DLP (Data Loss/Leakage Prevention) has a habit of perplexing decision-makers: having been hailed several years ago as a revolution in information system security, it is constantly being defined and redefined, in an attempt to answer these key questions:
- Can we really afford to do without a ‘people-focused’ project, a procedures census and a staff awareness-raising program?
- Should the program set out to protect employee’s personal data or the organization’s information capital (financial statements, patents, sales proposals)?
- Should it aim to prevent, or simply to detect, leaks?
But the default method – which involves re-using a collection of security functions (checks on ports, authentication, cryptography…) to ensure that they are consistent, using a scalable administration system – has its limitations. Most notably, IT Directors do not always fully sign up to this approach when it comes to initiating this kind of project. Which means a whole new approach is needed.
Bull – with all the technological strength of Amesys in handling protocols and content for the defense sector – can now offer customers a radical DLP solution focused around a functional core that targets sensitive data among the massive number of data flows coursing around every network.
Bull’s DLP architecture consists of a series of information sensors distributed throughout the enterprise, which relay any useful information back to an administration console operated by the organization’s DLP advisor (usually the Information Systems Security Manager). Confidential content is recognized by looking for predetermined keywords, expressions or markers, as well as by a comparison of all textual content (in office documents, email messages, discussions…) that contain reference material.
Sensors can be adapted for use on any segment of the organization’s network, and processing can be carried out in situ if the flows are relatively large, to avoid duplicating too much information in the core of the solution itself, either:
- On links connecting the organization to Internet or other locations within the organization
- On entry points to Data Centers or printer pools
- On special points that can be defined as and when necessary.
It is also worth noting that a DLP project can help the target organization rationalize the way its computing resources are used, with the aim of controlling communications:
- Access to printing resources and storage will be combined
- Only previously registered encryption systems will be authorized
- Unidentified flows could automatically trigger an investigation of some kind.
Important note: the content inspection engine capitalizes on Amesys’ widespread knowledge base; it can decode more than 200 different protocols and applications (Web-based and corporate messaging systems, forums, chat applications, social networks, print flows…); one possible scenario is to connect it to a ‘speech-to-text’ component, which will also allow it to scrutinize spoken conversations