Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
C. Warren Axelrod

Data Loss (or Leak) Prevention (DLP) – Damming the Estuary

I had previously talked about avoidance as the best remedy. I went so far as to say at an InfoWorld conference that “data protection is a contradiction in terms” and was consequently the object of several harsh rants. However, they didn’t get my point at all, which was that once data have been distributed, copied and stored in many locations, it is too late to protect all the data. Therefore I reiterated a basic tenet of security, namely, making available only data that are needed. That way the problem is not actually resolved, but the magnitude of the problem will be substantially diminished.

My next thought was that reducing the quantity of data should be accomplished “upstream.” And then I had a “eureka moment”! When you construct a dam, isn’t it always built upstream – nearer the source of the river than the mouth or estuary? Why might this be? It is obviously because the river valley is narrower upstream, so that the dam can be shorter, lower and cheaper, yet still accomplish what has to be done, which is usually generating electricity and/or regulating the availability of water for irrigation purposes. If you tried to build a dam at the mouth of a river it would have to be huge and completely cost prohibitive and it wouldn’t be useful.

So it is with DLP. Today we are typically trying to prevent even the smallest leak from this huge unmanageable sea of data. Quite frankly, it’s impossible. The only hope we have is to stop it as near to the source as is feasible.

One Comment

  1. Rob Lewis Jan 20, 2009 at 8:39 am | Permalink

    A very insightful post. There is a problem with Mr. Amaroso’s thinking though. A patched and updated computer does not make it secure. Perhaps it removes the lowest hanging fruit, but reactive technologies such as we depend on today can’t defend against zero day attacks, so there would still be bot armies.

Post a Comment

Your email is never published nor shared. Required fields are marked *