Data Loss Prevention: Data-at-Rest vs. Data-in-Motion



Similar documents
Data Loss Prevention Program

The Impact of HIPAA and HITECH

Data Breach and Senior Living Communities May 29, 2015

HIPAA DATA SECURITY & PRIVACY COMPLIANCE

AB 1149 Compliance: Data Security Best Practices

ITAR Compliance Best Practices Guide

Information Security Policy

M E M O R A N D U M. Definitions

HIPAA Compliance and the Protection of Patient Health Information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

PULSE SECURE FOR GOOGLE ANDROID

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Top Ten Technology Risks Facing Colleges and Universities

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Best Practices for DLP Implementation in Healthcare Organizations

Managing IT Security with Penetration Testing

Cisco Security Optimization Service

Strategies for assessing cloud security

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

Cisco SAFE: A Security Reference Architecture

Cyber Threats: Exposures and Breach Costs

CA Technologies Healthcare security solutions:

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Payment Card Industry Data Security Standard

Protecting Regulated Information in Cloud Storage with DLP

Teradata and Protegrity High-Value Protection for High-Value Data

Enterprise Computing Solutions

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

Securing and protecting the organization s most sensitive data

Preemptive security solutions for healthcare

Cloud Computing: Legal Risks and Best Practices

Document Imaging Solutions. The secure exchange of protected health information.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

10 Threats to Successful. Enterprise Endpoint Backup

HIPAA Violations Incur Multi-Million Dollar Penalties

Stay ahead of insiderthreats with predictive,intelligent security

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Application Security in the Software Development Lifecycle

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

How To Secure Your Store Data With Fortinet

Data Loss Prevention Best Practices for Healthcare

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

The Advantages of Security as a Service versus On-Premise Security

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

How To Protect Your Data From Being Hacked

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Don't Be The Next Data Loss Story

VDI Security for Better Protection and Performance

FACT SHEET: Ransomware and HIPAA

IBM Security QRadar Vulnerability Manager

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

ALERT LOGIC FOR HIPAA COMPLIANCE

Identifying Broken Business Processes

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

10 Building Blocks for Securing File Data

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Discussion on Network Security & Privacy Liability Exposures and Insurance

PCI DSS COMPLIANCE DATA

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

A Buyer's Guide to Data Loss Protection Solutions

NZI LIABILITY CYBER. Are you protected?

To Catch A Thief: Preventing the Next Fortune 500 Data Breach

How To Protect Your Data From Theft

HIPAA Security Alert

Managing Cyber & Privacy Risks

Transcription:

Data Loss Prevention: vs. Data-in-Motion Despite massive security efforts in place today by large organizations, data breaches continue to occur and identity theft is on the rise. Something has to change. This paper compares the two primary prevention strategies to demonstrate the strength and value in securing and Data-in-Motion. We analyze historical research to highlight the true nature of data breaches and help you determine which strategy is right for you. In nearly every comparison, from cost to effectiveness, Dataat-Rest solutions emerge as the stronger data loss prevention strategy.

