subject: Data Loss Prevention - Function Over Form In Asian Information Security Practices? [print this page] The organization of today is very different to that which was prevalent 50 years ago. Television was relatively new, there was no such thing as a DVD player, and personal computers were unheard of. Back then, business assets mostly consisted of physical items (equipment, stock, etc) and the skills and knowledge of the employees that operated and oversaw them. The business environment today is very different.
Business IS data, usually data moving across a network, which makes business network security and network performance monitoring critical business tools. The network has replaced the physical machinery of the past, and instead of being safely stored inside people's heads, transmissible only by speaking to someone else or physically writing and sending a letter, data is now everywhere ... instantly.
Smart businesses are protecting their data with a process-oriented Asian network security toolset called DLP - Data Loss Prevention. We look at this network of business best practices and why mature organizations use them almost exclusively.
How process-oriented DLP is different
Ordinary Asian information security practices are carried out on a point-by-point basis. They tend to be reactive; they also tend to be focused on 'perimeter security', when in reality, data needs to be secured at every point. Although most organizations focused their efforts on securing their Asian network operations against outside parties, most organizations said that their main concern was actually either the malicious misuse of information by an employee, or the accidental exposure of information by an employee.
Many managers may not realize that Data Loss Prevention practices actually secure information at every step of the way, whether the data is currently in use, in motion across the Asian network operation, or at rest (stored in a server, database or individual machine). By their nature, they help make everyone that comes into contact with data responsible for security, and also provides an audit chain that can be traced by IT security consultants in the event of a leak.
DLP covers all types of data
There are four broad categories of data within an organization; each of them is function-based. DLP implemented by a professional IT security consultant protects data and business network security at every one of these stages:
.Data at rest, such as that stored on physical servers, personal computers and laptops, USB drives databases, etc.
.Data in use, usually constituted by sensitive data such as contracts, pay information, classified documents, etc, while they are being worked on.
.Data in motion, which is moving across the network, being posted on the web, being transferred peer-to-peer, emailed or delivered via instant message.
.Data beyond borders, where the data has moved beyond the physical control of the network, but is still sensitive to being copied and used in an unauthorized way. Digital Rights Management principles can be used to restrict access to data based on identity.
Data Loss Prevention is much more than a case-by-case identification of Asian information security 'holes' (usually confined to a location on the perimeter), and reactive institution of fixes for those holes. DLP is a total, whole of enterprise, whole of data life, whole of staff solution to the problems faced by businesses whose main asset can be so ephemeral.
