In the last newsletter we began a conversation with Corey Nachreiner, WatchGuard Senior Security Analyst, concerning some points in their "2010 Security Predictions," available at http://www.webtorials.com/content/2010/02/2010-security.html.
This time we want to go a bit further on the prediction that "sensitive data is our most important asset, yet we tend to spend more time securing our applications, servers and environments than protecting the actual data itself. This will change in 2010 as technologies that directly protect data – things like local hard drive encryption and DLP (data loss prevention) solutions – are more frequently adopted by SMBs."
Corey elaborated, "That's a somewhat difficult question to answer, since there really is no really good industry standard definition of what DLP is (IMHO)... but I'll give you my two cents. As you know, DLP stands for either Data Loss Prevention, or Data Leakage Prevention. Those two terms sound similar, but have slightly different meanings.
"In general, Data Loss Prevention is the practice identifying and tracking your sensitive data; making sure that only those that are authorized to handle that data can access it; and making sure your sensitive data doesn't leak outside those authorized users.
"Nowadays, however, many different vendors use the term DLP to describe various technical solutions that try to provide different aspects of the practices I mentioned above. The problem, there are many different aspects of DLP, including finding your sensitive data, controlling who has authorization to handle it, auditing when ppl audit or change it, tracking the data at rest, in use, and in motion, etc...
"I've personally never met a DLP solution that does all of that on its own, so whenever someone says they have a DLP solution, it's sometimes hard to understand what that really is.
"However, the second term I mentioned -- Data Leakage Protection -- tends to have a more specific definition, so it's easier to understand. Data Leakage Protection is monitoring and preventing sensitive data from leaving your perimeter. In this case, DLP solutions are only worried about your data passing some sort of perimeter gateway devices, usually via e-mail, web 2.0 applications (like html e-mail), and IM. So Data Leakage Protection is primarily about data in motion.
"I do think the definition of DLP, and the many different technological controls that are starting to come out to help us keep track of our data, will evolve quickly in the coming years. Since some many bad guys are clearly stealing our data, we will spend more time protecting it directly, rather than just protecting the 'containers' that hold our data."
Many thanks to Corey for these insightful comments in the "virtual interview." For more comments and/or to join the discussion, please visit here.