FeaturesInfrastructure

Data loss prevention (DLP) is a commonly known term referring to IT systems that are used to detect and prevent unauthorized use and transmission of confidential information in networks, storage and at end points.

In the cloud computing era when data can be processed and stored anywhere in the "good hands" of the cloud service providers, why should businesses still care about DLP? How can IT practitioners achieve the best synergy between DLP and cloud computing?

In this first part of an interview with Asia Cloud Forum (read Part II here), Websense’s Technical Manager William Tam (pictured) guides us through the basics of data loss prevention, and how it can integrate with the data security policies already in place in a cloud computing environment.

With more than 10 years of experience in the network security and wireless industry, Tam joined Websense in 2003 as system engineer for the Greater China region and has since 2005 become technical manager for Websense APAC region.

William Tam: Data Loss Prevention (DLP) is a set of technologies that protect information throughout its lifecycle, while posing minimal impact on the business processes.

DLP accomplishes this by ‘understanding’ both the content and context of information, matching them against central policies, and enforcing business rules. At the core, DLP uses deep content analysis to peer inside files and network communications to identify sensitive content, rather than relying on manual processes such as tagging, watermarking, and hand-classification.

In other words, DLP recognizes the information it is looking at (within limits), and matches it with the policies that are set for acceptable content usage.

Tam: Most early adopters of cloud applications (apps) simply assumed that cloud apps provide higher levels of data security. But when they were asked if they took any step to protect sensitive data in the cloud, the answer is far from comforting, according to a Ponemon Institute survey conducted in April 2011.

The survey found that close to 44% of the respondents took no action at all, while 32% relied on legal or indemnification agreements to protect their rights if something goes wrong. Only eight percent of the respondents would conduct informal self-assessment, and a surprisingly low five percent would involve the security team to conduct vetting and evaluation. So the real question is, most users of cloud applications may not know exactly what they are getting into and how secure their data in the cloud really is. 

Users that prefer cloud apps to traditional in-house solutions may want to benefit from an extended geographic coverage, especially if they operate with a fleet of mobile users and road warriors. But their data is more likely to be accessed and downloaded to laptops and mobile devices from unknown and untrusted locations through the Internet. That also increases the chance of data leakage, when compared to traditional in-house solutions.