I. Background of Data Leakage Prevention

by JUCC ISTF
/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */ 
 
 
Data leakage refers to unauthorised transmission of data from within an organisation to an external destination or recipient. The transmission can be done both electronically and physically and the types of data leaked usually include: 
 
Confidential / Sensitive Information
 
Intellectual property
 
Customer / Student Data
 
Health Records
 
Given today's strict regulatory and legal compliance requirement on intellectual and personal data protection, organisations, including universities, have invested a great deal of time and resources in safeguarding their information from potential unauthorised access and disclosure. Security vendors and researchers also developed various counter measures to fight against data leakage issues, which are collectively known as Data Leakage Prevention (DLP) solutions. A key distinguishing feature of DLP that contrasts with non-DLP security tools, such as data encryption, is deep content analysis based on pre-defined security policies.
 
In general, DLP refers to any systems or tools that identify, monitor, and protect the following type of data:

 
Data in Motion - Any data that is moving through the network to the outside via the Internet. This feature applies to all data 
      transmitted on wire or wirelessly. E.g. Examination results sent to students over the Internet.
 
Data in Use - Data at the endpoints of the network (e.g. data on USB devices, external drivers, MP3 players, laptops, and other highly-
      mobile devices). E.g. Patent information stored on portable hard disks.
 
Data at Rest - Data that resides in files system, databases and other storage methods. E.g. A university's financial data stored on the
      financial application server.
 
In response to the above types of data having exposure to potential leakage problem, specific DLP systems / tools have been engineered to mitigate the risks or detect any security violations: 
  1. Network DLP
    Network DLP is designed to detect any leakage incidents related to data in motion, by detecting if particular important data files are being transferred through universities' networks. This kind of DLP devices usually supports multiple protocols such as HTTP, FTP, P2P and SMTP, and is commonly attached to network equipments (e.g. routers, switches), where all traffic leaving universities' internal network can be captured for inspection.

    Nowadays, most universities have already implemented certain network traffic filtering systems, such as e-mail and web activity monitoring programs, which can achieve part of the functionalities of Network DLP. Some more specialised Network DLP tools include McAfee Network DLP Manager, RSA DLP Network, and Symantec Data Loss Prevention Network series.
     
  2. Endpoint DLP
    Endpoint DLP products are agents or software that usually reside on end user terminals such as mobile devices and laptops. The common use of Endpoint DLP is to prevent users from storing sensitive information on removable media devices such as USB flash drives and CD/ROM discs and to protect against unauthorised transmission of sensitive information when a user is not connected the universities' own networks (e.g. public free Wi-Fi spot). An Endpoint DLP software can also utilise disk encryption, which prevents unauthorsied access to information on a lost or stolen laptop.

    Popular Endpoint DLP products currently on the market include NextLabs Enterprise DLP, Symantec Protection Suite Enterprise and McAfee Host Data Loss Prevention.
     
  3. Embedded DLP
    Universities are also given a less expensive choice to implement "Partial" DLP solutions instead of setting up a comprehensive data leakage management infrastructure. Such solutions are commonly known as Embedded DLP.

    Embedded DLP are planted within specific applications to effectively monitor the data outflows, identify keywords or related patterns belong to sensitive information and block any suspicious data leakage attempts. For instances, scanning and rejecting outgoing e-mails for sensitive keywords or attachments, restricting printing of copyrighted softcopy documents.

    The design and implementation of Embedded DLP can be performed within Universities or acquired from existing security vendors. Cisco's IronPort e-mail security technology provides functionalities to detect sensitive content, patterns or images in a message body or within attachments. Websense Web Security Gateway Solutions incorporated Websense TruWeb DLP capability offers embedded DLP over outbound communications to destinations like web mail and social networks.

Key Benefits Achieved through Data Leakage Prevention

  • Prevent Data Leakage - Preventing accidental or malicious loss of data by insiders (e.g. employees, students and contractors) or outsiders (e.g. hackers) is the main purpose of all DLP solutions. With appropriate implemented DLP mechanism, universities' can control the access to their sensitive data by external parties.
     
  • Reduce Cost of Investigation and Damage to Reputation - Leakage of sensitive data of universities usually means economic loss or damage to the reputation. Implementing DLP solutions within universities' network or information systems can put control over the outflow of sensitive data and thus effectively reduce the risk of unauthorised disclosure. In case when data leakage incidents do occur, DLP tools or software can also assist the investigation by providing useful information on system activity history.
     
  • Facilitate Early Risk Detection and Mitigation - DLP solutions require universities to perform a series of preparation work, including data classification, risk assessment, research on regulatory and privacy requirement, development of policies, standards and procedures for data protection, through which a number of around vulnerabilities of data leakage can be noticed within management radar and makes early mitigation possible.
     
  • Increase Comfort Level of Senior Management - Data leakage is one of the most critical issues facing universities' senior management because various sensitive data is stored and processed by universities' information systems, such as student / employee records, confidential research data and patent. Universities must properly secure such information to comply with regulatory and legal requirement, maintain competitive advantage and protect their reputation. Where DLP controls are implemented and operating effectively, senior management is able to concentrate on other critical issues.
Statistical Report

Data leakage prevention growing 10 percent annually

According to a recent report from Network World, data leakage prevention is currently growing at 10 percent a year. While this figure is lower than what many experts anticipated, it still represents one of the better percentages among security technologies. Companies looking to remain compliant with regulatory authorities requirements have been fuelling the increase in the technology's adoption.