You are doing all the right things; you scan for viruses in e-mail; you limit attachments; you have an acceptable use policy that each employee signs yearly; you train on e-mail usage at new employee orientation; and against the wishes of some in the business, you disable USB ports so no one can accidentally unleash a virus into your network.
You come into work one day and are called into the CIO's office only to be told that someone is sending secrets to a competitor through e-mail. You asked how they know, and you are handed e-mail with the evidence as clear as Times New Roman font.
Sound like something that could happen to you? Of course it does, to you and everyone else not using Data Loss Prevention (DLP).
What is DLP? It is a technology that allows security professionals the ability to inspect, classify and apply policies on how to secure data that flows in, out and around your network. This includes data in motion, like e-mail, and data at rest, such as info in a SAN. DLP varies according to vendor implementation and can include appliances, software and services. These tools allow security professionals to do deep-packet inspection, identifying what is important to the business and apply a set of rules via policy across the organization.
American Apparel learned its lesson recently when someone from within the organization leaked e-mail from the CFO that the compnay was nearly bankrupt. This caught the attention of the Securities Exchange Commission, which is now launching an investigation of the company.
Top vendors in this space include RSA, the security division of EMC. Reconnex and Websense were named top leaders cited in a 2008 Forrester report. Verdasys, Vericept, and Trend Micro round out my list.
Remember, security must be implemented in a layered fashion. No one product can do everything, and although we do everything we possibly can -- and that money will allow -- data will find a way out of the organization. People manage systems and people are the weakest link in the security model. DLP just gives us one more tool to strengthen the link.