The recent publicity about the whistle blower platform Wikileaks has risen some discussions: Where are the borders of free speech? And more importantly: How can I prevent that data leaks out of my organisation?
The answer to the first question has to be given by the justice. The second question has a technical answer though: Data Leakage Prevention, or short DLP. There are systems available to implement strategies to prevent data from getting into the wrong hands.
DLP starts with defining user groups with their dedicated access rights. Most users should only get acess to public information or information that wouldn’t hurt much if it leaked. Secret information should be accessable only by a very limited circle of people who have proven to be trustworthy.
Therefore data has to be put into databases which allow for such access control. Those databases belong on access-restricted, encrypted server systems, and only allow access via encrypted channels. The users’ systems should be well protected, too: Starting with Windows Vista it is possible to deny access to USB storage devices via group policies, for example.
On the gateway servers, a security solution should limit outgoing and incoming traffic and additionally should be able to analyze the traffic for suspicious data.
DLP solutions are based on such a concept – which needs to be a trade-off between security level and usability. The costs have to be taken into consideration as well. Another point is that if the employees are too restricted, they can’t work efficient anymore.
But for a fast solution such a concept is possible to do “in small” and relatively easy to bring to live. The simplest one is to use access restrictions and encryption for the confidential data which only a few persons like the company management should have access to.
Data Security Expert