Enterprise Briefing

 

 

The cost of data breaches is rising, according to a study by security analysts the Ponemon Institute. In 2007, the average breach cost the company $6.3 million, compared to $4.8 million in 2006. The report looked at the result of 35 actual data breaches experienced by US companies in 2007. Per compromised customer record, the cost was $197 compared to $182 in 2006, with the biggest factor in the increase being that of lost business opportunity. According to the Privacy Rights Clearinghouse more than 215 million individual records have been lost since January 2005.

 

What's frustrating for companies is that these breaches are happening despite increasing investment in security. Gartner has estimated that the $9 billion global security software market is still increasing at 10% a year. The problem is that much of this investment is being made in perimeter security, which is designed to keep criminals out. However, the overwhelming majority of data security breaches are not perpetrated by hackers or malicious employees, they are mistakes made by employees following poorly-defined business processes.

 

"Companies have been focusing on protecting the perimeter, but employees are having to deliver sensitive information across an increasingly blurred edge," says Gil Litvin, EMEA Regional Manager, Data Security Group, at security company RSA. "Perimeter security is no longer enough, you need to protect the information." 

 

The key to preventing data breaches is an information-centric security strategy that allows companies to identify where their confidential information is, how it is being used and to where it is being sent. Data loss prevention (DLP) tools are vital in allowing companies to identify and monitor data, and therefore enforce their security policy.

 

 

There are four key components to DLP tools. The first is the ability to monitor and discover information across the entire IT infrastructure, whether the data is at rest, in motion or in use. Because data breaches can happen anywhere, agents need to reside on end-points, such as laptops, at network gateways and in the data centre. The web is rapidly becoming the number one source of data leakage and companies urgently need to deal with the impact of Web 2.0 and user-created content.

 

DLP tools employ software agents that use sophisticated language detection and fingerprinting techniques to identify any confidential information. This can range from credit card numbers to company intellectual property. Because company data is dynamic, this process needs to be ongoing, with agents tracking the changing security status of a document, for example.

 

The second is a central policy engine that is focused on information and its use, such as what regulations apply to companies in certain sectors. The policy engine is responsible for identifying potential breaches and initiating any action, whether that be to block the data or to warn the user. In most cases simply flagging up the potential breach to the user is enough.

 

The DLP tool will typically contain templates that allow companies to quickly determine what data they need to protect and how they should handle it. For example, certain data protection laws forbid data from leaving the country, or the company's security policy might forbid customer data from leaving the company unencrypted.

 

The third component is the enforcement mechanism, and in many cases the DLP tool will simply need to integrate with existing security tools. For example, DLP could flag up that customer data is being sent out, alert the user that it is unencrypted and then send the data to the encryption engine to meet the security policy's requirements, or perhaps use the firewall to completely block the traffic. The final component is a management and reporting engine that allows companies to track any suspicious behavior or prove compliance to regulator authorities.

 

An information-centric security strategy supported by DLP is essential for companies looking to stamp out data leakage and it can actually help companies drive down the cost of security. By managing information and applying relevant controls linked to risk, companies can address the root causes of data loss, and invest their security budgets in areas that protect the confidentiality, integrity and availability of information.