Downloadable DLP targets 'unsolvable' issue
Web security vendor Websense Inc. is now offering a full-featured downloadable version of its data loss prevention (DLP) technology that IT admins should be able to download and install in less than an hour. But one industry expert warns that DLP is one of those unsolvable problems.
The new offering from Websense is built to address the hurdle of complex deployment that DLP technologies often require, said John Yun, senior product marketing manager for DLP with the Santiago, Calif.-based vendor. "You can download the product similar to a very tightly packaged software," said Yun. "That is just unheard of in the DLP world."
The downloadable version from Websense has many capabilities like Web security and URL filtering integrated in the back end, thereby making installation easy while reducing the physical footprint, said Yun.
Aside from addressing complexity, Yun said the tight integration of Web, e-mail and data means that IT admins get a greater degree of visibility into security logs. A typical log presents only the bare essentials like an IP address, but Yun said tight back-end integration offers more details like user identity, the user's manager and even the phone number.
"It may say the user attempted to send confidential data to this Gmail account," said Yun.
This also holds tangible value to the business leaders and helps the IT organization get buy-in for the technology, said Yun. "We also recognize that doing the back-end work of correlating the data takes a significant amount of time from a business perspective," he said.
Ottawa-based security consultant Brian O'Higgins thinks Websense's downloadable DLP model is an admirable and brave attempt at addressing DLP and he only hopes it will work. "DLP is an unbelievably huge problem I would put in the 'impossible to solve' bucket," said O'Higgins.
The proliferation of technology today means that employees can use myriad devices like an iPhone to snap an image of confidential data from a computer screen. "DLP doesn't stop that," said O'Higgins.
Given security breach incidents like that of Durham Health region in Ontario in December 2009, where an unencrypted USB device went missing, Yun anticipates the downloadable DLP model will gain traction among organizations wanting to prevent such an incident.
While the downloadable DLP model is useful for small-to-medium sized businesses who are often resource-strapped, Yun said large enterprises will also find value given the offering is full-featured.
Yun said Websense's downloadable DLP offering is also designed to be region-specific, for Canadian customers for instance, with policy wizards that can be customized for particular industries and regions.
O'Higgins said canned policies work as long as they are configured correctly, but that can be laborious given the volume of information that must be first scanned. Although policies will work better for smaller organizations, O'Higgins said small businesses are less likely to have even heard of DLP to know they must address it.
Overall, O'Higgins said there will always be a new security whole that emerges post-DLP deployment. For instance, other security technologies might even work against DLP like encrypted data that DLP cannot scan.
The downloadable DLP offering is a continuation of Websense's strategy to tightly intertwine Web, e-mail and data. The company already released last February a unified console and architecture called Triton that merges DLP with e-mail security. "You can expect more of that consolidation," said Yun.