Data protection has become one of the most pressing technology issues at enterprises over the past few years, but security professional and Dark Reading contributor Jared Thorkelson believes it is important that companies know exactly what they're getting when vetting a potential data loss prevention solution. He wrote that every organization must have information security at the heart of its policies and the line needs to be drawn between performance capabilities and marketing hype among data security tools.
"While all security technologies may share the same objective of protecting an organization's critical data, different tools arrive at that objective from different angles, often using completely different technologies," he wrote on the website. "Those different technologies require unique labels in order to distinguish one technology from another. (Imagine a world where all security technologies were referred to as 'data loss prevention.')"
He believes some people disregard this point and say any security tool can be considered data loss prevention. While hes aid the term "data loss prevention" can mean different things to different people, he doesn't believe this should be the case, as the reality is very few security programs and tools work at the data level. Thorkelson wrote that the loss prevention technology delivers something that data protection tools don't in that they monitor the actual trafficking of data and prevent its leakage.
A significant problem lies in the fact that people accept data loss prevention as a comprehensive security solution instead of supporting its weaknesses with complementary tools.
"Regardless of how I feel about these arguments, both are now rendered moot," he wrote. "It's too late to turn back the clock. The marketplace has spoken definitively: DLP is the descriptive term for that category of solutions that prevent the leakage of sensitive data. By accepting and promoting this reality, the marketplace — and specifically those organizations with data protection needs – will better understand how to meet requirements with the right tools for the greatest data protection benefit."
Why this distinction may be important
To Thorkelson's point, Security Info Watch recently spoke with various IT executives and learned that one of the more important things a company can do is align security with business needs. If a business is getting confused about what kind of security or data loss prevention software they are using, the company may not be completely secure.
Greg Jodry, Yahoo’s director of corporate security and safety, built the security at Yahoo up and it now serves more than 14,000 employees across the world. He said security begins at bringing each department together around a core mission and believes that the company needs to know what they are dealing with as far as security threats are concerned.
"You have to know your environment," Jordy said, according to Security Info Watch. "We have a very fluid environment here at Yahoo. The company has gone through some big changes (four CEOs in the last five years) and that has presented its share of challenges. When I first got here management didn’t have a clear security strategy. I was brought in more or less to take care of the physical assets and the guards. But our goal was to invigorate the program."
Jordy said when he first started, he brought in an external group to look at Yahoo's risks and how it may need to adjust security. He said they needed to find out where the data security gaps were so they could build the solution to protect the company as well as possible. This is one reason why it is important to know the distinction between types of security coverage; a company must know where its flaws are and be able to cover them.
Security News from SimplySecurity.com by Trend Micro.