In the past few days, we’ve heard a surge of customer requests on how best to manage the risk of data-breach from malicious insiders or well-meaning insiders.  The latest data breach events making headlines are an obvious driver behind much of this concern. Security practitioners today are confronted with a large complex threat surface of exposure of confidential information: data left on laptops, information copied to USB devices, stored on smartphones, posted on blogs, burned to CDs and DVDs, and sent via IM and e-mail.  The consequences for loss of this data are already quite severe including regulatory fines/sanctions, brand damage, and customer attrition.  For many practitioners, the recent press indicates a further escalation in the consequences of breach of sensitive data.

Conversations with customers on this topic have been quite interesting and in this post I’d like to share the broad outlines of the countermeasures we’ve discussed with them.  The primary defenses we’ve worked out with our customers include:

• Identify high value information assets that may be at risk of breach
• Detect at-risk confidential data exposure (at-rest, in-motion, or in-use)
• Use these detections to drive remediation measures like:
  • Automated employee education
  • Encryption of data exposure events both at-rest and in-motion
  • Interception/remediation of high risk exposure events
  • Pre-emptive deletion of at-rest data no longer in use
• Proactively encrypt laptops to minimize consequences of a lost device

In short, we recommend a four-pronged approach: i) detection, ii) interception, iii) encryption, and iv) preemptive-deletion.   This entire approach revolves around the answer to a deceptively simple question: “Do I know where my most critical data is and where it’s going?”  Today, Data Loss Prevention technology has clearly emerged as the best tool to answer this basic question.

As pioneers in this field, the Data Loss Prevention Division of Symantec has led innovation on the crucial techniques to make these capabilities a reality.  We have a well-established track record of helping organizations identify high-value data and formulate detection policies that can detect and remediate the exposure of crucial intellectual property, customer data, financial data, executive communications, and a broad range of other sensitive data types.

I realize there are some who doubt this kind of detection and remediation is really possible, but I think many of the doubters haven’t seen the latest capabilities on what DLP has to offer. Advanced detection algorithms, combined with a wide breadth of frontiers of protection provide formidable new defenses against the theft and/or accidental exposure of confidential data.

If you still doubt this is possible, don’t just take my word for it: we have many customers who have used DLP to detect and intercept a rogue’s gallery of malicious insiders.  We’ve scored several arrests on high-stakes malicious insider events and I expect this trend (sadly) will continue and will escalate.  Bottom line: this isn’t just theory, we are actually detecting and stopping theft of data.

Only when you know where your sensitive information is and how it is being used will you be able to protect that data from possible loss.  Any organization facing these risks has to ask themselves: “Do I know where my most critical data is and where it’s going?”  Without a clear answer to that question, our field experience shows it’s pretty hard to have a substantial defense against its breach.