A modern organization typically maintains a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, etc.
Organizations take lot of efforts to install DLP components, especially on important machines where confidential data is getting generated, but they may not be able to protect each computer in the enterprise, due to reasons like large number of different platforms or operating systems (OS), machine outages, quick and dynamic provisioning of virtual machines, no clear and individual accounting for test and lab machines. DLP technologies apply configurable rules to identify objects, such as files, that contain sensitive data and should not be found outside of a particular enterprise or specific set of host computers or storage devices. Even when these technologies are deployed, it is possible for sensitive objects to ‘leak’. Occasionally, leakage is deliberate and malicious, but often it is accidental too. For example, in today's global marketplace environment, a user of a computing system transmits data, knowingly or unknowingly, to a growing number of entities outside a computer network of an organization or enterprise. Previously, the number of entities were very limited, and within a very safe environment. For example, each person in an enterprise would just have a single desktop computer, and a limited number of software applications installed on the computer with predictable behavior. More recently, communications between entities may be complex and difficult for a human to monitor.
A very simple way that data losses can happen in a company is that people may copy data from a DLP protected machine to another which is not protected, and then copy data from the second machine to external storage, which can be easily detached and carried outside the organization. For example, data can be first copied from a Windows machine to Linux/Unix servers which are typically not protected by DLP solutions, and then copied to USB drives and taken out of the organization. The reason why this happens so easily is data loss prevention components protect confidential data from leaving the network boundaries, and protect confidential data from being copied to external storage devices like USB drives. However, they do not prevent data being transferred from one machine to another within an organization, for example. The reason is preventing data flow inside an enterprise may hamper the normal functioning of the enterprise. This provides an easy two-step process to steal confidential data as described above.
Even if the second machine is protected by DLP solution, it can easily happen that the various configurations of the component on the second machine may be out of date. For example, when a new policy was added to the main DLP server, this machine could be disconnected or shutdown, due to which it may not have the latest policies. Another case is confidential data gets generated at all times in a big enterprise. This may be continuously fed into DLP engine, which may continually training itself (e.g., using data mining techniques like data classification), or continually generating fingerprints for new confidential documents. Thus, it can happen that the second machine lags in terms of having latest data specifications that define confidential data. These kinds of situations allow confidential data being copied from first machine to second machine, and then getting stolen from the second machine.
There could be DLP rules/policies stating that the information should go to the computers within the enterprise, but not outside it. Some examples are mail from management to employees, design documents of products, source code, etc. So, this information is not highly sensitive like a person's credit card number, and thus may not need to be quarantined, but is still confidential from perspective of the company. In such cases, the company may want to allow such information flow between computers within the enterprise, but make sure that such information does not leave the enterprise, for example, either over the Internet or over detachable USB devices.
The conventional solutions are related to making a machine security as strong as possible to prevent immediate data losses from the machine or to external networks. But, they do not address the problem of a two-step data loss where data is first transferred to another machine, and the second machine is not equipped to prevent a confidential data loss. The second machine may not necessarily be a malicious machine, and may in fact hold a lot of confidential data, which it may be able to protect. Hence, reputation or trust based solutions do not work here.
There is no workaround other than making sure that each and every machine in the organization is completely well protected by the DLP solution, which may not always be practical as described above. Thus, existing security techniques fail to provide efficient solutions that can protect organizations in the situations described above.