Last Christmas, I gave my son-in-law a pair of pipe wrenches! I thought, 'What a great gift!' My wife, my daughter and I suspect my son-in-law were nonplussed. I assured them this was a truly great and thoughtful gift. They were perplexed but they could tell I was obviously excited. Well, the day did come, when a plumbing need arose – and on that day, my son-in-law learned just how wonderful pipe wrenches could be! (Come on guys, back me up here, don’t you get a thrill every time you have occasion to use your pipe wrenches – and by the way – you always need two, never just one).
Let me now transition my story and object lesson to the subject of Data Loss Prevention, or DLP. The concept of DLP is fairly simple. You want to keep data, and in particular, sensitive data, in the right place, and available only to the right persons and applications and at the right time. Sort of the way you want to keep water in the pipes. You want the water to come out of the faucet when you open it up. You do not want it dripping and leaking in bad places like walls, ceilings and basements. See the connection to my story? And in a similar fashion, if you have never experienced a data leakage problem before, you may be a bit nonplussed when your security team tells you that you need DLP tools, policy and training (you need your DLP pipe wrenches).
It’s a big subject, and I like to keep my blogs short (my English teach taught me this principle) however, let me give some examples.
- Do you control thumb drive use?
- What about those TeraByte USB drives, ever notice those sitting on a desk in the office?
- How about CD or DVD burners? Can you say WikiLeaks?
- Do people want to copy real data into the lab so that they have better data to test against?
Drip, Drip, Drip..
You might need to have some DLP pipe wrenches (and once more, you may need more than one):
- DLP software. I am not saying you need to rush out and spend thousands on a software package. In fact, software by itself often is not an effective solution. Culture, training, practices and policy are equally essential. But I do want you to be aware that DLP software solutions exist.
- Security awareness training can help teach principles that make people aware of the problem
- Computer, data and other security policies, and controls
- Technical and procedural controls on portable devices – such as requiring thumb drives to be encrypted or disabling the USB ports on laptops and desktops
- Classify your data, identify where it lives and what its boundaries are, then assess your operations and whether or not your day-to-day actions result in data moving to places it does not belong.
- Internal Audits – validate your controls are in place and working
Having read this, I want you to immediately go and locate your DLP pipe wrenches, and remember they come in various sizes. If you have some small ones, you may also need to get some big ones or visa versa. Don’t wait for Christmas.
It is time now to end my tale. My pipe wrenches are in hand and I am off to check the plumbing and make sure all my water stays where it belongs – in the pipes.