Visiting Nurses, which had already been making use of the Websense Security Gateway, recently added the vendor's DLP gateway functionality. Using the DLP discovery tool (technology deriving from Websense's acquisition of PortAuthority in 2007), Visiting Nurses has determined where sensitive data is located in its 30 file servers for the purpose of detecting and blocking breaches, including inadvertent ones.
Plans are to add DLP data-blocking capability into mobile computers used by nurses. Any alerts would be collected into the firm's Symantec security-event management system, Whiteside says.
"If a user attempts to send a file, we would want it stopped at the gateway, with an alert generated and sent to the [management system]," he says.
Support from business managers for DLP has been solid, especially as the IT department is also under constant pressure to grant more open access, Whiteside says. "From the data stewardship standpoint, it's on my staff to make sure people are doing what they're supposed to do," he notes, adding he does expect it to take up to half a year to deploy DLP widely as business processes are closely scrutinized.
And DLP does nothing if not give an organization a clear picture of how content gets distributed internally and to the outside. "The visibility you get is incredibly useful," Jacquith notes. "Some people even talk about using it for chargeback."
While the accuracy of DLP products is regarded as good, the tools aren't impervious to being tricked. James Wingate, director of the Steganography Analysis & Research Center in Fairmont, West Virginia, says it's possible to hide a file inside another using steganography tools and "DLP tools will not detect it."
Dave Meizlik, director of product marketing at Websense, acknowledges data hidden through steganographic tricks may slip through a DLP system. Encryption also is problematic in that a scrambled document would have to be decrypted to have its content inspected. In some cases, that can be set up under an authorized encryption method. Documents that have been encrypted with unauthorized methods could be flagged as suspicious.
Gijo Mathew, vice president of security management at CA, which acquired DLP start-up Orchestria last January, says encryption can be regarded as a weak point in DLP today. "If it can't read it, it can't analyze it to block it."
In fact, the role of encryption looms large in DLP, with the more sophisticated systems designed to block and hand off e-mail that should be encrypted to other security products the organization might use. CA DLP, for instance, works with products from Voltage, PGP and BitArmor so data tagged as sensitive can be automatically handed off for encryption before transmission.