Executive Summary The dramatic rise of identity theft has placed tremendous focus on data loss prevention (DLP) technologies. The FTC reported 9 million Americans have their identities stolen each year. 1 In response, federal and state governments as well as industry regulators have enacted laws requiring organizations to improve their handling of sensitive data and have stipulated monetary penalties for organizations that violate these laws. Additionally, the cost of data breaches has risen as breached organizations must often provide credit monitoring services for affected individuals while also suffering reputational damage from state mandated public disclosures. Despite increased focus and costs, many organizations are unclear exactly what problem they are trying to solve. Managers often try to protect data while it is in motion, going off gut intuition, while in fact their institutions are suffering from exposures of unsecured data at rest. Two technology solutions now exist to help with this problem: DLP solutions to protect data stored on computers and Data-in- Motion DLP solutions to protect data in transit. These technologies complement each other but solve different problems. is becoming much more common within enterprises because of its ability to find and protect data at its source. Data-in- Motion is more widely implemented but its strength is in preventing data from leaving the organization when users break policy and send unprotected data. While Data-in-Motion is probably more common, only a small percent of data breaches since 2005 have occurred as the result of a breach that would have been prevented by Data-in-Motion. This white paper performs an analysis of and Data-in- Motion DLP solutions, including historical research, to present the case for a DLP strategy and solving the data leakage problem at its source. Data Loss Prevention Technologies The widespread usage of Data-in-Motion technologies has historically resulted in them being synonymous with Data Loss Prevention (DLP) technologies. However, today DLP technologies fall into two main categories: and Data-in-Motion: : This term refers to data stored on computers, stored on storage devices, or being used by the data owner. It excludes data traversing a network. Examples include files or e-mails saved on a hard drive or server. Data-in-Motion: This term refers to data transmitted across a network. This data can be regarded as secure if both hosts are capable of protecting the data and a third party cannot eavesdrop on the communication. Depending on an organization s risk tolerance and the type of data breach most often occurring, the appropriate DLP technology should be used. For example, if the most frequent type of data breach is the theft of laptops with unsecured files, then a solution is most appropriate for the organization as a Data-in-Motion solution would not mitigate this risk. If the most frequent type of breach is an employee accidentally emailing data copied from a spreadsheet or other source, a Data-in-Motion solution is more appropriate. Data Breaches Solving an organization s data loss problems requires understanding the nature of the most relevant breach type and then building a solution with the appropriate methodology. See the table below for a list of data breach types and solutions. Data Breach Hacker (includes malware) Digital Media (lost/stolen computers, backups, etc.) Web Content Accidental Transmission (e-mail, etc.) Physical Media (lost/stolen papers, etc.) Dishonest Insider Solution, Data-in-Motion Data-in-Motion Policy Policy, Access Controls Access Controls 1 http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identitytheft.html 2

As can be inferred by this table, no single solution is sufficient to protect against every threat within an organization. Based on your own risk analysis, one technology might be favored over another. Additionally, please note a complete solution involves not only the use of technology but buy-in from the people involved and strong processes. Which Technology is Right for You? One key differentiator between these solutions is that solutions offer organizations the ability to be corrective and proactive. They allow organizations to address the root cause of most data loss scenarios by securing data at the source. When sensitive data is found with one of these technologies, it encourages an organization to shred it, redact it, or secure it. More advanced technologies also provide centralized reporting on aggregate risk exposure. Analysis showing trends of this information over time can help organizations determine if their policies are sufficient and effective. Data-in-Motion solutions are preventative as they block transmissions, but they do not provide root cause remediation capabilities. As such, organizations exclusively using Data-in-Motion technologies do not have information that allows them to proactively take action and minimize exposure risk. For example, Datain-Motion technologies will not notify or give indication about the creation of new instances of unsecured sensitive data. An employee e-mailing an attached spreadsheet with sensitive data may repeatedly send the file only to have it blocked multiple times. This differs from a solution that could have simply secured the unprotected spreadsheet the first time. Another key differentiator with these solution methodologies is that with technologies the responsibility for managing discovery and remediation efforts can be pushed from the IT staff to individual data owners. This is different than with Datain-Motion solutions, which always require centralized Changing behaviors by empowering employees to minimize overall risk is a major strength of technologies. administration by IT staff. By pushing the processing power and remediation tasks to an organization s data owners, an institution has the ability to inform and educate its employees and influence their behavior. Changing behaviors by empowering employees to minimize overall risk is a major strength of Data-at- Rest technologies. Employees essentially become a self-policing cloud and a part of the long-term security solution. Similarly, because employees can be empowered with technologies, these technologies are viewed as being friendlier to an organizational environment. Data-in-Motion technologies can only be centrally managed and impose strict policies on individuals, so they are sometimes perceived by employees as being intrusive and heavy-handed. For this reason alone, some organizations prefer solutions. Data-in-Motion technologies key strength is their ability to prevent accidental transmission. Intentional transmissions are often not prevented as users are typically sophisticated enough to find a way around these monitoring technologies. While Dataat-Rest solutions do not prevent accidental transmission, they often do reduce their likelihood. A Dataat-Rest technology highlights the existence of unsecured files and encourages the owner to shred it or encrypt it, thereby securing the underlying data. Thus, when the data owner sends the encrypted file, the transmission does not expose any sensitive information. The Data-in-Motion Illusion Data-in-Motion technologies are not comprehensive DLP solutions and continue to be circumvented. Consider laptops, which often leave an organization s technical infrastructure. When these devices are used by employees in public environments they are at much greater risk because the data-in-motion technologies cannot extend their processing to these third party environments. 3

