Jan 15 2009
Okay, it’s not really a movie, but it is a video on data leak prevention aka DLP. I was recently invited down to the Demos on Demand studios just south of San Francisco to discuss this topic and several others with my friends Richard “ThreatChaos” Stiennon, Mike “Episteme” Murray and Amrit “TechBuddah” Williams. Mike, Amrit and I were in the studio while Richard was in his home studio somewhere far east of California. Rich “Securosis” Mogull opens the discussion with some thoughts of his own, but his portion had been recorded much earlier and the rest of us got to argue against him without any chance of rebuttal.
I like the idea of DLP, but I see it as another one of those really complicated technologies that has a very high likelyhood of becoming shelfware in many enterprises. It requires a deep understanding of the data that’s being used in the business and constant care or it’s worse than useless. Without that understanding of what’s valuable to your organization and what’s not, it can easily provide you with a false sense of security, which is worse in many ways to knowing your unsecure.
That being said, I really like the ideals behind DLP and in a company where its put in place for a specific purpose, it can be a great thing. In the security world I inhabit, i.e. PCI, DLP is something many companies could put to good use in finding and classifying cardholder information. Credit card numbers are easily understood and detected by DLP software and many companies will be very surprised at some of the places they’d find CCN’s if they’d just look. But credit cards are a very small subset of the information out there and not something every business has to deal with.
If you’re planning on putting in a data leak prevention solution or already in the process, just remember ‘the devil’s in the details’. You have to work with the business units and understand what’s valuable to your business and why. Very few businesses want to alert on every piece of information that’s flowing out of their business. Usually there are one or two types of information that are important and that’s what you need to concentrate on.
We recorded several of these discussion at the same time, so there should be a few more coming out soon.