicious distribution outside an intended circle of users.
The security risk posed by Data Leakage is much greater than many people realise. Studies show that organisations are more likely to suffer exposure of data to unauthorised persons because of data leakage than any other security breach. The reason for this is that data leakage is generally initiated by an authorised person who unintentionally puts data in the public domain.
The most common data leak is through email, although Web, FTP and Instant Messaging protocols are also commonly guilty. A classic scenario is where someone in Human Resources runs out of time during the working week to finish their reports, and therefore emails them to their Hotmail account for completion at home. This may break many written company policies, but in many cases is not technically controlled.
Data Leakage products work by categorising an organisation’s data and putting agents at the exit points of a network to enforce policy based controls. Policies can be applied to physical output, such as printing and removable media, in addition to data flows such as those mentioned earlier.
Data Connect provide independent help and advice on deploying Data Leakage solutions, and work with market leading suppliers to ensure that the best fit for each client requirement is met. We are always mindful of the true cost of Data Leakage to a specific client, and tailor any recommendations appropriately.