Data-in-Motion technologies can only prevent exposures when those exposures occur in clear text. Hackers capable of penetrating an organization s security defenses are generally sufficiently sophisticated and establish secure tunnels through which to transmit private data because they know Data-in-Motion technologies may be present. This act of encrypting data while in motion negates the effectiveness of Data-in-Motion solutions. Data-in-Motion technologies are more complicated to implement and operate than technologies. Upfront, Data-in-Motion technologies require additional hardware and professional services expertise to deploy. They are not plug-and-play. The nature of the data transmitted is different for each organization and the exact policies desired by each organization often require special configurations. After initial deployment, Data-in-Motion technologies also require continuous tuning to optimize their behavior. Improper configuration dramatically reduces the effectiveness of the blocking technology. Data-in-Motion solutions also require constant monitoring and place a performance strain on the network. Unlike solutions, which can be scheduled to perform scanning during off-peak hours, Data-in-Motion technologies are always on and constantly sniffing the network for data. This constant sniffing can dramatically reduce an organization s productivity or force the organization to purchase more expensive infrastructure to support the increased network demand. Conversely, solutions only have software and maintenance costs and minimal, if any, hardware requirements. Most solutions can be installed on preexisting hardware and are relatively simple to use. They do not usually require any professional services for configuration and setup. All in, the total cost of ownership for a solution will typically be less than half of a Data-in- Motion solution. Historical Research If the saying history repeats itself is true, then performing historical analysis should give managers insight into the nature of the data loss most likely facing their organization. According to Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy organization, since January 2005 more than 260 million records containing sensitive personal information were involved in security breaches in the United States. 2 Identity Finder has manually classified this dataset by type of data breach and solution methodology to develop the following charts. 3 Data Breaches by Type Total Cost of Ownership solutions are far more affordable than Data-in-Motion solutions. Data-in-Motion systems typically carry more expensive initial software costs, hardware costs, professional services costs, and ongoing maintenance costs. Minimum infrastructure requirements, including network bandwidth and hardware, can cost anywhere from $25K-$150K depending on the size of deployment. Additionally, the professional services required to initially configure Data-in-Motion systems are quite substantial and can cost as much, if not more, than the software itself. The greater the level of configuration and sophistication desired by an organization, the higher the cost. Accidental Transmission Digital Media Dishonest Insider Hacker Physical Media Web Content From this analysis, it is clear that the two most frequent types of data breaches involving personal information occur from loss of digital media (44%) and hackers (22%). These could have completely been prevented by a solution if the data had been found and secured before the incident. Note that the typical types of data breaches often discussed socially, such as an employee accidentally 2 http://www.privacyrights.org/ar/chrondatabreaches.htm 3 Classified data available upon request. 4

emailing sensitive information or resulting from a dishonest insider, account for only approximately 6% and are not major sources of data breaches. Diving deeper into the analysis, we can see the percentage of data breaches could have been prevented by various DLP strategies. Data Breaches by Solution About Identity Finder Identity Finder, LLC was founded in 2001 by innovative security experts. Its security and privacy technologies provide businesses and consumers the ability to prevent data leakage and identity theft. The company has quickly grown to become a leader in identity theft prevention by helping millions of consumers, small businesses, and enterprises in over fifty countries. Data-in-Motion /Data-in-Motion From historical analysis, it is clear that a solution would have prevented the most data breaches and is the most appropriate data loss prevention methodology for organizations to implement. The nature of data breaches is such that securing Data-at- Rest will most likely have the greatest impact toward reducing data loss. Conclusion Organizations must consider the relevance of a DLP strategy before implementing a solution methodology. From historical research it is clear that most data breaches occur because of unsecured Dataat-Rest. Best of breed solutions that implement both and Data-in-Motion technologies are complementary and increase the level of protection for an organization. However, most managers must maximize the impact of limited budgets and choose one methodology over another. Therefore, managers should realize that the greatest threat facing their organizations is unsecured and implement a security solution to address this risk and maximize the return on investment of their budget. Copyright 2009 Identity Finder, LLC. All Rights Reserved. Identity Finder and the Identity Finder logo are trademarks of Identity Finder, LLC. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information