September 10, 2012, 8:57 PM — We had been making good progress in demonstrating the value of our still limited deployment of data leak prevention (DLP) technology until a setback a couple of weeks ago. Ironically, the setback was due to an expansion in the use of encryption, something that I would normally embrace wholeheartedly.
Suddenly, the data leak prevention tool can't see any Exchange mail on the network. Action plan: Figure out what's wrong, and then find a way to make the mail visible again.
Some background: We rolled out DLP earlier this year, but with resource constraints; I've been seeking more backing for this technology by proving its worth in protecting the company's intellectual property. Given a tight budget, we decided it would be most effective to deploy DLP in a limited but highly targeted way. For example, we aren't alerted about every document containing the words confidential or restricted but instead rely on a recent audit that identified specific documents containing key sensitive data. This short list of highly sensitive data includes product road maps, source code, price books, business development plans and confidential financial data.
Meeting with representatives of each functional unit, we learned that some of these documents are stored in Microsoft SharePoint libraries and others on Unix Network File Shares or Microsoft CIFS File Shares. For example, the vice president of sales told us that price books are stored within a departmental share on a Windows file server and then sent out via email to a distribution list. With that information, we were able to configure our DLP software to automatically index that file share once per day, with the index matching so tight that even a small portion of the price book that was pasted into another document or email message could be identified.
Where Did It Go?
As a demonstration for management, we copied part of the price book, which is an Excel spreadsheet, and pasted it into an email message that was then sent to a webmail account. This triggered an alert notifying us that the email contained data from the price book. Score one for DLP. But a couple of weeks ago, this demonstration started to fail, because we were unable to see any of our Microsoft Exchange email traffic.