Data leak prevention is a strategy, not a science says Check Point

Speaking at the Check Point Experience event in London this week, Gonda told his audience of customers and dealers that 90% of data losses in most organisations are non-malicious in nature.

"Our own research, carried out between 2007 and 2009, showed this to be the case and we even had one incident ourselves, when one of our developers was found to be emailing some of his documents to one of our competitors", he said.

The situation looked bad but, on investigation it turned out that the developer was a native Hebrew speaker, and was sending documents to his wife – who was better at English than he was – for proof reading before submitting them to the customer.

The staff email incident, says Gonda, was a genuine mistake on the part of the developer, who did not – as you might expect – lose his position with the company over the affair.

"This was a classic situation of an employee making a mistake. Our research suggest that close to 10% of data leaks are caused by employees going against corporate policies – they might, for example, send a document to their Gmail account to allow them to work from home. An innocent mistake that can result in corporate data being sent outside the organisation", he said.

"You can have the best security infrastructure, but things can still go wrong owing to the human element", he added.

According to Gonda, it's 'leaks' like this that prove there is no such thing as a completely secure system.

And this, he says, is the DLP challenge: to develop a strategy for a company to deal with staff and their systems to prevent data accidents – however they are caused – from happening.

"Before coming up with our own DLP solutions, we looked at the organisation processes that most companies employ when a data leak occurs and realised that it usually involved a lot of administration to analyse the data on the incident", he said.

"And the analysis process can be quite lengthy and involve a number of people. It's for this reason that you don't see that many DLP systems deployed in industries outside of the financial sector, where DLP is a regulatory requirement", he added.

Unfortunately for the IT security industry, he told his audience, there aren't that many real DLP solutions available. Most are really data leak detection systems, which detect a leak after the event has happened.

So what is the solution?

Simple, says Gonda – you involve the employees themselves in DLP strategies by alerting them to a potential problem in real time and inviting them to change their working practices and avoid a repetition.

"Do people cheat the technology? Yes, but our research has shown that, when you alert someone of a potential security threat resulting from their actions – either by a pop-up or an urgent email – they will think twice before going ahead with their action", he said.

And this, he explained, is what good DLP technology is about – it educates people about their actions and can help to modify their behaviour.

The nett result of deploying good DLP technology, he went on to say, is that it helps people understand why the security technology is in place and helps them to modify their behaviour, so making their actions much less of a threat to the security of the company's data.

"Using the right technology allows IT staff to move from data leak detection to data leak prevention. It's all about the technology", he said.

What’s Hot on Infosecurity Magazine?