DLP Connectors

Over the past few years, companies have spent a lot of time and money on solutions that protect their unstructured data (e.g. emails, documents, designs, drawings), solutions ranging from basic 'port blocking' technologies to high-end Data Loss Prevention (DLP) and Information Rights Management (IRM) technologies.

A lot of companies are confused, by which data security best fits their company's needs. Before we figure out a solution, lets first look at the problem of securing unstructured information a little more carefully. Unstructured information goes through a life cycle of create - store - transmit/collaborate - use - archive - delete. The information security needs of a company will be defined by what stage of the life cycle they want to secure. A completely 'aware' company will have systems in place to discover information, monitor it’s flow, protect it to ensure compliance with company policies, and maintain an audit trail.

What does a DLP system like Websense DLP do?

Websense DLP discovers data lying at various locations like desktops, file servers and databases. It classifies them into various 'filing cabinets' based on centrally defined content patterns. It monitors and controls the flow of this information based on centrally defined policies.

Lets consider a case of a person having credit card details on his computer in a document. These systems will do the following:

'Discover' the presence of this document on the user's computer and 'classify' the document into the 'Credit card data' cabinet.

'Protect' the flow of this document. For example, it should not be emailed outside of the organization, and additionally, it cannot be uploaded on any website.

'Audit' the flow of this document. For instance, 'The document was sent to a colleague,' the document was 'attempted to be copied to a USB storage device'.

What does it not do: DLP policies apply to information within the company. Once information moves out to business partners the DLP policies are no longer applicable. The DLP system does not encrypt information, so in cases of device theft, data can be compromised.

What context is DLP useful in: A DLP system is useful in contexts where data is lying in heterogeneous systems and companies need to start with a method of 'discovering' their own data. This 'discovery' typically leads to formulation of rules and policies for protection and audit compliance to regulatory frameworks such as ISO, SOX and GLBA.

What does an IRM Secure FileSecure do: IRM Secure FileSecure encrypts the information and associates a 'usage policy' with each piece of information. The usage policy typically governs WHO (users / groups, within / outside of the enterprise) can use the information, WHAT (read, edit, forward, print) can each person do, WHEN (after a certain date, for a defined time period can this be done), and from WHERE (from official laptop only). The encryption and the policy is associated through out the lifecycle of the information.

IRM Secure FileSecure will:

'Define a usage policy' whereby users can define the WHO / WHAT / WHEN / WHERE for different kinds of information. For example, Board Meeting minutes can only be accessed by internal and external Board Members, the company secretary, and no one else.

We also implement policy controls by ensuring that usage of information is as per the defined policies. For example, looking at financial statements should not be circulated before Tuesday morning.

Audit the usage of information by centrally reporting WHO has done WHAT with the information, WHEN and WHERE.

What does it not do: IRM Secure FileSecure does not put controls on the movement of information like blocking e-mails and Web uploads. Controls are implemented when information is being used. IRM Secure FileSecure also does not typically discover or classify the data.

What context is IRM Secure FileSecure useful in: IRM Secure FileSecure system is useful when information usage policies need to be implemented in a highly collaborative environment, which includes internal and external stakeholders, partners, and subcontractors.

Why would you need both the solutions?

A combination of IRM Secure FileSecure and Websense DLP helps in the discovery, protection and auditing of information usage and flow. In this case the combined IRM Secure and Websense solution streamlines information classification, protection and auditing by automating policy-based controls. The content-aware Websense Data Security Suite eliminates the need to manually classify and secure files, while IRM Secure FileSecure then automates and extends the appropriate security controls to the files and emails. The integration helps organizations maximize their investments in IRM Secure FileSecure and Websense DLP for better, more effective security at a lower total cost of ownership.

A combined solution enables business workflows while protecting sensitive information.

Benefits include:

  • Extending DLP policies outside the company’s perimeter.
  • Lowering IT administrative overhead through automated application of content-aware policy controls.
  • Facilitating compliance and auditing of 'unstructured' data, (e.g., PDFs, MS Office formats, email, Web pages) inside and outside the organization.
  • Maintaining business workflows while securing sensitive data.