DLP can be a difficult matter to address, because data leakage can happen in many different ways. Some security vendors attempt to address it at the network boundary – either at the firewall, or in a separate appliance alongside the firewall – by looking for keywords or data patterns in email or file attachments that are being sent to external destinations. E.g., a string of numbers in the format xxx-xx-xxxx is likely to be a Social Security number, a string of numbers in the format xxxx-xxxx-xxxx-xxxx is likely to be a credit card number, etc. But that doesn’t block all leakage vectors, particularly if an employee is determined to steal company data.
Most of the news stories these days are about data loss from malicious actors outside of an organization who have somehow gained access to sensitive data. But studies have indicated that almost 80% of businesses have had some kind of internal data leak. 60% of employees do not consider downloading an employer’s sensitive data to be an issue. 50% of employees take away internal data when leaving an organization, and 40% plan to offer this data to their new employer. So how do you protect against that?
You can create policies that prevent users from writing data to USB devices, but then you’re impacting the many legitimate uses for USB devices. You can also create policies that disable the Windows built-in CD/DVD burning functionality…but that won’t prevent users from using third-party software to burn them, unless you lock the workstations down so that third-party software can’t be installed. And again, as you probably know from experience, the more restrictions you put on user functionality, the more push-back you get from users who complain that the restrictions are hurting their productivity.
And there’s always the danger posed by a lost or stolen laptop or USB drive.
Safetica addresses these issues at the endpoint, where the action happens. This endpoint agent, managed from a central console, covers all major data leak channels: you can restrict clipboard copy, email attachments, file sharing services, USB device copy, CD/DVD copy, and printing – including printing to virtual devices such as printing to a PDF file. You can track exactly who accessed what information when. You can restrict access to non-business-related Web sites. You can ensure that drives on portable computers are encrypted. You can get real-time alerts of suspicious activities. And you can generate management reports that give you granular visibility of what your employees are actually doing.
Here’s a four-minute video overview of how Safetica can help protect your company’s data: