in my previous two posts we talked a little about the ramifications and risks
that this incident has brought to light within your business. Now I’d like to speak on a practical level,
things you can do to prevent just this sort of thing from happening to you.
may come as a surprise to some that legacy controls aren't enough. And,
as this incident showed, it's not just email that data is being lost through: the Web is four times more
likely, and USB is a large vector too. However, a myopic approach
to solving the problem can be dangerous. Shutting down access - a natural, gut
reaction - will only create more obstacles and impede an organizations ability
to operate at their peak capacity.
Now, I’m a realist. Every vendor is going to jump up and say,
"You need my technology to solve this problem." The difference is
that lots of organizations are already using Websense DLP to protect themselves,
including businesses like Cellcom, Zim Shipping and Reliance Capital, while legacy
systems are failing. Let’s look at this situation analytically and see how
legacy security controls map to this type of data theft:
- Access controls: Nope,
wouldn’t work. The primary suspect in this case had
- Encryption: Maybe, depending
on the type, but if he had access he could likely decrypt.
- Data Discovery/Classification:
Nope, the data was where and classified as it was supposed to be; a copy
was simply made.
- Device control: Maybe,
but then how do you stop use of removable media in any organization, let
alone the military with all of its volumes of large files (like satellite
imagery and videos) and still operate efficiently?
boxes: Nope, wouldn’t work. There was no malware and this was all completed
The key to protecting these assets and establishing effective
security is to keep it simple and map to three primary points:
What is the data you want to protect?
What are your use cases for protecting it (in this case, removable
What is the value to you to protect it (to help determine
investment and priority level)?
Remember, not all DLP solutions are created equal, not all will
address these needs. In addition, most are too costly and complex, and lead you
down an endless path of discovery. And remember, discovery in this case
wouldn't have solved anything.
DLP, like every technology, needs to be mapped to your needs and
be applied in a holistic approach to security in order to be effective. But if
this incident proved anything, it is that there is a demonstrable incentive for
you to investigate your needs and the information you need to protect and begin
securing your sensitive assets.
Let me know what you think about the past few posts. Also, feel
free to comment below if you have implemented DLP and want to share your story
of determining your needs and successfully protecting data within your
organization. And, of course, if you’re
interested in trying out DLP you can download Websense at