Reflections on the topic of DLP
Different people interpret the abbreviation DLP in different ways. Someone decrypts it as Data Loss Protection, someone like Data Leak Prevention may have some more decryption, but the point is to protect corporate information from leaks outside the organization.
From my own experience, which is not true in the last resort :-), I can divide existing products into two classes:
1. products based on fingerprints / impressions (fingerprint)
2. products based on morphological analysis
it is clear that each product contains both approaches, but one is dominant.
For example, the class of products based on prints / nuggets include products such as Symantec Vontu, Websense Data Security Suit; a class of products based on morphological analysis includes such a product as Infowatch.
Each approach has its pros and cons:
The first class of products (based on prints) has a short implementation time and can be put into commercial operation almost immediately after installation, but this approach requires centralization and clear structuring of information storage in the organization, which is a rarity even for confidential information .
The second class of products is more difficult to install and configure, and it takes considerable time to implement it, however, in this case, the structuring of information is not required, which in my opinion is a very big plus.
')
And now the actual reflections:
Communicating with the employees of vendor companies that are engaged in the development of DLP solutions, pay attention to the positioning of these very solutions: “Our product allows you to prevent INCIDENTAL leaks of confidential information.” I was thinking about the accidental leakage of confidential information. In my opinion, if a person works with confidential information, then he should be very attentive and he should not have SUCH accidents. And even if SUCH an accident has occurred, it is necessary to assess what the damage from this accident is. And in each company, probably, only 1-2% of employees have access to information, the leakage of which really can bring huge financial losses. All other employees simply do not have access to such information, and leaking that information, which is available to 90% of employees, will cause almost no losses.
Now let us ask ourselves the question, is it worth it to fence such complex and expensive systems that, if you think about it, are not very necessary. That is, following from the positioning that the product helps prevent accidental leaks, it follows that it does not protect these products intentionally. And the probability of accidental leakage of very expensive information is so small that it is not worth the money that is spent on preventing it, although there are of course exceptions.
There is a rule for building information security systems: a security system should not cost more than the information it protects. And here it turns out just the opposite.
That is, products for protecting against information leaks (yes, I deliberately missed the word randomly) advertised and promoted to the market in the past few years are nothing more than a way to drain money?
From my own experience, which is not true in the last resort :-), I can divide existing products into two classes:
1. products based on fingerprints / impressions (fingerprint)
2. products based on morphological analysis
it is clear that each product contains both approaches, but one is dominant.
For example, the class of products based on prints / nuggets include products such as Symantec Vontu, Websense Data Security Suit; a class of products based on morphological analysis includes such a product as Infowatch.
Each approach has its pros and cons:
The first class of products (based on prints) has a short implementation time and can be put into commercial operation almost immediately after installation, but this approach requires centralization and clear structuring of information storage in the organization, which is a rarity even for confidential information .
The second class of products is more difficult to install and configure, and it takes considerable time to implement it, however, in this case, the structuring of information is not required, which in my opinion is a very big plus.
')
And now the actual reflections:
Communicating with the employees of vendor companies that are engaged in the development of DLP solutions, pay attention to the positioning of these very solutions: “Our product allows you to prevent INCIDENTAL leaks of confidential information.” I was thinking about the accidental leakage of confidential information. In my opinion, if a person works with confidential information, then he should be very attentive and he should not have SUCH accidents. And even if SUCH an accident has occurred, it is necessary to assess what the damage from this accident is. And in each company, probably, only 1-2% of employees have access to information, the leakage of which really can bring huge financial losses. All other employees simply do not have access to such information, and leaking that information, which is available to 90% of employees, will cause almost no losses.
Now let us ask ourselves the question, is it worth it to fence such complex and expensive systems that, if you think about it, are not very necessary. That is, following from the positioning that the product helps prevent accidental leaks, it follows that it does not protect these products intentionally. And the probability of accidental leakage of very expensive information is so small that it is not worth the money that is spent on preventing it, although there are of course exceptions.
There is a rule for building information security systems: a security system should not cost more than the information it protects. And here it turns out just the opposite.
That is, products for protecting against information leaks (yes, I deliberately missed the word randomly) advertised and promoted to the market in the past few years are nothing more than a way to drain money?
Source: https://habr.com/ru/post/67691/
All Articles