Data Loss Prevention – Data In Motion, Not The Storage Media, Needs Focus
2 min read.jpg) |
| Thumb Drive |
I have been around the block and been involved with many different sizes and kinds of companies. Most eventually get to the point of blocking USB drives. Some spend a significant amount of money from blocking these little storage devices. Being in IT security, I chuckle every time I see a USB block policy go out and find out there is nothing to stop file copies, text in emails, share access to sensitive information, or any plan to look at that. The USBs are blocked, so we’re safe.
False sense of “security”.
At the end of the day, people are going to get the information out of the company and there is not much anyone can do about it. If someone can read it, it can be taken. The ever advancing Data Loss Prevention tools are easily bypassed by simply encrypting the file.
Where people store the data is irrelevant if you have proper scanning on what kinds of data is being moved. Allow USB drives, if you can see what’s being transferred to and from it, then you can stop it. If you put too much focus on USB drives, then people will start to use the ever growing list of online storage mechanisms to get your data out.
Dropbox
Google Drive
Box.net
Live Drive
Adrive
Mozy Home
to name a few…
Here’s a list of many more, several I have never heard of. http://www.tripwiremagazine.com/2012/06/online-file-storage.html The point is, the chase to block the storage mediums is a full time job and you will never stay ahead of it. Instead focus on the data in motion, scan the transfers, read the bytes, see the patterns, block it from happening in the first place.
Worry about the sources not the destinations. A standard DLP and USB blocks will stop the ‘Whoopsie’, stupid mistakes. Those are not what you have to worry about. It’s the malicious ones that take full copies of databases, spreadsheets of salary information with SSNs, credit card numbers and copies them out before you know it’s gone. That’s where the serious damage will come from, it may not be damage to you, but the holders of the SSN and CCD sure will be.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com
