Published Friday, December 03, 2010 7:07 by Dave Meizlik

So in my previous two posts we talked a little about the ramifications and risks that this incident has brought to light within your business.  Now I’d like to speak on a practical level, things you can do to prevent just this sort of thing from happening to you.

It may come as a surprise to some that legacy controls aren't enough.  And, as this incident showed, it's not just email that data is being lost through: the Web is four times more likely, and USB is a large vector too.  However, a myopic approach to solving the problem can be dangerous. Shutting down access - a natural, gut reaction - will only create more obstacles and impede an organizations ability to operate at their peak capacity.

Now, I’m a realist. Every vendor is going to jump up and say, "You need my technology to solve this problem." The difference is that lots of organizations are already using Websense DLP to protect themselves, including businesses like Cellcom, Zim Shipping and Reliance Capital, while legacy systems are failing. Let’s look at this situation analytically and see how legacy security controls map to this type of data theft:

• Access controls: Nope, wouldn’t work. The primary suspect in this case had access.
• Encryption: Maybe, depending on the type, but if he had access he could likely decrypt.
• Data Discovery/Classification: Nope, the data was where and classified as it was supposed to be; a copy was simply made.
• Device control: Maybe, but then how do you stop use of removable media in any organization, let alone the military with all of its volumes of large files (like satellite imagery and videos) and still operate efficiently?
• AV/Firewall/IPS/UTM boxes: Nope, wouldn’t work. There was no malware and this was all completed internally.

The key to protecting these assets and establishing effective security is to keep it simple and map to three primary points:

1.       What is the data you want to protect?

2.       What are your use cases for protecting it (in this case, removable media)?

3.       What is the value to you to protect it (to help determine investment and priority level)?

Remember, not all DLP solutions are created equal, not all will address these needs. In addition, most are too costly and complex, and lead you down an endless path of discovery.  And remember, discovery in this case wouldn't have solved anything.

DLP, like every technology, needs to be mapped to your needs and be applied in a holistic approach to security in order to be effective. But if this incident proved anything, it is that there is a demonstrable incentive for you to investigate your needs and the information you need to protect and begin securing your sensitive assets. 

Let me know what you think about the past few posts. Also, feel free to comment below if you have implemented DLP and want to share your story of determining your needs and successfully protecting data within your organization.  And, of course, if you’re interested in trying out DLP you can download Websense at www.websense.com/DownloadDLP.