Various laws and regulations, plus good business practice, make it imperative for businesses to protect sensitive data, such as a customer’s Social Security number. But achieving that objective can be difficult.
One challenge has been that many organizations don’t know where their most sensitive data resides within the network. Another is that once an employee accesses data, there are relatively few existing solutions to prevent that employee from sending it through unsecured e-mail or downloading it onto an unprotected USB stick, making it easy to steal or lose.
But one solution, called data loss prevention (DLP), is gaining
acceptance. DLP’s precise definition can vary slightly. In the past, some saw it mainly as technology that scanned for sensitive data across an organization, including in servers, file sharing programs, desktops, and laptops. Others saw it primarily as a solution that could block or automatically encrypt information. Increasingly, though, it’s seen as a combination of the above—and then some.
In the past few years, the products have gotten better at detecting content. Most solutions have traditionally scanned for personally identifiable information (PII), which refers to data such as Social Security numbers, credit card numbers, driver’s license numbers, and birth dates. Newer algorithms are generating fewer false positives and enabling companies to search for ever-expanding types of data. They can spot language referring to subjects such as intellectual property, racism, or sexual harassment, for example.
Customers can set DLP products to search for data based on regulations or laws. At least one vendor, RSA, the security unit of Hopkinton, Massachusetts-based EMC Corp., lets customers scan for California driver’s license information.
DLP can be seen as a more sophisticated, next-generation version of Enterprise Digital Rights Management (EDRM). The latter typically involves a common file server. Individual employees can “lock” documents or applications, usually with a user name and password. But the reliance on employees to take that extra step has been one of EDRM’s chief weaknesses, says Scott Crawford, a research director at the IT consulting firm Enterprise Management Associates (EMA) of Boulder, Colorado. Some vendors are considering coupling the two solutions, providing EDRM with automation and a more centralized administration.
Vendors are also increasingly bundling endpoint protection into their broader DLP suite solutions. Such technology can keep employees from copying sensitive data onto removable media.
Aside from DLP, another relatively common business use for scanning technology is for purposes of e-discovery, related to legal matters. Another use is for life-cycle management, which frequently involves shifting data among locations, often into storage.
Most DLP customers have been mid- and large-sized companies. But small organizations are starting to look at the technology, says Crawford.
Among the sectors taking this approach are healthcare and financial services. The solutions are also becoming more popular in educational institutions, which typically hold large amounts of sensitive student data.
Following is a look at how two companies phased in different DLP solutions. Their experiences illustrate what is entailed in adopting this approach
No comments:
Post a Comment