December 17, 2010, 11:53 AM — In the aftermath of the Wikileaks fiasco, enterprises are wondering what the breach of so many sensitive documents means, and if such an event could ever happen to them. One of the technologies vendors and solution providers are feverishly pushing as the answer is Data Leak Prevention (DLP) technology.
According to IDC, while sensitive information leaks were seen as the second greatest threat to enterprise security, only 31.4% of organizations had adopted DLP. At the time of the study, which was December 2009, only 14.5% of organizations had plans to purchase DLP. It's probably a good hunch, considering what has become public on the Operation Aurora attacks and the more recent Wikileaks phenomenon, that many enterprises are giving DLP a much closer look today.
MORE ABOUT DLP
- Security analyst to DLP vendors: Watch your language
- Unmasking DLP: The data security survival guide
- 3 ways pen testing helps DLP (and 2 ways it doesn't)
- Solving the DLP puzzle: 5 technologies that will help
DLP is widely marketed as the way to stop confidential information from sliding out the door on notebooks, smartphones, iPods, portable storage, and many other devices. Or, as US Army intelligence analyst Private First Class Bradley Manning is alleged to have done: copy and walk away with reportedly 250,000 files designated (at the least) as classified -- on a writable CD labeled as Lady Gaga music -- from the Secret Internet Protocol Router Network (SIPRNet). SIPRNet is run by the US Department of Defense and the U.S. Department of State.
Would having DLP in place had prevented that leak? Analysts are doubtful. DLP technology is very good at protecting specific types of information, but not protecting all of the information generated and managed by an organization. "In this case, the content taken appears to have been a mass amount of information that Manning had legitimate access to," says Rich Mogull, founder and analyst at the research firm Securosis. "DLP is not good at stopping this sort of incident, where a broad amount of data is taken."
Experts also agreed that while DLP has its place in the enterprise, it would provide no definitive protection against similar attacks from trusted insiders. "There is no 100% solution to stop a motivated insider from stealing information," says Mike Rothman, president and analyst at Securosis.