Data Loss Prevention
Is this information random, confidential or public?
None of us likes to lose data. Usually data loss is tied to defects of storage media. You can counter physical data loss by having sufficient and recent copies of your data. This is where the logical data loss kicks in – unauthorised copies. Espionage thrives on these copies, and since information can be sold so does crime. Establishing a proper data loss prevention strategy and implementing it, requires a combination throughout all branches of information security.
First you need to define some classifications for all your data. Public, private and confidential is common. Then you must find all places where your data is stored. You noticed the small word „all“. Yes, that’s right, all places and every single bit of your data. If you start getting sloppy at this stage, your defence against data leaks will be sloppy, too. There are no short cuts.
Once you have done that you can start dividing your organisation into compartments according to the data classifications. You can use everything you already have, such as firewalls, proxies, every application level gateway and filter system. Some products on the market can even „retrofitted“ with data loss prevention capabilities. Don’t forget to extend your protection to all end points in use (this is the part where BYOD bites you in the back provided you allowed a zoo of arbitrary devices). You will have to spend some thoughts on devices using mobile phone networks, because you cannot shut them out (legally that is).
After you have done all of this, you can turn to removable storage devices, analogue leaks and human imperfections. You will have to keep an eye on your filtering devices. Until the Nobel prize for improved signature-based algorithms has been awarded to security researchers, you will have to deal with ever changing signatures of your data. There’s a plethora of data formats our there, and you most probably will not be able to reduce data transformations. In turn you have to accept that your data might change and might evade loss prevention. Malicious software does it all of the time.
So, are we done yet? Probably not, but it might be as good as it gets. Maybe you have some thoughts or experiences to spare and might want to tell us about it. Our CfPs for DeepSec 2012 and DeepINTEL are open. You can drop us a line by e-mail or comment to this posting as well. How do you eliminate data leaks? Please do tell.