For many people, IT security is about keeping the bad guys out of the data centre by using firewalls to control external access and anti-malware programs to prevent hackers from infecting servers. That is only half the picture however. The threat that has also been growing comes from people already within the security perimeter of the data centre. They have legitimate access to servers, but are misusing that access either unintentionally or deliberately to take data out. The challenge in resolving this kind of insider threat is that it is typically not a malware attack, but a personal ‘manual’ attack.
That in turn means that automated or software threat detection may be ineffective against insider menaces. Even predictive programs based on behavioural analysis are at a disadvantage, because there may be little behaviour to analyse. Unlike outside hackers who may give themselves away through brute force attempts to discover a login, insiders can usually get into their accounts when they want without arousing suspicion. In addition to this, such insiders may act on impulse either by mistake or upon reaching some personal tipping point that software cannot predict.
Data loss prevention is a solution to prevent sensitive or critical information from being sent or taken out of the company IT network. It depends on the identification of different types of data and the applications of rules in each case as what users can or cannot do with the data. Depending on the sophistication of the solution (as a software application, for instance), it can prevent business data, IP, financial or medical information, or credit card details from being leaked out. However, to be effective, any data loss prevention solution requires planning with the particular characteristics of an organisation in mind. Unlike anti-virus software, it takes more than a ‘set it and forget it’ approach.