Few security technologies have become as contrived and misunderstood as DLP, which can affect all aspects of the data processing end of a business. It all comes down to protecting data and preventing data from falling into the wrong hands-both intentionally or unintentionally. Yet, the complexity of today's solutions can leave items unprotected and solution providers liable if something goes amiss.
A complete DLP solution has multiple components, including protection for DIM (data in motion), DAR (data at rest), and data housed on end points. DIM, mostly email and attachments, proves to be the source for most company DLP violations. The problem is exacerbated by innocent mistakes, such as misaddressed email, improper file attachments or sending confidential information to a home office to work on over a weekend. Those examples show that the road to hell is indeed paved by good intentions.
DAR can be found in many places, ranging from server drives, to optical storage to SAN or NAS technologies. Further complicating protecting DAR is that the data is not static, and users must have access to the data to perform their duties. The trick here is to protect the data and not encumber the user with strict policies, which can result in incomplete data and a high number of false positives (incorrectly flagged as violations). DAR leaks can occur through other channels, ranging from lost or stolen backup tapes to improper FTP or VPN access.