DLP is a computer security term describing systems that are designed to detect and prevent undetected, unauthorized transfer of information to organization outsiders. Everyone thinks of keeping the bad stuff out, but we're finding that a major threat is keeping the good stuff in. DLP solutions are designed to prevent malicious and non-malicious attempts to send mission-critical information out of the organization. How would you describe a non-malicious security breach?
Insiders can unknowingly send mission-critical information out of the organization. One figure we have is that less than 1% of security breaches are malicious. People make mistakes. For example, someone sends out the CEO's address on next year's corporate strategy, or someone copies information onto a USB drive or downloads an executive address onto an iPod. Up to 50% of security leakages are due to lack of clear business processes, and 40% of leakages are due to simple employee oversight. Why does DLP matter to telecommunications service providers since they have secure networks?
Google, Web 2.0 and a hypercompetitive landscape are driving companies across the traditional communication industry toward a radical transformation of their core business. In an effort to realize new levels of business agility and cost reduction, telco and media companies are embracing the Internet model and migrating their proprietary operations toward open, commercial off-the-shelf systems that until now were only leveraged within IT datacenters. What kind of data should telcos be concerned about protecting?
They have all kinds of intellectual property: user profiles, network diagrams, source code, M&A plans, e-mail, text messages, presence location, pricing. The industry has started referring to that kind of information as plutonium data. Telcos need to know where all of their confidential data is being stored, which means they need to have discovery processes in place and know how to monitor the data, as well as how to protect it going forward to make sure it maps to compliance regulations. What data security complications do consolidated networks introduce?
Telcos are working toward a holistic and universal understanding of their customers for all services, not just individual ones. They're rolling out unified communications. So they may want one user profile for all services. But as you move that way, a flag goes up for us because that could be a single point of failure. What should service providers be looking for in terms of protection?
You need to harden your consolidated database, whether it's IMS or not, so it's self-defending. You need to have policies in place to protect the data itself. This is a required core competence that most providers don't have in their repertoire. As the Internet model is embraced by telcos, we see IT, security and information-integrity best practices converging with next-generation networks. Are most of the providers you talk to clear that they need something more than data security?
They're at the beginning of the learning curve and having "ah-ha" moments. Most are so burdened with building out features and functionality and moving to an open-standards-based environment that they all know security is necessary, but they don't necessarily understand it down to the network element level and protecting the information within the element. Symantec acquired Vontu this year, which is a leader in the data loss prevention space. What can Vontu's DLP solution do for service providers?
I think of it as the "operationalization" of DLP, which means it can functionally discover and protect confidential data wherever it is stored. It can monitor and prevent unauthorized use of confidential data and define data protection policies down to preventing the ability to send tagged information from a company PC to a personal e-mail address. Where does the responsibility for this kind of protection usually land?
Some companies have a chief security officer, or you'll see both IT and network managers report in to the CIO, so the convergence of security and traditional telecom is beginning. It just can't be as proprietary as it was. Someone involved in driving cost out of the network or being in charge of VoIP infrastructure just might blow right by this security stuff because they know the network is secure, but they don't necessarily realize that they just opened up everything else.