Data loss detection and prevention

Yesterday I was speaking at a Butler Group masterclass on Information Risk and Data Loss Prevention. The discussions with delegates confirmed for me how seriously organisations now take this issue, as well as how difficult and complex it is to address it. There are no easy solutions. Technology offers very limited solutions, in most cases little more than a discovery mechanism for the security function.

That will change with time of course. Security technology will progressively become more effective and reliable at preventing leaks. The question is how long it will take before we will have the confidence to allow it to block suspicious transfers without human intervention.

The same arguments about intrusion detection and prevention apply to data loss prevention. The goal should be to stop breaches in real time, rather than just flag the event for later analysis. But we have to be confident that we can avoid the “false positives”. Otherwise we might end up closing down important business transfers.

In fact it’s rare to find organisations that have the confident to block rather than monitor intrusions. One reason for that is the need for better appreciation of the context of the transaction. This improves as we go higher up the protocol stack, which is why Secerno‘s data-level security technology can be trusted to block transactions.

Data loss prevention technologies offer the potential for recognising the context of transactions. Hopefully they will mature to a level that can deliver the confidence that security managers seek.