Wednesday, November 21, 2007

Available vs Too Available, or how to simplify DLP

One thing that is largely missing from discussions of Data Loss/Leak Prevention is the idea that taking some data offline is a simple and effective means of preventing data loss. Information needs to be accessible in our "Information Age", but how accessible is too accessible?


Let's make this more tangible. Suppose you are headed out for a night in "the Big City", are you going to carry all of your financial records, safe deposit box keys and stock certificates with you as you navigate the subway?  Or will you carry just enough cash for the evening, only one or two credit/debit cards (maybe just one "firewall account" card), and tone down the jewelry?  Good choice- you NEED to have access to all of those high-value things, but you don't need immediate access at all times.  In fact, immediate access at all times is a pretty bad idea- that's why you have stuff locked away in the safe deposit box, right?


Maybe you don't need all of your data immediately available, either.  Maybe a virtual file or database server can host some of your data- and only be brought online as needed.  I know it isn't always that simple and that individual databases often house both mundane and confidential data, or house both frequently and infrequently accessed data (there's another issue, eh?), but think about taking data offline to protect it instead of just adding more layers of defense and complexity.


If you want a thorough introduction to DLP check out Rich Mogull's DLP primers at Securosis.  As Hoff pointed out, though, if it takes seven posts and 10,000 words to provide an introduction to something, it may not be ready for prime-time.